Unable to remove infection...

Solved
By BillAllen55
Sep 22, 2012
  1. I'm having difficulty removing infections from my OS. I've tried using Super Anti-spyware repeatedly without joy. I'm including requested text showing what I've attempted to resolve this situation. The obvious reason I've contacted you is for the stated problem that I'm unable to remove the infections listed the other reason is that the system (dell laptop) is considerably slower than in past days. Thanks in advance for your assistance.
    ComboFix 12-09-22.02 - Owner 09/22/2012 16:03:08.16.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1121 [GMT -7:00]
    Running from: c:\users\Owner\Downloads\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\CouponDropDown
    c:\program files\CouponDropDown\CouponDropDown-bg.exe
    c:\program files\CouponDropDown\CouponDropDown.dll
    c:\program files\CouponDropDown\CouponDropDown.exe
    c:\program files\CouponDropDown\CouponDropDown.ico
    c:\program files\CouponDropDown\CouponDropDown.ini
    c:\program files\CouponDropDown\CouponDropDownInstaller.log
    c:\program files\CouponDropDown\Uninstall.exe
    c:\users\Owner\AppData\Local\CouponDropDown
    c:\users\Owner\AppData\Local\CouponDropDown\Chrome\CouponDropDown.crx
    .
    Infected copy of c:\windows\system32\samsrv.dll was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_b3f5c348ff36a76f\samsrv.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-22 23:11 . 2012-09-22 23:13 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-09-22 23:11 . 2012-09-22 23:11 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-09-22 23:11 . 2012-09-22 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-18 14:41 . 2012-09-18 14:41 -------- d-----w- c:\users\Default\AppData\Local\Google
    2012-09-15 22:11 . 2012-09-15 22:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Photobucket
    2012-09-15 22:10 . 2012-09-15 22:11 -------- d-----w- c:\program files\Photobucket Desktop
    2012-09-13 19:39 . 2012-09-13 20:04 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-13 19:38 . 2012-09-13 19:38 -------- d-----w- c:\program files\Apple Software Update
    2012-09-13 19:38 . 2012-09-13 19:38 -------- d-----w- c:\program files\Bonjour
    2012-09-13 18:57 . 2012-09-13 18:57 -------- d-----w- c:\users\Owner\AppData\Roaming\URSoft
    2012-09-13 18:57 . 2012-09-13 18:57 -------- d-----w- c:\program files\Your Uninstaller! 7
    2012-09-13 15:19 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-11 21:42 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-11 21:42 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-11 21:42 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-11 21:42 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-11 21:42 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-11 21:42 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-10 21:35 . 2012-09-10 21:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
    2012-09-10 21:35 . 2012-09-10 21:35 -------- d-----w- c:\program files\Auslogics
    2012-09-05 04:26 . 2012-09-06 15:53 -------- d-----w- c:\users\Owner\AppData\Roaming\AOL
    2012-09-05 04:26 . 2012-09-05 04:26 -------- d-----w- c:\programdata\Viewpoint
    2012-09-05 04:26 . 2012-09-05 04:26 -------- d-----w- c:\program files\Viewpoint
    2012-09-05 04:26 . 2012-09-05 02:19 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
    2012-09-05 04:25 . 2012-09-05 04:25 -------- d-----w- c:\programdata\AOL OCP
    2012-09-05 04:25 . 2012-09-06 15:56 -------- d-----w- c:\users\Owner\AppData\Local\AOL
    2012-09-05 04:25 . 2012-09-06 15:57 -------- d-----w- c:\program files\Common Files\AOL
    2012-09-05 04:25 . 2012-09-06 15:55 -------- d-----w- c:\programdata\AOL
    2012-09-05 02:17 . 2012-09-05 02:17 -------- d-----w- c:\programdata\AOL Downloads
    2012-09-05 00:51 . 2012-09-05 00:54 -------- d-----w- C:\532f10a32217cd26ab28240f
    2012-09-05 00:50 . 2012-09-05 00:50 -------- d-----w- c:\program files\Common Files\Microsoft
    2012-09-05 00:50 . 2012-09-05 00:50 -------- d-----w- c:\program files\Windows Kits
    2012-09-05 00:42 . 2012-09-05 00:49 -------- d-----w- c:\programdata\Package Cache
    2012-09-04 16:36 . 2012-09-04 16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-09-03 23:47 . 2012-09-03 23:47 115008 ----a-w- c:\windows\system32\drivers\efavdrv.sys
    2012-09-03 00:38 . 2012-09-03 00:38 -------- d-----w- c:\program files\SumatraPDF
    2012-09-03 00:31 . 2012-09-03 00:31 -------- d-----w- c:\users\Owner\AppData\Local\Secunia PSI
    2012-09-03 00:28 . 2012-09-03 00:28 -------- d-----w- c:\program files\Secunia
    2012-09-02 18:14 . 2012-09-02 18:15 -------- d-----w- c:\program files\GUM2146.tmp
    2012-08-31 18:08 . 2012-09-22 22:51 260576 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2012-08-31 18:08 . 2012-09-22 22:51 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
    2012-08-31 18:08 . 2012-09-22 22:51 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
    2012-08-31 15:37 . 2012-08-31 15:37 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Utility Kit
    2012-08-31 15:36 . 2012-08-31 15:36 -------- d-----w- c:\program files\Common Files\PC Utility Kit
    2012-08-31 15:36 . 2012-09-01 18:51 -------- d-----w- c:\programdata\PC Utility Kit
    2012-08-31 15:36 . 2012-08-31 15:36 -------- d-----w- c:\program files\PC Utility Kit
    2012-08-31 15:28 . 2012-08-31 15:28 -------- d-----w- c:\program files\CPUID
    2012-08-30 23:12 . 2012-08-30 23:12 -------- d-----w- C:\Quarantine
    2012-08-30 21:44 . 2012-08-30 21:47 -------- d-----w- C:\Modules
    2012-08-30 21:06 . 2012-08-30 21:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Avira
    2012-08-30 20:55 . 2012-07-19 01:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-08-30 20:55 . 2012-07-19 01:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-08-30 20:55 . 2012-07-19 01:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2012-08-30 20:55 . 2012-08-30 20:55 -------- d-----w- c:\programdata\Avira
    2012-08-30 20:55 . 2012-08-30 20:55 -------- d-----w- c:\program files\Avira
    2012-08-30 20:10 . 2012-08-30 20:10 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-30 18:00 . 2012-08-30 18:00 1688 ----a-w- c:\users\Owner\08-30-2012.reg
    2012-08-30 17:54 . 2012-08-30 17:55 -------- d-----w- c:\users\Owner\AppData\Roaming\FreeFixer
    2012-08-30 17:54 . 2012-08-30 17:54 -------- d-----w- c:\users\Owner\AppData\Local\FreeFixer
    2012-08-30 17:54 . 2012-08-31 00:51 -------- d-----w- c:\program files\FreeFixer
    2012-08-30 17:47 . 2012-08-30 17:47 -------- d-----w- c:\program files\Uniblue
    2012-08-30 17:45 . 2012-08-30 22:55 -------- d-----w- c:\program files\AVG Secure Search
    2012-08-30 17:36 . 2012-08-30 17:40 -------- d-----w- c:\program files\Perfect Uninstaller
    2012-08-30 16:00 . 2012-08-30 16:00 5602 ----a-w- c:\users\Owner\ESETexe-fix.bat
    2012-08-30 13:23 . 2012-08-30 13:42 -------- d-----w- c:\users\Owner\AppData\Roaming\BACS.exe
    2012-08-30 01:59 . 2012-08-30 01:59 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-30 01:10 . 2012-08-30 22:53 -------- d-----w- c:\programdata\AVG Secure Search
    2012-08-29 20:44 . 2012-08-29 20:44 -------- d-----w- c:\users\Owner\AppData\Local\WeatherBlink
    2012-08-28 22:51 . 2012-08-30 13:42 -------- d-----w- c:\programdata\FLEXnet
    2012-08-28 22:50 . 2012-08-28 22:50 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2012-08-28 16:22 . 2012-09-02 23:21 -------- d-----w- c:\users\Owner\AppData\Local\Spotify
    2012-08-28 16:22 . 2012-09-02 23:21 -------- d-----w- c:\users\Owner\AppData\Roaming\Spotify
    2012-08-27 22:08 . 2012-08-27 22:08 -------- d-----w- c:\program files\Belarc
    2012-08-27 18:06 . 2012-08-27 18:06 -------- d-----w- c:\users\Owner\AppData\Local\PassMark
    2012-08-27 18:06 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2012-08-27 18:06 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2012-08-27 18:06 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2012-08-27 18:05 . 2012-08-27 18:05 -------- d-----w- c:\programdata\PassMark
    2012-08-27 18:05 . 2012-08-27 18:25 -------- d-----w- c:\program files\PerformanceTest
    2012-08-26 21:51 . 2012-08-26 21:51 -------- d-----w- c:\program files\Recuva
    2012-08-26 20:33 . 2012-08-26 20:33 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver
    2012-08-26 20:30 . 2012-08-26 20:30 -------- d-----w- c:\program files\My Company Name
    2012-08-26 20:15 . 2001-09-05 11:18 77824 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
    2012-08-26 20:15 . 2001-09-05 11:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\IScript.dll
    2012-08-26 20:15 . 2001-09-05 11:14 176128 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
    2012-08-26 20:15 . 2001-09-05 11:13 32768 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
    2012-08-26 20:15 . 2000-01-04 13:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
    2012-08-26 20:14 . 2001-09-06 01:24 610436 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
    2012-08-26 18:43 . 2012-08-26 18:43 -------- d-----w- c:\program files\Wise
    2012-08-26 18:01 . 2012-08-26 18:01 -------- d-----w- c:\users\Owner\AppData\Roaming\iolo
    2012-08-26 18:01 . 2012-08-26 18:01 -------- d-----w- c:\program files\iolo
    2012-08-24 21:18 . 2012-08-24 21:21 -------- d-----w- c:\program files\Max Uninstaller
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-21 22:41 . 2012-08-20 00:48 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2012-09-18 21:55 . 2012-03-08 00:17 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-18 21:55 . 2012-03-02 17:33 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-08 00:04 . 2011-06-17 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-04 16:36 . 2011-12-13 17:32 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-04 16:36 . 2011-03-12 14:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-23 22:56 . 2012-08-23 22:51 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
    2012-08-21 20:01 . 2012-07-18 00:06 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
    2012-07-18 21:24 . 2012-07-18 21:24 514560 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-18 17:47 . 2012-08-15 13:42 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-07-16 15:17 . 2011-04-16 22:50 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-07-16 15:17 . 2011-03-12 15:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-07-16 15:17 . 2011-03-12 15:05 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-07-06 19:23 . 2012-08-15 18:11 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-07-04 21:14 . 2012-08-15 13:40 41984 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 21:14 . 2012-08-15 13:40 102912 ----a-w- c:\windows\system32\browser.dll
    2012-06-29 00:16 . 2012-08-15 18:10 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-29 00:09 . 2012-08-15 18:10 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-29 00:08 . 2012-08-15 18:10 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-29 00:04 . 2012-08-15 18:10 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-29 00:00 . 2012-08-15 18:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-27 23:01 . 2012-08-23 22:48 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
    2012-06-27 04:36 . 2012-06-27 04:36 42208 ----a-w- c:\windows\system32\drivers\point32.sys
    2012-06-27 04:36 . 2012-06-27 04:36 22112 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
    2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
    2012-06-25 05:24 . 2012-06-25 05:24 46432 ----a-w- c:\windows\system32\drivers\dc3d.sys
    2012-09-22 22:51 . 2012-08-31 18:08 260576 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-19 348664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
    backup=c:\windows\pss\QuickSet.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
    backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
    backup=c:\windows\pss\CNET TechTracker.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
    backup=c:\windows\pss\Facebook Messenger.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
    backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-08-28 04:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    2012-07-19 01:04 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
    2010-09-15 02:09 1213848 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealRunner]
    2011-10-13 22:24 790624 ----a-w- c:\program files\DealRunner\DealRunner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
    2012-09-06 22:51 15668432 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-10-02 16:34 173592 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-10-02 16:34 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2012-06-27 04:36 1629280 ----a-w- c:\program files\Microsoft Device Center\ipoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType Pro]
    2012-06-27 04:36 1109072 ----a-w- c:\program files\Microsoft Device Center\itype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotoCast]
    2012-07-31 00:29 2009 ----a-w- c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-10-02 16:34 150552 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    2007-09-02 20:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
    2012-09-02 23:05 1193176 ----a-w- c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2012-09-07 23:30 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-03-12 14:42 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
    2012-07-13 01:30 384232 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
    R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
    R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
    R3 Synth3dVsc;Synth3dVsc; [x]
    R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub; [x]
    R3 VGPU;VGPU; [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R4 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
    R4 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [x]
    R4 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [x]
    R4 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [x]
    R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
    R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R4 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF32.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
    S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-08 21:55]
    .
    2012-09-22 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-12 14:24]
    .
    2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
    .
    2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uStart Page = https://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 216.228.160.7 216.228.160.8
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737: NameServer = 8.8.8.8,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647: NameServer = 205.171.3.25,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6: NameServer = 8.8.8.8,216.228.160.7
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc=KW_ss&mntrId=101843ec000000000000001641b573ad&q=
    FF - user.js: extentions.y2layers.installId - deb8e4ac-6d0e-41d7-baf5-bf341cb11960
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=101843ec000000000000001641b573ad&q=
    FF - user.js: extensions.BabylonToolbar.id - 101843ec000000000000001641b573ad
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15598
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:10
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110790&tt=120912_cpc_3712_8
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
    MSConfigStartUp-ApplePhotoStreams - c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    MSConfigStartUp-Guard.Mail.ru - c:\program files\Guard-ICQ\GuardICQ.exe
    MSConfigStartUp-iCloudServices - c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
    MSConfigStartUp-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
    MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    AddRemove-CouponDropDown - c:\program files\CouponDropDown\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
    dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:6a,97,1c,dc,64,07,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1448)
    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    c:\windows\system32\locator.exe
    c:\windows\System32\snmp.exe
    c:\windows\System32\vds.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-22 16:17:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-22 23:17
    .
    Pre-Run: 33,917,415,424 bytes free
    Post-Run: 34,009,346,048 bytes free
    .
    - - End Of File - - EBBA5B745DE0187AC126495C640F3C48
  2. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    More files
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-22 17:00:53
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM080HI rev.AB100-12
    Running: zd6suxuc.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8E86062E ZwCreateSection
    SSDT 8E860638 ZwRequestWaitReplyPort
    SSDT 8E860633 ZwSetContextThread
    SSDT 8E86063D ZwSetSecurityObject
    SSDT 8E860642 ZwSystemDebugControl
    SSDT 8E8605CF ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C5D3C9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C96D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9DEAC 4 Bytes [2E, 06, 86, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C9E208 4 Bytes JMP 86063882
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C9E24C 4 Bytes [33, 06, 86, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C9E2C8 4 Bytes [3D, 06, 86, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C9E31C 4 Bytes [42, 06, 86, 8E]
    .text ...
    PAGE peauth.sys AC8BBBED 110 Bytes CALL 8AB4AB4D

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[3564] ntdll.dll!LdrGetProcedureAddress + 26 773D2239 7 Bytes JMP 613CA440 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3564] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 775093D6 7 Bytes JMP 61606C07 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3564] kernel32.dll!QueryPerformanceCounter + 13 7750C435 7 Bytes JMP 61606C2A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3564] kernel32.dll!LoadAppInitDlls + 355 7750F4F6 7 Bytes JMP 613CE45B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3564] GDI32.dll!GetViewportOrgEx + 26C 759B884B 7 Bytes JMP 61606B88 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\BTHUSB \Device\0000008f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\BTHUSB \Device\00000091 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\ACPI_HAL \Device\0000005f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001641b573ad
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001641b573b5
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001641b87504
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001641b573ad (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001641b573b5 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001641b87504 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
  3. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    And more text
    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.22.07

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: OWNER-PC [administrator]

    9/22/2012 4:32:53 PM
    mbam-log-2012-09-22 (16-32-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 196845
    Time elapsed: 9 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    The last of the text!
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/22/2012 at 04:36 PM

    Application Version : 5.5.1016

    Core Rules Database Version : 9275
    Trace Rules Database Version: 7087

    Scan type : Quick Scan
    Total Scan Time : 00:08:22

    Operating System Information
    Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 232
    Memory threats detected : 0
    Registry items scanned : 27880
    Registry threats detected : 8
    File items scanned : 7323
    File threats detected : 22

    PUP.BabylonToolbar
    HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}#AppID
    HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32
    HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ProgID
    HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\Programmable
    HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\TypeLib
    HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\VersionIndependentProgID

    Adware.Tracking Cookie
    .apmebf.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    track.prd1.netshelter.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .kontera.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .kontera.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .cbs.112.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
  5. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    First of all you've been to this forum before so you should know that running Combofix on your own is not a good idea.

    Secondly you didn't post all required logs.
    Two DDS logs are missing.
  6. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    I went out on a limb assuming you would like for me to post a combofix log. As already stated I've frequented this forum in the past. Regarding your suggestion that because I've been here before and 'should have known' I've never been advised or have I read that using Combofix was a risky exercise. My apologies for doing this and now that I know this program is a risky program I'll leave the software infection repairs to the pros. Thank you for your assistance! The following are the missing requested logs.

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/12/2011 6:36:07 AM
    System Uptime: 9/23/2012 7:10:58 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0FT292
    Processor: Genuine Intel(R) CPU T2600 @ 2.16GHz | Microprocessor | 2167/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 32.343 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&13FD3FCA&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&13FD3FCA&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP459: 9/13/2012 11:58:17 AM - Before uninstalling Apple Application Support
    RP460: 9/13/2012 11:58:36 AM - Removed Apple Application Support
    RP462: 9/13/2012 12:04:40 PM - Before uninstalling Apple Mobile Device Support
    RP463: 9/13/2012 12:04:49 PM - Removed Apple Mobile Device Support
    RP464: 9/13/2012 12:05:52 PM - Removed Apple Mobile Device Support
    RP465: 9/13/2012 12:07:03 PM - Removed Apple Software Update
    RP466: 9/13/2012 12:07:52 PM - Removed Bonjour
    RP467: 9/13/2012 12:08:46 PM - Removed iCloud
    RP468: 9/13/2012 12:10:19 PM - Removed iTunes
    RP469: 9/13/2012 12:17:59 PM - Installed iTunes
    RP470: 9/13/2012 12:23:49 PM - Removed iTunes
    RP471: 9/13/2012 12:25:41 PM - Removed QuickTime
    RP472: 9/13/2012 12:27:01 PM - Removed Apple Software Update
    RP473: 9/13/2012 12:27:36 PM - Removed Apple Mobile Device Support
    RP474: 9/13/2012 12:28:16 PM - Removed Bonjour
    RP475: 9/13/2012 12:29:05 PM - Removed Apple Application Support
    RP476: 9/13/2012 12:38:59 PM - Installed iTunes
    RP477: 9/13/2012 1:01:30 PM - Removed iTunes
    RP478: 9/15/2012 3:10:06 PM - Installed Photobucket Desktop
    RP480: 9/21/2012 3:41:43 PM - SlimDrivers Installing Drivers
    RP481: 9/22/2012 4:19:19 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Adobe SVG Viewer 3.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Auslogics Disk Defrag
    Avira Free Antivirus
    BabylonObjectInstaller
    Basic Mathematics (Fall 2011 Student)
    Bonjour
    Broadcom Gigabit Integrated Controller
    Broadcom Management Programs
    Broadcom TPM Driver Installer
    Canon MP Navigator EX 4.1
    Canon MX360 series MP Drivers
    Canon MX360 series User Registration
    Canon Solution Menu EX
    Canon Speed Dial Utility
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    CPUID HWMonitor 1.20
    DealRunner 1.27
    Defraggler
    Digital Line Detect
    Dropbox
    EVEREST Home Edition v2.20
    FileHippo.com Update Checker
    Google Apps
    Google Chrome
    Google Drive
    Google Update Helper
    Google Updater
    Hawkes Learning Systems Font Installer
    Hawkes Update Service Manager
    HiJackThis
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    Introductory Algebra (Fall 2011 Student)
    IObit Toolbar v6.1
    Java 7 Update 7
    Java Auto Updater
    Jing
    Kits Configuration Installer
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Click-to-Run 2010
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Business 2010 - English
    Microsoft Office Home and Student 2010 - English
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MotoCast
    MotoHelper MergeModules
    Motorola Device Manager
    Motorola Device Software Update
    MOTOROLA MEDIA LINK
    Motorola Mobile Drivers Installation 5.9.0
    Mozilla Firefox 16.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MyITLab ActiveX Installer 2, 9, 8, 65535
    Office 2010 Trial Extender
    OZ776 SCR Driver V1.1.4.202
    Photobucket Desktop
    Picasa 3
    QuickSet
    Recuva
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    SigmaTel Audio
    SlimDrivers
    Smart Defrag 2
    Spotify
    SumatraPDF
    SUPERAntiSpyware
    swMSM
    System Requirements Lab for Intel
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Viewpoint Media Player
    Vista Profile Pack
    Windows Driver Kit
    Windows Driver Package - Intel (NETwLv32) net (08/15/2010 13.3.0.137)
    Windows Driver Package - Intel (NETwNs32) net (07/14/2010 13.3.0.24)
    Windows iLivid Toolbar
    Windows Media Center Add-in for Flash
    Windows Media Player Firefox Plugin
    WinPatrol
    Your Uninstaller! 7
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/23/2012 7:11:36 AM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
    9/23/2012 7:11:23 AM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
    9/23/2012 7:11:23 AM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
    9/23/2012 7:11:23 AM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    9/23/2012 7:11:20 AM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
    9/22/2012 4:08:09 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    9/22/2012 4:02:25 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    .
    ==== End Of File ===========================
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Owner at 7:16:59 on 2012-09-23
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1020 [GMT -7:00]
    .
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\System32\svchost.exe -k PeerDist
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Windows\system32\locator.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\System32\snmp.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\System32\vds.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
    C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchProtocolHost.exe
    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uStart Page = https://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    TCP: DhcpNameServer = 216.228.160.7 216.228.160.8
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9} : DhcpNameServer = 216.228.160.7 216.228.160.8
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : NameServer = 8.8.8.8,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : DhcpNameServer = 172.16.44.186 172.16.44.185
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : NameServer = 205.171.3.25,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : NameServer = 8.8.8.8,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : DhcpNameServer = 216.228.160.7 216.228.160.8 216.228.160.5
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r18ei3ko.default-1343151942524\
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc=KW_ss&mntrId=101843ec000000000000001641b573ad&q=
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - deb8e4ac-6d0e-41d7-baf5-bf341cb11960
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=101843ec000000000000001641b573ad&q=
    FF - user.js: extensions.BabylonToolbar.id - 101843ec000000000000001641b573ad
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15598
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:10:13
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110790&tt=120912_cpc_3712_8
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2012-8-9 102728]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-14 15672]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-30 36000]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-8-30 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-8-30 110032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-8-30 83392]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-2-7 822624]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
    R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2011-12-17 13824]
    R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2012-8-19 6637056]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfswin7.sys [2011-10-1 581480]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaywin7.sys [2011-10-1 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirwin7.sys [2011-10-1 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolwin7.sys [2011-10-1 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-8-8 374648]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [2012-9-3 115008]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-6-11 20864]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-6-8 23808]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-11-8 11008]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-11-5 4640000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-30 15872]
    S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-8-23 24416]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-19 13024]
    S3 Te.Service;Te.Service;c:\program files\windows kits\8.0\testing\runtimes\taef\Wex.Services.exe [2012-7-25 94208]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-30 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-13 1343400]
    S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
    S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
    S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-7 250288]
    S4 atashost;WebEx Service Host for Support Center;"c:\windows\system32\atashost.exe" --> c:\windows\system32\atashost.exe [?]
    S4 BthFilterHelper;Bluetooth Feature Support;c:\program files\csr\vista profile pack\BthFilterHelper.exe [2006-11-7 127488]
    S4 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-6-5 87400]
    S4 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe [2011-8-30 8192]
    S4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-7-17 116632]
    S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-18 114656]
    S4 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-6-15 65657]
    .
    =============== Created Last 30 ================
    .
    2012-09-22 23:32:38 -------- d-----w- c:\users\owner\virus
    2012-09-22 23:30:17 100864 ----a-w- C:\kgloapow.sys
    2012-09-22 23:13:34 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-09-22 23:11:43 -------- d-----w- c:\users\owner\appdata\local\temp
    2012-09-22 23:01:07 98816 ----a-w- c:\windows\sed.exe
    2012-09-22 23:01:07 518144 ----a-w- c:\windows\SWREG.exe
    2012-09-22 23:01:07 256000 ----a-w- c:\windows\PEV.exe
    2012-09-22 23:01:07 208896 ----a-w- c:\windows\MBR.exe
    2012-09-15 22:11:05 -------- d-----w- c:\users\owner\appdata\roaming\Photobucket
    2012-09-15 22:10:35 -------- d-----w- c:\program files\Photobucket Desktop
    2012-09-13 19:39:36 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-13 19:38:33 -------- d-----w- c:\program files\Bonjour
    2012-09-13 18:57:32 -------- d-----w- c:\users\owner\appdata\roaming\URSoft
    2012-09-13 18:57:26 -------- d-----w- c:\program files\Your Uninstaller! 7
    2012-09-13 15:19:21 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-11 21:42:20 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-11 21:42:20 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-11 21:42:20 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-11 21:42:19 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-11 21:42:19 490496 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-11 21:42:19 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-10 21:35:59 -------- d-----w- c:\users\owner\appdata\roaming\Auslogics
    2012-09-10 21:35:54 -------- d-----w- c:\program files\Auslogics
    2012-09-05 04:26:48 -------- d-----w- c:\users\owner\appdata\roaming\AOL
    2012-09-05 04:26:35 -------- d-----w- c:\programdata\Viewpoint
    2012-09-05 04:26:34 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
    2012-09-05 04:26:34 -------- d-----w- c:\program files\Viewpoint
    2012-09-05 04:25:47 -------- d-----w- c:\users\owner\appdata\local\AOL
    2012-09-05 04:25:31 -------- d-----w- c:\program files\common files\AOL
    2012-09-05 00:51:27 -------- d-----w- C:\532f10a32217cd26ab28240f
    2012-09-05 00:50:43 -------- d-----w- c:\program files\common files\Microsoft
    2012-09-05 00:50:08 -------- d-----w- c:\program files\Windows Kits
    2012-09-05 00:42:25 -------- d-----w- c:\programdata\Package Cache
    2012-09-04 16:36:24 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-09-03 23:47:18 115008 ----a-w- c:\windows\system32\drivers\efavdrv.sys
    2012-09-03 00:38:16 -------- d-----w- c:\program files\SumatraPDF
    2012-09-03 00:31:42 -------- d-----w- c:\users\owner\appdata\local\Secunia PSI
    2012-09-03 00:28:04 -------- d-----w- c:\program files\Secunia
    2012-09-02 18:14:46 -------- d-----w- c:\program files\GUM2146.tmp
    2012-08-31 18:08:59 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
    2012-08-31 18:08:59 260576 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2012-08-31 18:08:59 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
    2012-08-31 15:37:09 -------- d-----w- c:\users\owner\appdata\roaming\PC Utility Kit
    2012-08-31 15:36:55 -------- d-----w- c:\program files\common files\PC Utility Kit
    2012-08-31 15:36:54 -------- d-----w- c:\programdata\PC Utility Kit
    2012-08-31 15:36:54 -------- d-----w- c:\program files\PC Utility Kit
    2012-08-31 15:28:34 -------- d-----w- c:\program files\CPUID
    2012-08-30 23:12:35 -------- d-----w- C:\Quarantine
    2012-08-30 21:44:08 -------- d-----w- C:\Modules
    2012-08-30 21:06:50 -------- d-----w- c:\users\owner\appdata\roaming\Avira
    2012-08-30 20:55:39 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-08-30 20:55:39 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-08-30 20:55:38 -------- d-----w- c:\programdata\Avira
    2012-08-30 20:55:38 -------- d-----w- c:\program files\Avira
    2012-08-30 20:10:53 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-08-30 18:00:08 1688 ----a-w- c:\users\owner\08-30-2012.reg
    2012-08-30 17:54:45 -------- d-----w- c:\users\owner\appdata\roaming\FreeFixer
    2012-08-30 17:54:45 -------- d-----w- c:\users\owner\appdata\local\FreeFixer
    2012-08-30 17:54:40 -------- d-----w- c:\program files\FreeFixer
    2012-08-30 17:47:40 -------- d-----w- c:\program files\Uniblue
    2012-08-30 17:45:27 -------- d-----w- c:\program files\AVG Secure Search
    2012-08-30 17:36:45 -------- d-----w- c:\program files\Perfect Uninstaller
    2012-08-30 16:00:09 5602 ----a-w- c:\users\owner\ESETexe-fix.bat
    2012-08-30 13:23:37 -------- d-----w- c:\users\owner\appdata\roaming\BACS.exe
    2012-08-30 01:59:18 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-30 01:10:20 -------- d-----w- c:\programdata\AVG Secure Search
    2012-08-29 20:44:35 -------- d-----w- c:\users\owner\appdata\local\WeatherBlink
    2012-08-28 22:50:06 -------- d-----w- c:\program files\common files\Macrovision Shared
    2012-08-28 16:22:49 -------- d-----w- c:\users\owner\appdata\local\Spotify
    2012-08-28 16:22:34 -------- d-----w- c:\users\owner\appdata\roaming\Spotify
    2012-08-27 22:08:08 -------- d-----w- c:\program files\Belarc
    2012-08-27 18:06:34 -------- d-----w- c:\users\owner\appdata\local\PassMark
    2012-08-27 18:06:17 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2012-08-27 18:06:17 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2012-08-27 18:06:15 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2012-08-27 18:05:53 -------- d-----w- c:\programdata\PassMark
    2012-08-27 18:05:41 -------- d-----w- c:\program files\PerformanceTest
    2012-08-26 20:33:32 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver
    2012-08-26 20:30:23 -------- d-----w- c:\program files\My Company Name
    2012-08-26 20:15:03 77824 ------w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2012-08-26 20:15:03 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2012-08-26 20:15:03 225280 ------w- c:\program files\common files\installshield\iscript\IScript.dll
    2012-08-26 20:15:03 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2012-08-26 20:15:02 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
    2012-08-26 20:14:58 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
    2012-08-26 18:43:21 -------- d-----w- c:\program files\Wise
    2012-08-26 18:01:55 -------- d-----w- c:\users\owner\appdata\roaming\iolo
    2012-08-26 18:01:47 -------- d-----w- c:\program files\iolo
    2012-08-24 21:18:44 -------- d-----w- c:\program files\Max Uninstaller
    .
    ==================== Find3M ====================
    .
    2012-09-21 22:41:07 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2012-09-18 21:55:43 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-18 21:55:43 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-04 16:36:13 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-04 16:36:13 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-23 22:56:08 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
    2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-08-15 16:52:50 4472832 ----a-w- c:\windows\system32\GPhotos.scr
    2012-07-18 21:24:02 514560 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-07-06 19:23:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
    2012-06-27 23:01:44 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
    2012-06-27 04:36:58 42208 ----a-w- c:\windows\system32\drivers\point32.sys
    2012-06-27 04:36:58 22112 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
    2012-06-25 23:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601 Disk: SAMSUNG_HM080HI rev.AB100-12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: >>UNKNOWN [0x82C53000]<< >>UNKNOWN [0x891C0000]<< >>UNKNOWN [0x891AF000]<< >>UNKNOWN [0x88AB6000]<< >>UNKNOWN [0x82C1C000]<< >>UNKNOWN [0x88D1D000]<< >>UNKNOWN [0x88BC3000]<< >>UNKNOWN [0x88BCA000]<< >>UNKNOWN [0x88D14000]<<
    _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
    1 ntkrnlpa!IofCallDriver[0x82C8A55A] -> \Device\Harddisk0\DR0[0x85C52880]
    \Driver\Disk[0x85C51CB8] -> IRP_MJ_CREATE -> 0x891C439F
    3 [0x891C459E] -> ntkrnlpa!IofCallDriver[0x82C8A55A] -> [0x85773918]
    \Driver\ACPI[0x84E45468] -> IRP_MJ_CREATE -> 0x88ABF4CC
    5 [0x88ABF3D4] -> ntkrnlpa!IofCallDriver[0x82C8A55A] -> \Device\Ide\IdeDeviceP0T0L0-0[0x85785030]
    \Driver\atapi[0x85784A78] -> IRP_MJ_CREATE -> 0x88D378CC
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 7:18:15.94 ===============
  7. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  8. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    12:12:46.0792 3868 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    12:12:47.0242 3868 ============================================================
    12:12:47.0242 3868 Current date / time: 2012/09/23 12:12:47.0242
    12:12:47.0242 3868 SystemInfo:
    12:12:47.0242 3868
    12:12:47.0242 3868 OS Version: 6.1.7601 ServicePack: 1.0
    12:12:47.0242 3868 Product type: Workstation
    12:12:47.0242 3868 ComputerName: OWNER-PC
    12:12:47.0242 3868 UserName: Owner
    12:12:47.0242 3868 Windows directory: C:\Windows
    12:12:47.0242 3868 System windows directory: C:\Windows
    12:12:47.0242 3868 Processor architecture: Intel x86
    12:12:47.0242 3868 Number of processors: 2
    12:12:47.0242 3868 Page size: 0x1000
    12:12:47.0242 3868 Boot type: Normal boot
    12:12:47.0242 3868 ============================================================
    12:12:48.0082 3868 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    12:12:48.0082 3868 ============================================================
    12:12:48.0082 3868 \Device\Harddisk0\DR0:
    12:12:48.0082 3868 MBR partitions:
    12:12:48.0082 3868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    12:12:48.0082 3868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
    12:12:48.0082 3868 ============================================================
    12:12:48.0182 3868 C: <-> \Device\Harddisk0\DR0\Partition2
    12:12:48.0182 3868 ============================================================
    12:12:48.0182 3868 Initialize success
    12:12:48.0182 3868 ============================================================
    12:12:53.0002 3152 ============================================================
    12:12:53.0002 3152 Scan started
    12:12:53.0002 3152 Mode: Manual;
    12:12:53.0002 3152 ============================================================
    12:12:53.0332 3152 ================ Scan system memory ========================
    12:12:53.0332 3152 System memory - ok
    12:12:53.0342 3152 ================ Scan services =============================
    12:12:53.0562 3152 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    12:12:53.0572 3152 !SASCORE - ok
    12:12:54.0452 3152 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    12:12:54.0472 3152 1394ohci - ok
    12:12:54.0612 3152 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    12:12:54.0612 3152 ACPI - ok
    12:12:54.0802 3152 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    12:12:54.0802 3152 AcpiPmi - ok
    12:12:55.0072 3152 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    12:12:55.0072 3152 AdobeARMservice - ok
    12:12:55.0312 3152 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    12:12:55.0312 3152 AdobeFlashPlayerUpdateSvc - ok
    12:12:55.0632 3152 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    12:12:55.0642 3152 adp94xx - ok
    12:12:55.0772 3152 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    12:12:55.0772 3152 adpahci - ok
    12:12:55.0952 3152 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    12:12:55.0952 3152 adpu320 - ok
    12:12:56.0122 3152 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    12:12:56.0122 3152 AeLookupSvc - ok
    12:12:56.0262 3152 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
    12:12:56.0272 3152 AFD - ok
    12:12:56.0352 3152 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
    12:12:56.0352 3152 agp440 - ok
    12:12:56.0382 3152 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
    12:12:56.0382 3152 aic78xx - ok
    12:12:56.0412 3152 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
    12:12:56.0412 3152 ALG - ok
    12:12:56.0472 3152 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
    12:12:56.0472 3152 aliide - ok
    12:12:56.0492 3152 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    12:12:56.0492 3152 amdagp - ok
    12:12:56.0502 3152 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
    12:12:56.0502 3152 amdide - ok
    12:12:56.0582 3152 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    12:12:56.0582 3152 AmdK8 - ok
    12:12:56.0612 3152 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    12:12:56.0612 3152 AmdPPM - ok
    12:12:56.0652 3152 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
    12:12:56.0652 3152 amdsata - ok
    12:12:56.0682 3152 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    12:12:56.0692 3152 amdsbs - ok
    12:12:56.0702 3152 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    12:12:56.0702 3152 amdxata - ok
    12:12:56.0842 3152 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    12:12:56.0852 3152 AntiVirSchedulerService - ok
    12:12:56.0902 3152 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    12:12:56.0912 3152 AntiVirService - ok
    12:12:57.0162 3152 ApfiltrService - ok
    12:12:57.0202 3152 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
    12:12:57.0202 3152 AppID - ok
    12:12:57.0392 3152 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    12:12:57.0392 3152 AppIDSvc - ok
    12:12:57.0632 3152 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
    12:12:57.0632 3152 Appinfo - ok
    12:12:57.0962 3152 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
    12:12:57.0972 3152 AppMgmt - ok
    12:12:58.0022 3152 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
    12:12:58.0032 3152 arc - ok
    12:12:58.0192 3152 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    12:12:58.0202 3152 arcsas - ok
    12:12:58.0502 3152 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    12:12:58.0502 3152 aspnet_state - ok
    12:12:58.0532 3152 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    12:12:58.0532 3152 AsyncMac - ok
    12:12:58.0582 3152 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
    12:12:58.0582 3152 atapi - ok
    12:12:58.0592 3152 atashost - ok
    12:12:58.0662 3152 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    12:12:58.0672 3152 AudioEndpointBuilder - ok
    12:12:58.0752 3152 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    12:12:58.0762 3152 Audiosrv - ok
    12:12:58.0832 3152 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
    12:12:58.0832 3152 avgntflt - ok
    12:12:58.0862 3152 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
    12:12:58.0862 3152 avipbb - ok
    12:12:58.0892 3152 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
    12:12:58.0892 3152 avkmgr - ok
    12:12:58.0922 3152 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    12:12:58.0932 3152 AxInstSV - ok
    12:12:58.0982 3152 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
    12:12:58.0992 3152 b06bdrv - ok
    12:12:59.0042 3152 [ FD49555C8235ABE2C6F22AF62EDB694E ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    12:12:59.0052 3152 b57nd60x - ok
    12:12:59.0102 3152 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\Windows\system32\DRIVERS\b57xp32.sys
    12:12:59.0102 3152 b57w2k - ok
    12:12:59.0142 3152 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
    12:12:59.0142 3152 BDESVC - ok
    12:12:59.0182 3152 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
    12:12:59.0182 3152 Beep - ok
    12:12:59.0232 3152 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
    12:12:59.0242 3152 BFE - ok
    12:12:59.0292 3152 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
    12:12:59.0292 3152 BITS - ok
    12:12:59.0312 3152 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    12:12:59.0322 3152 blbdrive - ok
    12:12:59.0422 3152 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    12:12:59.0432 3152 Bonjour Service - ok
    12:12:59.0472 3152 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    12:12:59.0472 3152 bowser - ok
    12:12:59.0492 3152 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    12:12:59.0492 3152 BrFiltLo - ok
    12:12:59.0522 3152 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    12:12:59.0522 3152 BrFiltUp - ok
    12:12:59.0542 3152 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    12:12:59.0542 3152 BridgeMP - ok
    12:12:59.0572 3152 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
    12:12:59.0572 3152 Browser - ok
    12:12:59.0622 3152 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    12:12:59.0622 3152 Brserid - ok
    12:12:59.0652 3152 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    12:12:59.0652 3152 BrSerWdm - ok
    12:12:59.0662 3152 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    12:12:59.0662 3152 BrUsbMdm - ok
    12:12:59.0692 3152 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    12:12:59.0692 3152 BrUsbSer - ok
    12:12:59.0712 3152 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
    12:12:59.0712 3152 BTCFilterService - ok
    12:12:59.0752 3152 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
    12:12:59.0752 3152 BthEnum - ok
    12:12:59.0782 3152 [ 43C96C1AC278BC22E7799C23405635A0 ] BTHFILT C:\Windows\system32\DRIVERS\BthFilt.sys
    12:12:59.0782 3152 BTHFILT - ok
    12:12:59.0812 3152 [ D8ABBCB42C550FD3A29DEC6DAABD0A87 ] BthFilterHelper C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
    12:12:59.0812 3152 BthFilterHelper - ok
    12:12:59.0842 3152 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    12:12:59.0842 3152 BTHMODEM - ok
    12:12:59.0872 3152 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    12:12:59.0872 3152 BthPan - ok
    12:12:59.0952 3152 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    12:12:59.0962 3152 BTHPORT - ok
    12:13:00.0002 3152 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
    12:13:00.0002 3152 bthserv - ok
    12:13:00.0062 3152 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    12:13:00.0062 3152 BTHUSB - ok
    12:13:00.0202 3152 catchme - ok
    12:13:00.0222 3152 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    12:13:00.0222 3152 cdfs - ok
    12:13:00.0262 3152 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    12:13:00.0262 3152 cdrom - ok
    12:13:00.0292 3152 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
    12:13:00.0292 3152 CertPropSvc - ok
    12:13:00.0332 3152 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    12:13:00.0332 3152 circlass - ok
    12:13:00.0382 3152 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
    12:13:00.0382 3152 CLFS - ok
    12:13:00.0472 3152 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:13:00.0472 3152 clr_optimization_v2.0.50727_32 - ok
    12:13:00.0512 3152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:13:00.0512 3152 clr_optimization_v4.0.30319_32 - ok
    12:13:00.0552 3152 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    12:13:00.0552 3152 CmBatt - ok
    12:13:00.0572 3152 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    12:13:00.0572 3152 cmdide - ok
    12:13:00.0612 3152 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
    12:13:00.0622 3152 CNG - ok
    12:13:00.0642 3152 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    12:13:00.0642 3152 Compbatt - ok
    12:13:00.0682 3152 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    12:13:00.0682 3152 CompositeBus - ok
    12:13:00.0692 3152 COMSysApp - ok
    12:13:00.0762 3152 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
    12:13:00.0762 3152 cpudrv - ok
    12:13:00.0782 3152 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    12:13:00.0782 3152 crcdisk - ok
    12:13:00.0822 3152 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    12:13:00.0822 3152 CryptSvc - ok
    12:13:00.0872 3152 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
    12:13:00.0882 3152 CSC - ok
    12:13:00.0932 3152 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
    12:13:00.0952 3152 CscService - ok
    12:13:00.0982 3152 [ 8E1945984E147562F9F08E1D344A69CC ] CSRBC C:\Windows\system32\Drivers\csrbcxp.sys
    12:13:00.0982 3152 CSRBC - ok
    12:13:01.0082 3152 [ DDAC7684F4BC3F655ED31D8AA494E9AB ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    12:13:01.0082 3152 cvhsvc - ok
    12:13:01.0132 3152 [ 0D11A47BD3380A5BD671DEA5C794F46C ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    12:13:01.0132 3152 dc3d - ok
    12:13:01.0172 3152 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
    12:13:01.0182 3152 DcomLaunch - ok
    12:13:01.0232 3152 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
    12:13:01.0242 3152 defragsvc - ok
    12:13:01.0372 3152 [ 3430EAD65BBE8516572EB7C8B82ED8CD ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
    12:13:01.0452 3152 DeviceMonitorService - ok
    12:13:01.0502 3152 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    12:13:01.0512 3152 DfsC - ok
    12:13:01.0552 3152 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
    12:13:01.0562 3152 Dhcp - ok
    12:13:01.0592 3152 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
    12:13:01.0592 3152 discache - ok
    12:13:01.0642 3152 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
    12:13:01.0642 3152 Disk - ok
    12:13:01.0702 3152 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    12:13:01.0702 3152 Dnscache - ok
    12:13:01.0752 3152 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
    12:13:01.0762 3152 dot3svc - ok
    12:13:01.0802 3152 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
    12:13:01.0802 3152 DPS - ok
    12:13:01.0832 3152 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    12:13:01.0832 3152 drmkaud - ok
    12:13:01.0902 3152 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    12:13:01.0922 3152 DXGKrnl - ok
    12:13:01.0952 3152 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
    12:13:01.0962 3152 EapHost - ok
    12:13:02.0102 3152 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
    12:13:02.0162 3152 ebdrv - ok
    12:13:02.0232 3152 [ 7D300A43A7BD8769E0F901BF9E1AE367 ] efavdrv C:\Windows\system32\drivers\efavdrv.sys
    12:13:02.0232 3152 efavdrv - ok
    12:13:02.0272 3152 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
    12:13:02.0272 3152 EFS - ok
    12:13:02.0312 3152 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    12:13:02.0322 3152 elxstor - ok
    12:13:02.0352 3152 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    12:13:02.0352 3152 ErrDev - ok
    12:13:02.0412 3152 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
    12:13:02.0412 3152 EventSystem - ok
    12:13:02.0502 3152 [ 791464A9E9ADE063327A29F1B3F1A86C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    12:13:02.0512 3152 EvtEng - ok
    12:13:02.0542 3152 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
    12:13:02.0552 3152 exfat - ok
    12:13:02.0572 3152 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    12:13:02.0572 3152 fastfat - ok
    12:13:02.0622 3152 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
    12:13:02.0622 3152 Fax - ok
    12:13:02.0662 3152 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    12:13:02.0662 3152 fdc - ok
    12:13:02.0672 3152 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
    12:13:02.0682 3152 fdPHost - ok
    12:13:02.0692 3152 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
    12:13:02.0692 3152 FDResPub - ok
    12:13:02.0712 3152 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    12:13:02.0712 3152 FileInfo - ok
    12:13:02.0742 3152 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    12:13:02.0742 3152 Filetrace - ok
    12:13:02.0772 3152 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    12:13:02.0772 3152 flpydisk - ok
    12:13:02.0802 3152 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    12:13:02.0802 3152 FltMgr - ok
    12:13:02.0852 3152 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
    12:13:02.0872 3152 FontCache - ok
    12:13:02.0922 3152 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    12:13:02.0922 3152 FontCache3.0.0.0 - ok
    12:13:02.0952 3152 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    12:13:02.0952 3152 FsDepends - ok
    12:13:02.0992 3152 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    12:13:02.0992 3152 Fs_Rec - ok
    12:13:03.0072 3152 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    12:13:03.0092 3152 fvevol - ok
    12:13:03.0142 3152 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    12:13:03.0142 3152 gagp30kx - ok
    12:13:03.0212 3152 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    12:13:03.0212 3152 GEARAspiWDM - ok
    12:13:03.0262 3152 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
    12:13:03.0282 3152 gpsvc - ok
    12:13:03.0332 3152 [ F058C5F64DFF28A2C8D7D1D04171E604 ] guardian2 C:\Windows\system32\Drivers\oz776.sys
    12:13:03.0342 3152 guardian2 - ok
    12:13:03.0452 3152 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    12:13:03.0452 3152 gupdate - ok
    12:13:03.0472 3152 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    12:13:03.0472 3152 gupdatem - ok
    12:13:03.0522 3152 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    12:13:03.0542 3152 gusvc - ok
    12:13:03.0822 3152 [ 4635935FC972C582632BF45C26BFCB0E ] HawkesUpdater C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
    12:13:03.0822 3152 HawkesUpdater - ok
    12:13:03.0902 3152 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    12:13:03.0912 3152 hcw85cir - ok
    12:13:03.0972 3152 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    12:13:03.0972 3152 HdAudAddService - ok
    12:13:04.0022 3152 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    12:13:04.0022 3152 HDAudBus - ok
    12:13:04.0052 3152 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    12:13:04.0062 3152 HidBatt - ok
    12:13:04.0132 3152 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    12:13:04.0142 3152 HidBth - ok
    12:13:04.0172 3152 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    12:13:04.0182 3152 HidIr - ok
    12:13:04.0232 3152 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
    12:13:04.0242 3152 hidserv - ok
    12:13:04.0332 3152 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    12:13:04.0332 3152 HidUsb - ok
    12:13:04.0382 3152 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
    12:13:04.0382 3152 hkmsvc - ok
    12:13:04.0412 3152 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    12:13:04.0412 3152 HomeGroupListener - ok
    12:13:04.0452 3152 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    12:13:04.0452 3152 HomeGroupProvider - ok
    12:13:04.0512 3152 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    12:13:04.0512 3152 HpSAMD - ok
    12:13:04.0592 3152 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
    12:13:04.0712 3152 HSF_DPV - ok
    12:13:04.0752 3152 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    12:13:04.0762 3152 HSXHWAZL - ok
    12:13:04.0812 3152 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    12:13:04.0822 3152 HTTP - ok
    12:13:04.0862 3152 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    12:13:04.0862 3152 hwpolicy - ok
    12:13:04.0882 3152 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    12:13:04.0882 3152 i8042prt - ok
    12:13:04.0932 3152 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    12:13:04.0942 3152 iaStorV - ok
    12:13:05.0022 3152 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    12:13:05.0032 3152 idsvc - ok
    12:13:05.0252 3152 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    12:13:05.0342 3152 igfx - ok
    12:13:05.0382 3152 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    12:13:05.0382 3152 iirsp - ok
    12:13:05.0432 3152 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
    12:13:05.0452 3152 IKEEXT - ok
    12:13:05.0482 3152 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
    12:13:05.0482 3152 intelide - ok
    12:13:05.0512 3152 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    12:13:05.0512 3152 intelppm - ok
    12:13:05.0542 3152 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    12:13:05.0542 3152 IPBusEnum - ok
    12:13:05.0562 3152 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:13:05.0562 3152 IpFilterDriver - ok
    12:13:05.0602 3152 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    12:13:05.0622 3152 iphlpsvc - ok
    12:13:05.0652 3152 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    12:13:05.0662 3152 IPMIDRV - ok
    12:13:05.0672 3152 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    12:13:05.0672 3152 IPNAT - ok
    12:13:05.0702 3152 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
    12:13:05.0702 3152 IRENUM - ok
    12:13:05.0722 3152 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    12:13:05.0722 3152 isapnp - ok
    12:13:05.0752 3152 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    12:13:05.0762 3152 iScsiPrt - ok
    12:13:05.0772 3152 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    12:13:05.0772 3152 kbdclass - ok
    12:13:05.0812 3152 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    12:13:05.0812 3152 kbdhid - ok
    12:13:05.0842 3152 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
    12:13:05.0842 3152 KeyIso - ok
    12:13:05.0882 3152 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    12:13:05.0882 3152 KSecDD - ok
    12:13:05.0922 3152 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    12:13:05.0922 3152 KSecPkg - ok
    12:13:05.0962 3152 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
    12:13:05.0962 3152 KtmRm - ok
    12:13:06.0002 3152 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
    12:13:06.0002 3152 LanmanServer - ok
    12:13:06.0062 3152 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    12:13:06.0072 3152 LanmanWorkstation - ok
    12:13:06.0122 3152 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    12:13:06.0122 3152 lltdio - ok
    12:13:06.0162 3152 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    12:13:06.0162 3152 lltdsvc - ok
    12:13:06.0192 3152 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
    12:13:06.0192 3152 lmhosts - ok
    12:13:06.0212 3152 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    12:13:06.0222 3152 LSI_FC - ok
    12:13:06.0232 3152 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    12:13:06.0232 3152 LSI_SAS - ok
    12:13:06.0262 3152 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    12:13:06.0262 3152 LSI_SAS2 - ok
    12:13:06.0282 3152 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    12:13:06.0282 3152 LSI_SCSI - ok
    12:13:06.0312 3152 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
    12:13:06.0312 3152 luafv - ok
    12:13:06.0342 3152 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
    12:13:06.0342 3152 mdmxsdk - ok
    12:13:06.0362 3152 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    12:13:06.0362 3152 megasas - ok
    12:13:06.0402 3152 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    12:13:06.0402 3152 MegaSR - ok
    12:13:06.0492 3152 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    12:13:06.0492 3152 Microsoft Office Groove Audit Service - ok
    12:13:06.0522 3152 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
    12:13:06.0532 3152 MMCSS - ok
    12:13:06.0532 3152 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
    12:13:06.0532 3152 Modem - ok
    12:13:06.0562 3152 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    12:13:06.0562 3152 monitor - ok
    12:13:06.0592 3152 [ F55572B150DB90CDBD95038ED287EB50 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
    12:13:06.0592 3152 motccgp - ok
    12:13:06.0612 3152 [ 1B3720C4D16904756D49EF306706B978 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
    12:13:06.0612 3152 motccgpfl - ok
    12:13:06.0632 3152 [ B5DF98B8FD04204F4571FE0161288B98 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
    12:13:06.0632 3152 motmodem - ok
    12:13:06.0692 3152 [ A8FD4605AACF006BBA3B2B90AC9565B2 ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    12:13:06.0702 3152 Motorola Device Manager - ok
    12:13:06.0722 3152 [ 140176B235722B6B92B56910ACDF3CC0 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
    12:13:06.0722 3152 MotoSwitchService - ok
    12:13:06.0782 3152 [ 28938D6403C55289B7670798C075EF02 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
    12:13:06.0782 3152 Motousbnet - ok
    12:13:06.0812 3152 [ F780C53D98A0AAD28F5B7403B184AEA1 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
    12:13:06.0822 3152 motusbdevice - ok
    12:13:06.0882 3152 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    12:13:06.0882 3152 mouclass - ok
    12:13:06.0922 3152 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    12:13:06.0922 3152 mouhid - ok
    12:13:06.0952 3152 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    12:13:06.0952 3152 mountmgr - ok
    12:13:07.0002 3152 [ C41D993BF561B810E1567E9E88CF5904 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    12:13:07.0002 3152 MozillaMaintenance - ok
    12:13:07.0042 3152 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
    12:13:07.0042 3152 mpio - ok
    12:13:07.0062 3152 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    12:13:07.0062 3152 mpsdrv - ok
    12:13:07.0112 3152 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
    12:13:07.0122 3152 MpsSvc - ok
    12:13:07.0172 3152 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    12:13:07.0172 3152 MRxDAV - ok
    12:13:07.0202 3152 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:13:07.0212 3152 mrxsmb - ok
    12:13:07.0242 3152 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:13:07.0252 3152 mrxsmb10 - ok
    12:13:07.0282 3152 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:13:07.0282 3152 mrxsmb20 - ok
    12:13:07.0302 3152 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
    12:13:07.0312 3152 msahci - ok
    12:13:07.0322 3152 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    12:13:07.0332 3152 msdsm - ok
    12:13:07.0362 3152 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
    12:13:07.0362 3152 MSDTC - ok
    12:13:07.0412 3152 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
    12:13:07.0412 3152 Msfs - ok
    12:13:07.0422 3152 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    12:13:07.0422 3152 mshidkmdf - ok
    12:13:07.0462 3152 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    12:13:07.0462 3152 msisadrv - ok
    12:13:07.0512 3152 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    12:13:07.0512 3152 MSiSCSI - ok
    12:13:07.0522 3152 msiserver - ok
    12:13:07.0552 3152 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    12:13:07.0552 3152 MSKSSRV - ok
    12:13:07.0572 3152 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    12:13:07.0572 3152 MSPCLOCK - ok
    12:13:07.0572 3152 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    12:13:07.0582 3152 MSPQM - ok
    12:13:07.0632 3152 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    12:13:07.0642 3152 MsRPC - ok
    12:13:07.0692 3152 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    12:13:07.0692 3152 mssmbios - ok
    12:13:07.0722 3152 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    12:13:07.0722 3152 MSTEE - ok
    12:13:07.0752 3152 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    12:13:07.0752 3152 MTConfig - ok
    12:13:07.0752 3152 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
    12:13:07.0762 3152 Mup - ok
    12:13:07.0812 3152 [ 363B85773D001E35DC977058956A1486 ] MxEFUF C:\Windows\system32\DRIVERS\MxEFUF32.sys
    12:13:07.0812 3152 MxEFUF - ok
    12:13:07.0872 3152 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
    12:13:07.0872 3152 napagent - ok
    12:13:07.0942 3152 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    12:13:07.0952 3152 NativeWifiP - ok
    12:13:08.0012 3152 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
    12:13:08.0022 3152 NDIS - ok
    12:13:08.0272 3152 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS
  9. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    Last part of TDDS killer report:
    \ndiscap.sys
    12:13:08.0282 3152 NdisCap - ok
    12:13:08.0312 3152 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    12:13:08.0312 3152 NdisTapi - ok
    12:13:08.0352 3152 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    12:13:08.0352 3152 Ndisuio - ok
    12:13:08.0402 3152 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    12:13:08.0402 3152 NdisWan - ok
    12:13:08.0442 3152 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    12:13:08.0442 3152 NDProxy - ok
    12:13:08.0502 3152 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    12:13:08.0502 3152 NetBIOS - ok
    12:13:08.0532 3152 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    12:13:08.0532 3152 NetBT - ok
    12:13:08.0582 3152 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
    12:13:08.0582 3152 Netlogon - ok
    12:13:08.0632 3152 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
    12:13:08.0632 3152 Netman - ok
    12:13:08.0742 3152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    12:13:08.0762 3152 NetMsmqActivator - ok
    12:13:08.0792 3152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    12:13:08.0792 3152 NetPipeActivator - ok
    12:13:08.0802 3152 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
    12:13:08.0812 3152 netprofm - ok
    12:13:08.0832 3152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    12:13:08.0832 3152 NetTcpActivator - ok
    12:13:08.0862 3152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    12:13:08.0872 3152 NetTcpPortSharing - ok
    12:13:09.0192 3152 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
    12:13:09.0342 3152 netw5v32 - ok
    12:13:09.0962 3152 [ 3EC8DCCA3C67D3549AF4688DD9D303D1 ] NETwLv32 C:\Windows\system32\DRIVERS\NETwLv32.sys
    12:13:10.0132 3152 NETwLv32 - ok
    12:13:10.0192 3152 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    12:13:10.0202 3152 nfrd960 - ok
    12:13:10.0302 3152 [ C0E6189B2EF4A5FDA8D7A9F919212BFD ] nicconfigsvc C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    12:13:10.0302 3152 nicconfigsvc - ok
    12:13:10.0392 3152 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
    12:13:10.0402 3152 NlaSvc - ok
    12:13:10.0412 3152 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    12:13:10.0412 3152 Npfs - ok
    12:13:10.0452 3152 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
    12:13:10.0452 3152 nsi - ok
    12:13:10.0482 3152 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    12:13:10.0482 3152 nsiproxy - ok
    12:13:10.0622 3152 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    12:13:10.0632 3152 Ntfs - ok
    12:13:10.0662 3152 [ F37F68FD35023004C60515DB9DC13072 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
    12:13:10.0672 3152 NuidFltr - ok
    12:13:10.0692 3152 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
    12:13:10.0692 3152 Null - ok
    12:13:10.0722 3152 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    12:13:10.0722 3152 nvraid - ok
    12:13:10.0812 3152 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    12:13:10.0812 3152 nvstor - ok
    12:13:10.0862 3152 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    12:13:10.0862 3152 nv_agp - ok
    12:13:11.0082 3152 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    12:13:11.0092 3152 odserv - ok
    12:13:11.0122 3152 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    12:13:11.0122 3152 ohci1394 - ok
    12:13:11.0162 3152 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    12:13:11.0172 3152 ose - ok
    12:13:11.0432 3152 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    12:13:11.0472 3152 osppsvc - ok
    12:13:11.0522 3152 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    12:13:11.0532 3152 p2pimsvc - ok
    12:13:11.0552 3152 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
    12:13:11.0552 3152 p2psvc - ok
    12:13:11.0622 3152 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    12:13:11.0622 3152 Parport - ok
    12:13:11.0672 3152 Partizan - ok
    12:13:11.0702 3152 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
    12:13:11.0712 3152 partmgr - ok
    12:13:11.0732 3152 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    12:13:11.0732 3152 Parvdm - ok
    12:13:11.0752 3152 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
    12:13:11.0762 3152 PcaSvc - ok
    12:13:11.0822 3152 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
    12:13:11.0822 3152 pci - ok
    12:13:11.0882 3152 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
    12:13:11.0882 3152 pciide - ok
    12:13:11.0912 3152 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    12:13:11.0912 3152 pcmcia - ok
    12:13:12.0002 3152 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
    12:13:12.0012 3152 pcw - ok
    12:13:12.0072 3152 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    12:13:12.0072 3152 PEAUTH - ok
    12:13:12.0152 3152 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    12:13:12.0172 3152 PeerDistSvc - ok
    12:13:12.0282 3152 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
    12:13:12.0312 3152 pla - ok
    12:13:12.0422 3152 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    12:13:12.0442 3152 PlugPlay - ok
    12:13:12.0482 3152 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    12:13:12.0482 3152 PNRPAutoReg - ok
    12:13:12.0532 3152 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    12:13:12.0532 3152 PNRPsvc - ok
    12:13:12.0622 3152 [ 4B30EE7037EA1529F5FC80DE5DC42A30 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
    12:13:12.0622 3152 Point32 - ok
    12:13:12.0672 3152 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    12:13:12.0682 3152 PolicyAgent - ok
    12:13:12.0762 3152 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
    12:13:12.0782 3152 Power - ok
    12:13:12.0812 3152 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    12:13:12.0812 3152 PptpMiniport - ok
    12:13:12.0832 3152 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    12:13:12.0842 3152 Processor - ok
    12:13:12.0882 3152 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
    12:13:12.0882 3152 ProfSvc - ok
    12:13:12.0902 3152 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
    12:13:12.0912 3152 ProtectedStorage - ok
    12:13:12.0942 3152 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    12:13:12.0942 3152 Psched - ok
    12:13:13.0042 3152 [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
    12:13:13.0052 3152 PST Service - ok
    12:13:13.0382 3152 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    12:13:13.0402 3152 ql2300 - ok
    12:13:13.0462 3152 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    12:13:13.0462 3152 ql40xx - ok
    12:13:13.0502 3152 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
    12:13:13.0502 3152 QWAVE - ok
    12:13:13.0532 3152 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    12:13:13.0532 3152 QWAVEdrv - ok
    12:13:13.0562 3152 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    12:13:13.0562 3152 RasAcd - ok
    12:13:13.0612 3152 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    12:13:13.0612 3152 RasAgileVpn - ok
    12:13:13.0622 3152 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
    12:13:13.0642 3152 RasAuto - ok
    12:13:13.0662 3152 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:13:13.0662 3152 Rasl2tp - ok
    12:13:13.0762 3152 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
    12:13:13.0772 3152 RasMan - ok
    12:13:13.0802 3152 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    12:13:13.0802 3152 RasPppoe - ok
    12:13:13.0822 3152 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    12:13:13.0822 3152 RasSstp - ok
    12:13:13.0892 3152 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    12:13:13.0902 3152 rdbss - ok
    12:13:13.0922 3152 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    12:13:13.0932 3152 rdpbus - ok
    12:13:14.0012 3152 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:13:14.0012 3152 RDPCDD - ok
    12:13:14.0092 3152 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    12:13:14.0092 3152 RDPDR - ok
    12:13:14.0112 3152 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    12:13:14.0112 3152 RDPENCDD - ok
    12:13:14.0162 3152 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    12:13:14.0162 3152 RDPREFMP - ok
    12:13:14.0222 3152 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    12:13:14.0222 3152 RdpVideoMiniport - ok
    12:13:14.0262 3152 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    12:13:14.0262 3152 RDPWD - ok
    12:13:14.0302 3152 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    12:13:14.0312 3152 rdyboost - ok
    12:13:14.0352 3152 [ 37ECEBDD930395A9C399FB18A3C236D3 ] RegGuard C:\Windows\system32\Drivers\regguard.sys
    12:13:14.0362 3152 RegGuard - ok
    12:13:14.0472 3152 [ 636AAFAD77BEABE192D01E7E74F4A45B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    12:13:14.0482 3152 RegSrvc - ok
    12:13:14.0562 3152 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
    12:13:14.0562 3152 RemoteAccess - ok
    12:13:14.0612 3152 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    12:13:14.0612 3152 RemoteRegistry - ok
    12:13:14.0682 3152 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    12:13:14.0712 3152 RFCOMM - ok
    12:13:14.0762 3152 [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
    12:13:14.0772 3152 RMCAST - ok
    12:13:14.0802 3152 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    12:13:14.0802 3152 RpcEptMapper - ok
    12:13:14.0842 3152 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
    12:13:14.0842 3152 RpcLocator - ok
    12:13:14.0882 3152 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
    12:13:14.0892 3152 RpcSs - ok
    12:13:14.0922 3152 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    12:13:14.0922 3152 rspndr - ok
    12:13:14.0952 3152 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    12:13:14.0952 3152 s3cap - ok
    12:13:14.0982 3152 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
    12:13:14.0982 3152 SamSs - ok
    12:13:15.0252 3152 [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x86\Sandra.sys
    12:13:15.0262 3152 SANDRA - ok
    12:13:15.0302 3152 [ 5FDF2605205C73E05316795DCC6663EC ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe
    12:13:15.0302 3152 SandraAgentSrv - ok
    12:13:15.0392 3152 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    12:13:15.0392 3152 SASDIFSV - ok
    12:13:15.0412 3152 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    12:13:15.0432 3152 SASKUTIL - ok
    12:13:15.0472 3152 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    12:13:15.0472 3152 sbp2port - ok
    12:13:15.0542 3152 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    12:13:15.0552 3152 SCardSvr - ok
    12:13:15.0602 3152 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    12:13:15.0602 3152 scfilter - ok
    12:13:15.0662 3152 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
    12:13:15.0682 3152 Schedule - ok
    12:13:15.0722 3152 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
    12:13:15.0722 3152 SCPolicySvc - ok
    12:13:15.0782 3152 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    12:13:15.0802 3152 SDRSVC - ok
    12:13:15.0872 3152 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    12:13:15.0872 3152 secdrv - ok
    12:13:15.0912 3152 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
    12:13:15.0912 3152 seclogon - ok
    12:13:15.0942 3152 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
    12:13:15.0942 3152 SENS - ok
    12:13:15.0982 3152 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
    12:13:15.0982 3152 SensrSvc - ok
    12:13:16.0012 3152 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    12:13:16.0012 3152 Serenum - ok
    12:13:16.0032 3152 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    12:13:16.0032 3152 Serial - ok
    12:13:16.0062 3152 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    12:13:16.0062 3152 sermouse - ok
    12:13:16.0152 3152 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
    12:13:16.0162 3152 SessionEnv - ok
    12:13:16.0232 3152 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    12:13:16.0242 3152 sffdisk - ok
    12:13:16.0332 3152 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    12:13:16.0332 3152 sffp_mmc - ok
    12:13:16.0342 3152 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    12:13:16.0342 3152 sffp_sd - ok
    12:13:16.0362 3152 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    12:13:16.0362 3152 sfloppy - ok
    12:13:16.0442 3152 [ 437B3AFBD82658CC615B7926D392B840 ] Sftfs C:\Windows\system32\DRIVERS\Sftfswin7.sys
    12:13:16.0452 3152 Sftfs - ok
    12:13:16.0562 3152 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    12:13:16.0572 3152 sftlist - ok
    12:13:16.0642 3152 [ F7489556C6E21C62EB2468F28BB68865 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaywin7.sys
    12:13:16.0642 3152 Sftplay - ok
    12:13:16.0662 3152 [ F91874D5C14184AC60B64F0234EA16D1 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirwin7.sys
    12:13:16.0662 3152 Sftredir - ok
    12:13:16.0682 3152 [ DABC26764F836651C232A4F9AA419CBB ] Sftvol C:\Windows\system32\DRIVERS\Sftvolwin7.sys
    12:13:16.0682 3152 Sftvol - ok
    12:13:16.0712 3152 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    12:13:16.0722 3152 sftvsa - ok
    12:13:16.0792 3152 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    12:13:16.0802 3152 SharedAccess - ok
    12:13:16.0912 3152 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    12:13:16.0912 3152 ShellHWDetection - ok
    12:13:16.0942 3152 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
    12:13:16.0942 3152 sisagp - ok
    12:13:17.0002 3152 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    12:13:17.0002 3152 SiSRaid2 - ok
    12:13:17.0022 3152 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    12:13:17.0022 3152 SiSRaid4 - ok
    12:13:17.0082 3152 [ BF302072DC8374CF4E118FD88AA817A2 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
    12:13:17.0082 3152 SmartDefragDriver - ok
    12:13:17.0102 3152 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
    12:13:17.0112 3152 Smb - ok
    12:13:17.0192 3152 [ 8F5171C837E64FF0AC48F0A29DD9E180 ] SNMP C:\Windows\System32\snmp.exe
    12:13:17.0202 3152 SNMP - ok
    12:13:17.0272 3152 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    12:13:17.0272 3152 SNMPTRAP - ok
    12:13:17.0322 3152 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
    12:13:17.0322 3152 spldr - ok
    12:13:17.0402 3152 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
    12:13:17.0402 3152 Spooler - ok
    12:13:17.0562 3152 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
    12:13:17.0592 3152 sppsvc - ok
    12:13:17.0652 3152 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    12:13:17.0652 3152 sppuinotify - ok
    12:13:17.0702 3152 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
    12:13:17.0702 3152 srv - ok
    12:13:17.0732 3152 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    12:13:17.0742 3152 srv2 - ok
    12:13:17.0782 3152 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    12:13:17.0792 3152 SrvHsfHDA - ok
    12:13:17.0842 3152 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    12:13:17.0852 3152 SrvHsfV92 - ok
    12:13:17.0962 3152 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    12:13:17.0972 3152 SrvHsfWinac - ok
    12:13:18.0002 3152 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    12:13:18.0002 3152 srvnet - ok
    12:13:18.0102 3152 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    12:13:18.0102 3152 SSDPSRV - ok
    12:13:18.0152 3152 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
    12:13:18.0152 3152 ssmdrv - ok
    12:13:18.0172 3152 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    12:13:18.0172 3152 SstpSvc - ok
    12:13:18.0202 3152 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
    12:13:18.0212 3152 STacSV - ok
    12:13:18.0262 3152 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    12:13:18.0262 3152 stexstor - ok
    12:13:18.0362 3152 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
    12:13:18.0362 3152 STHDA - ok
    12:13:18.0472 3152 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
    12:13:18.0482 3152 StiSvc - ok
    12:13:18.0552 3152 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    12:13:18.0552 3152 storflt - ok
    12:13:18.0632 3152 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    12:13:18.0642 3152 storvsc - ok
    12:13:18.0692 3152 [ 2AA2D356CB735CD3CCA9F671BD75C9B5 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
    12:13:18.0692 3152 SWDUMon - ok
    12:13:18.0722 3152 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
    12:13:18.0732 3152 swenum - ok
    12:13:18.0792 3152 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
    12:13:18.0802 3152 swprv - ok
    12:13:18.0812 3152 Synth3dVsc - ok
    12:13:19.0022 3152 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
    12:13:19.0042 3152 SysMain - ok
    12:13:19.0112 3152 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
    12:13:19.0122 3152 TabletInputService - ok
    12:13:19.0192 3152 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
    12:13:19.0192 3152 TapiSrv - ok
    12:13:19.0232 3152 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
    12:13:19.0232 3152 TBS - ok
    12:13:19.0352 3152 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    12:13:19.0362 3152 Tcpip - ok
    12:13:19.0402 3152 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    12:13:19.0412 3152 TCPIP6 - ok
    12:13:19.0452 3152 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    12:13:19.0462 3152 tcpipreg - ok
    12:13:19.0492 3152 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    12:13:19.0492 3152 TDPIPE - ok
    12:13:19.0532 3152 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    12:13:19.0542 3152 TDTCP - ok
    12:13:19.0592 3152 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    12:13:19.0592 3152 tdx - ok
    12:13:19.0752 3152 [ 42BA22394C499648C03079742BFA593B ] Te.Service C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
    12:13:19.0752 3152 Te.Service - ok
    12:13:19.0792 3152 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
    12:13:19.0792 3152 TermDD - ok
    12:13:19.0882 3152 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
    12:13:19.0892 3152 TermService - ok
    12:13:19.0942 3152 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
    12:13:19.0942 3152 Themes - ok
    12:13:20.0032 3152 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
    12:13:20.0032 3152 THREADORDER - ok
    12:13:20.0102 3152 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
    12:13:20.0112 3152 TrkWks - ok
    12:13:20.0182 3152 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    12:13:20.0182 3152 TrustedInstaller - ok
    12:13:20.0232 3152 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:13:20.0232 3152 tssecsrv - ok
    12:13:20.0282 3152 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    12:13:20.0282 3152 TsUsbFlt - ok
    12:13:20.0302 3152 tsusbhub - ok
    12:13:20.0342 3152 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    12:13:20.0342 3152 tunnel - ok
    12:13:20.0382 3152 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    12:13:20.0382 3152 uagp35 - ok
    12:13:20.0452 3152 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    12:13:20.0452 3152 udfs - ok
    12:13:20.0502 3152 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    12:13:20.0502 3152 UI0Detect - ok
    12:13:20.0562 3152 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    12:13:20.0562 3152 uliagpkx - ok
    12:13:20.0592 3152 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    12:13:20.0592 3152 umbus - ok
    12:13:20.0632 3152 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    12:13:20.0632 3152 UmPass - ok
    12:13:20.0672 3152 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
    12:13:20.0682 3152 UmRdpService - ok
    12:13:20.0712 3152 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
    12:13:20.0712 3152 upnphost - ok
    12:13:20.0762 3152 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    12:13:20.0762 3152 USBAAPL - ok
    12:13:20.0792 3152 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    12:13:20.0792 3152 usbccgp - ok
    12:13:20.0832 3152 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    12:13:20.0832 3152 usbcir - ok
    12:13:20.0872 3152 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    12:13:20.0872 3152 usbehci - ok
    12:13:20.0912 3152 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    12:13:20.0912 3152 usbhub - ok
    12:13:21.0012 3152 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    12:13:21.0012 3152 usbohci - ok
    12:13:21.0062 3152 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    12:13:21.0062 3152 usbprint - ok
    12:13:21.0112 3152 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    12:13:21.0112 3152 usbscan - ok
    12:13:21.0142 3152 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:13:21.0142 3152 USBSTOR - ok
    12:13:21.0172 3152 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    12:13:21.0172 3152 usbuhci - ok
    12:13:21.0222 3152 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
    12:13:21.0242 3152 UxSms - ok
    12:13:21.0272 3152 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
    12:13:21.0272 3152 VaultSvc - ok
    12:13:21.0342 3152 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    12:13:21.0342 3152 vdrvroot - ok
    12:13:21.0472 3152 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
    12:13:21.0482 3152 vds - ok
    12:13:21.0552 3152 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    12:13:21.0602 3152 vga - ok
    12:13:21.0632 3152 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
    12:13:21.0632 3152 VgaSave - ok
    12:13:21.0642 3152 VGPU - ok
    12:13:21.0682 3152 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    12:13:21.0682 3152 vhdmp - ok
    12:13:21.0712 3152 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    12:13:21.0712 3152 viaagp - ok
    12:13:21.0742 3152 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
    12:13:21.0742 3152 ViaC7 - ok
    12:13:21.0772 3152 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
    12:13:21.0772 3152 viaide - ok
    12:13:21.0852 3152 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
    12:13:21.0852 3152 vmbus - ok
    12:13:21.0902 3152 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    12:13:21.0902 3152 VMBusHID - ok
    12:13:21.0932 3152 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    12:13:21.0932 3152 volmgr - ok
    12:13:22.0042 3152 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    12:13:22.0052 3152 volmgrx - ok
    12:13:22.0092 3152 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    12:13:22.0102 3152 volsnap - ok
    12:13:22.0132 3152 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    12:13:22.0132 3152 vsmraid - ok
    12:13:22.0222 3152 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
    12:13:22.0242 3152 VSS - ok
    12:13:22.0262 3152 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    12:13:22.0272 3152 vwifibus - ok
    12:13:22.0332 3152 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
    12:13:22.0332 3152 W32Time - ok
    12:13:22.0382 3152 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    12:13:22.0382 3152 WacomPen - ok
    12:13:22.0422 3152 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    12:13:22.0432 3152 WANARP - ok
    12:13:22.0452 3152 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    12:13:22.0452 3152 Wanarpv6 - ok
    12:13:22.0482 3152 wanatw - ok
    12:13:22.0602 3152 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    12:13:22.0942 3152 WatAdminSvc - ok
    12:13:23.0172 3152 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
    12:13:23.0182 3152 wbengine - ok
    12:13:23.0222 3152 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    12:13:23.0232 3152 WbioSrvc - ok
    12:13:23.0272 3152 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
    12:13:23.0282 3152 wcncsvc - ok
    12:13:23.0312 3152 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    12:13:23.0322 3152 WcsPlugInService - ok
    12:13:23.0362 3152 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
    12:13:23.0362 3152 Wd - ok
    12:13:23.0402 3152 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    12:13:23.0402 3152 Wdf01000 - ok
    12:13:23.0442 3152 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    12:13:23.0442 3152 WdiServiceHost - ok
    12:13:23.0452 3152 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    12:13:23.0452 3152 WdiSystemHost - ok
    12:13:23.0502 3152 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
    12:13:23.0512 3152 WebClient - ok
    12:13:23.0532 3152 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
    12:13:23.0542 3152 Wecsvc - ok
    12:13:23.0592 3152 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
    12:13:23.0592 3152 wercplsupport - ok
    12:13:23.0622 3152 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
    12:13:23.0632 3152 WerSvc - ok
    12:13:23.0662 3152 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    12:13:23.0662 3152 WfpLwf - ok
    12:13:23.0692 3152 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    12:13:23.0692 3152 WIMMount - ok
    12:13:23.0762 3152 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    12:13:23.0772 3152 winachsf - ok
    12:13:23.0842 3152 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    12:13:23.0862 3152 WinDefend - ok
    12:13:23.0922 3152 WinHttpAutoProxySvc - ok
    12:13:23.0992 3152 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    12:13:24.0002 3152 Winmgmt - ok
    12:13:24.0082 3152 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
    12:13:24.0092 3152 WinRM - ok
    12:13:24.0152 3152 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    12:13:24.0162 3152 WinUsb - ok
    12:13:24.0262 3152 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
    12:13:24.0272 3152 Wlansvc - ok
    12:13:24.0322 3152 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    12:13:24.0332 3152 WmiAcpi - ok
    12:13:24.0382 3152 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    12:13:24.0392 3152 wmiApSrv - ok
    12:13:24.0422 3152 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
    12:13:24.0432 3152 WPCSvc - ok
    12:13:24.0482 3152 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    12:13:24.0482 3152 WPDBusEnum - ok
    12:13:24.0542 3152 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    12:13:24.0542 3152 ws2ifsl - ok
    12:13:24.0582 3152 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
    12:13:24.0582 3152 wscsvc - ok
    12:13:24.0612 3152 WSearch - ok
    12:13:24.0772 3152 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    12:13:24.0812 3152 wuauserv - ok
    12:13:24.0842 3152 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    12:13:24.0842 3152 WudfPf - ok
    12:13:24.0902 3152 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:13:24.0902 3152 WUDFRd - ok
    12:13:24.0922 3152 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    12:13:24.0922 3152 wudfsvc - ok
    12:13:24.0972 3152 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
    12:13:24.0972 3152 WwanSvc - ok
    12:13:25.0072 3152 ================ Scan global ===============================
    12:13:25.0152 3152 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
    12:13:25.0212 3152 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
    12:13:25.0222 3152 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
    12:13:25.0272 3152 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
    12:13:25.0302 3152 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
    12:13:25.0312 3152 [Global] - ok
    12:13:25.0312 3152 ================ Scan MBR ==================================
    12:13:25.0322 3152 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    12:13:25.0612 3152 \Device\Harddisk0\DR0 - ok
    12:13:25.0622 3152 ================ Scan VBR ==================================
    12:13:25.0622 3152 [ 39028AE90B84F3ECFBA4ACEA182E1923 ] \Device\Harddisk0\DR0\Partition1
    12:13:25.0622 3152 \Device\Harddisk0\DR0\Partition1 - ok
    12:13:25.0642 3152 [ 39C21B939549A8E329C1D1F080C65E66 ] \Device\Harddisk0\DR0\Partition2
    12:13:25.0642 3152 \Device\Harddisk0\DR0\Partition2 - ok
    12:13:25.0642 3152 ============================================================
    12:13:25.0642 3152 Scan finished
    12:13:25.0642 3152 ============================================================
    12:13:25.0682 4680 Detected object count: 0
    12:13:25.0682 4680 Actual detected object count: 0
  10. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  11. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    RogueKiller V8.0.5 [09/23/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com


    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Remove -- Date : 09/23/2012 14:21:21

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[84] : NtCreateSection @ 0x82E3504D -> HOOKED (Unknown @ 0x8C6535DE)
    SSDT[299] : NtRequestWaitReplyPort @ 0x82E4FA43 -> HOOKED (Unknown @ 0x8C6535E8)
    SSDT[316] : NtSetContextThread @ 0x82EEF755 -> HOOKED (Unknown @ 0x8C6535E3)
    SSDT[347] : NtSetSecurityObject @ 0x82E1371E -> HOOKED (Unknown @ 0x8C6535ED)
    SSDT[368] : NtSystemDebugControl @ 0x82E976BC -> HOOKED (Unknown @ 0x8C6535F2)
    SSDT[370] : NtTerminateProcess @ 0x82E6CBCD -> HOOKED (Unknown @ 0x8C65357F)
    S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x8C653606)
    S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x8C65360B)

    ¤¤¤ Extern Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HM080HI ATA Device +++++
    --- User ---
    [MBR] 0c73aefa2c61e73e8d63966c70cbbc91
    [BSP] b885cf893c28e2877b56a18dfe1cd75d : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


    aswMBR to follow:
  12. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-23 14:23:09
    -----------------------------
    14:23:09.904 OS Version: Windows 6.1.7601 Service Pack 1
    14:23:09.904 Number of processors: 2 586 0xE08
    14:23:09.904 ComputerName: OWNER-PC UserName: Owner
    14:23:10.714 Initialize success
    14:25:19.673 AVAST engine defs: 12092301
    14:25:38.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:25:38.225 Disk 0 Vendor: SAMSUNG_HM080HI AB100-12 Size: 76319MB BusType: 3
    14:25:38.245 Disk 0 MBR read successfully
    14:25:38.255 Disk 0 MBR scan
    14:25:38.265 Disk 0 Windows 7 default MBR code
    14:25:38.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    14:25:38.285 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
    14:25:38.295 Disk 0 scanning sectors +156299264
    14:25:38.395 Disk 0 scanning C:\Windows\system32\drivers
    14:25:50.645 Service scanning
    14:26:17.605 Modules scanning
    14:26:28.995 Disk 0 trace - called modules:
    14:26:29.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    14:26:29.355 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c51118]
    14:26:29.355 3 CLASSPNP.SYS[891cf59e] -> nt!IofCallDriver -> [0x85786898]
    14:26:29.365 5 ACPI.sys[88aa93d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ea5610]
    14:26:29.940 AVAST engine scan C:\Windows
    14:26:32.620 AVAST engine scan C:\Windows\system32
    14:29:55.705 AVAST engine scan C:\Windows\system32\drivers
    14:30:10.965 AVAST engine scan C:\Users\Owner
    14:38:16.604 AVAST engine scan C:\ProgramData
    14:41:38.542 Scan finished successfully
    14:42:30.052 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    14:42:30.052 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
  13. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    ComboFix 12-09-23.02 - Owner 09/23/2012 15:04:47.17.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1162 [GMT -7:00]
    Running from: c:\users\Owner\Downloads\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-23 22:13 . 2012-09-23 22:15 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-09-23 22:13 . 2012-09-23 22:13 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-09-23 22:13 . 2012-09-23 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-23 17:26 . 2012-09-23 17:26 -------- d-----w- c:\program files\SiSoftware
    2012-09-23 15:13 . 2012-09-23 15:13 -------- d-----w- c:\program files\ESET
    2012-09-22 23:32 . 2012-09-23 00:02 -------- d-----w- c:\users\Owner\virus
    2012-09-22 23:30 . 2012-09-22 23:30 100864 ----a-w- C:\kgloapow.sys
    2012-09-18 14:41 . 2012-09-18 14:41 -------- d-----w- c:\users\Default\AppData\Local\Google
    2012-09-15 22:11 . 2012-09-15 22:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Photobucket
    2012-09-15 22:10 . 2012-09-15 22:11 -------- d-----w- c:\program files\Photobucket Desktop
    2012-09-13 19:39 . 2012-09-13 20:04 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-13 19:38 . 2012-09-13 19:38 -------- d-----w- c:\program files\Apple Software Update
    2012-09-13 19:38 . 2012-09-13 19:38 -------- d-----w- c:\program files\Bonjour
    2012-09-13 18:57 . 2012-09-13 18:57 -------- d-----w- c:\users\Owner\AppData\Roaming\URSoft
    2012-09-13 18:57 . 2012-09-13 18:57 -------- d-----w- c:\program files\Your Uninstaller! 7
    2012-09-13 15:19 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-11 21:42 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-11 21:42 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-11 21:42 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-11 21:42 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-11 21:42 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-11 21:42 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-10 21:35 . 2012-09-10 21:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
    2012-09-10 21:35 . 2012-09-10 21:35 -------- d-----w- c:\program files\Auslogics
    2012-09-05 04:26 . 2012-09-06 15:53 -------- d-----w- c:\users\Owner\AppData\Roaming\AOL
    2012-09-05 04:26 . 2012-09-05 04:26 -------- d-----w- c:\programdata\Viewpoint
    2012-09-05 04:26 . 2012-09-05 04:26 -------- d-----w- c:\program files\Viewpoint
    2012-09-05 04:26 . 2012-09-05 02:19 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
    2012-09-05 04:25 . 2012-09-05 04:25 -------- d-----w- c:\programdata\AOL OCP
    2012-09-05 04:25 . 2012-09-06 15:56 -------- d-----w- c:\users\Owner\AppData\Local\AOL
    2012-09-05 04:25 . 2012-09-06 15:57 -------- d-----w- c:\program files\Common Files\AOL
    2012-09-05 04:25 . 2012-09-06 15:55 -------- d-----w- c:\programdata\AOL
    2012-09-05 02:17 . 2012-09-05 02:17 -------- d-----w- c:\programdata\AOL Downloads
    2012-09-05 00:51 . 2012-09-05 00:54 -------- d-----w- C:\532f10a32217cd26ab28240f
    2012-09-05 00:50 . 2012-09-05 00:50 -------- d-----w- c:\program files\Common Files\Microsoft
    2012-09-05 00:50 . 2012-09-05 00:50 -------- d-----w- c:\program files\Windows Kits
    2012-09-05 00:42 . 2012-09-05 00:49 -------- d-----w- c:\programdata\Package Cache
    2012-09-04 16:36 . 2012-09-04 16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-09-03 23:47 . 2012-09-03 23:47 115008 ----a-w- c:\windows\system32\drivers\efavdrv.sys
    2012-09-03 00:38 . 2012-09-03 00:38 -------- d-----w- c:\program files\SumatraPDF
    2012-09-03 00:31 . 2012-09-03 00:31 -------- d-----w- c:\users\Owner\AppData\Local\Secunia PSI
    2012-09-03 00:28 . 2012-09-03 00:28 -------- d-----w- c:\program files\Secunia
    2012-09-02 18:14 . 2012-09-02 18:15 -------- d-----w- c:\program files\GUM2146.tmp
    2012-08-31 18:08 . 2012-09-22 22:51 260576 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2012-08-31 18:08 . 2012-09-22 22:51 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
    2012-08-31 18:08 . 2012-09-22 22:51 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
    2012-08-31 15:37 . 2012-08-31 15:37 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Utility Kit
    2012-08-31 15:36 . 2012-08-31 15:36 -------- d-----w- c:\program files\Common Files\PC Utility Kit
    2012-08-31 15:36 . 2012-09-01 18:51 -------- d-----w- c:\programdata\PC Utility Kit
    2012-08-31 15:36 . 2012-08-31 15:36 -------- d-----w- c:\program files\PC Utility Kit
    2012-08-31 15:28 . 2012-08-31 15:28 -------- d-----w- c:\program files\CPUID
    2012-08-30 23:12 . 2012-08-30 23:12 -------- d-----w- C:\Quarantine
    2012-08-30 21:44 . 2012-08-30 21:47 -------- d-----w- C:\Modules
    2012-08-30 21:06 . 2012-08-30 21:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Avira
    2012-08-30 20:55 . 2012-07-19 01:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-08-30 20:55 . 2012-07-19 01:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-08-30 20:55 . 2012-07-19 01:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2012-08-30 20:55 . 2012-08-30 20:55 -------- d-----w- c:\programdata\Avira
    2012-08-30 20:55 . 2012-08-30 20:55 -------- d-----w- c:\program files\Avira
    2012-08-30 20:10 . 2012-08-30 20:10 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-30 18:00 . 2012-08-30 18:00 1688 ----a-w- c:\users\Owner\08-30-2012.reg
    2012-08-30 17:54 . 2012-08-30 17:55 -------- d-----w- c:\users\Owner\AppData\Roaming\FreeFixer
    2012-08-30 17:54 . 2012-08-30 17:54 -------- d-----w- c:\users\Owner\AppData\Local\FreeFixer
    2012-08-30 17:54 . 2012-08-31 00:51 -------- d-----w- c:\program files\FreeFixer
    2012-08-30 17:47 . 2012-08-30 17:47 -------- d-----w- c:\program files\Uniblue
    2012-08-30 17:45 . 2012-08-30 22:55 -------- d-----w- c:\program files\AVG Secure Search
    2012-08-30 17:36 . 2012-08-30 17:40 -------- d-----w- c:\program files\Perfect Uninstaller
    2012-08-30 16:00 . 2012-08-30 16:00 5602 ----a-w- c:\users\Owner\ESETexe-fix.bat
    2012-08-30 13:23 . 2012-08-30 13:42 -------- d-----w- c:\users\Owner\AppData\Roaming\BACS.exe
    2012-08-30 01:59 . 2012-09-23 14:41 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-30 01:10 . 2012-08-30 22:53 -------- d-----w- c:\programdata\AVG Secure Search
    2012-08-29 20:44 . 2012-08-29 20:44 -------- d-----w- c:\users\Owner\AppData\Local\WeatherBlink
    2012-08-28 22:51 . 2012-08-30 13:42 -------- d-----w- c:\programdata\FLEXnet
    2012-08-28 22:50 . 2012-08-28 22:50 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2012-08-28 16:22 . 2012-09-02 23:21 -------- d-----w- c:\users\Owner\AppData\Local\Spotify
    2012-08-28 16:22 . 2012-09-02 23:21 -------- d-----w- c:\users\Owner\AppData\Roaming\Spotify
    2012-08-27 22:08 . 2012-08-27 22:08 -------- d-----w- c:\program files\Belarc
    2012-08-27 18:06 . 2012-08-27 18:06 -------- d-----w- c:\users\Owner\AppData\Local\PassMark
    2012-08-27 18:06 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2012-08-27 18:06 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2012-08-27 18:06 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2012-08-27 18:05 . 2012-08-27 18:05 -------- d-----w- c:\programdata\PassMark
    2012-08-27 18:05 . 2012-08-27 18:25 -------- d-----w- c:\program files\PerformanceTest
    2012-08-26 21:51 . 2012-08-26 21:51 -------- d-----w- c:\program files\Recuva
    2012-08-26 20:33 . 2012-08-26 20:33 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver
    2012-08-26 20:30 . 2012-08-26 20:30 -------- d-----w- c:\program files\My Company Name
    2012-08-26 20:15 . 2001-09-05 11:18 77824 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
    2012-08-26 20:15 . 2001-09-05 11:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\IScript.dll
    2012-08-26 20:15 . 2001-09-05 11:14 176128 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
    2012-08-26 20:15 . 2001-09-05 11:13 32768 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
    2012-08-26 20:15 . 2000-01-04 13:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
    2012-08-26 20:14 . 2001-09-06 01:24 610436 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
    2012-08-26 18:43 . 2012-08-26 18:43 -------- d-----w- c:\program files\Wise
    2012-08-26 18:01 . 2012-08-26 18:01 -------- d-----w- c:\users\Owner\AppData\Roaming\iolo
    2012-08-26 18:01 . 2012-08-26 18:01 -------- d-----w- c:\program files\iolo
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-21 22:41 . 2012-08-20 00:48 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2012-09-18 21:55 . 2012-03-08 00:17 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-18 21:55 . 2012-03-02 17:33 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-08 00:04 . 2011-06-17 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-04 16:36 . 2011-12-13 17:32 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-04 16:36 . 2011-03-12 14:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-23 22:56 . 2012-08-23 22:51 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
    2012-08-21 20:01 . 2012-07-18 00:06 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
    2012-07-18 21:24 . 2012-07-18 21:24 514560 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-18 17:47 . 2012-08-15 13:42 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-07-16 15:17 . 2011-04-16 22:50 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-07-16 15:17 . 2011-03-12 15:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-07-16 15:17 . 2011-03-12 15:05 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-07-06 19:23 . 2012-08-15 18:11 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-07-04 21:14 . 2012-08-15 13:40 41984 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 21:14 . 2012-08-15 13:40 102912 ----a-w- c:\windows\system32\browser.dll
    2012-06-27 23:01 . 2012-08-23 22:48 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
    2012-06-27 04:36 . 2012-06-27 04:36 42208 ----a-w- c:\windows\system32\drivers\point32.sys
    2012-06-27 04:36 . 2012-06-27 04:36 22112 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
    2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
    2012-09-22 22:51 . 2012-08-31 18:08 260576 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-19 348664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
    backup=c:\windows\pss\QuickSet.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
    backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
    backup=c:\windows\pss\CNET TechTracker.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
    backup=c:\windows\pss\Facebook Messenger.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
    backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-08-28 04:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    2012-07-19 01:04 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
    2010-09-15 02:09 1213848 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealRunner]
    2011-10-13 22:24 790624 ----a-w- c:\program files\DealRunner\DealRunner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
    2012-09-06 22:51 15668432 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-10-02 16:34 173592 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-10-02 16:34 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2012-06-27 04:36 1629280 ----a-w- c:\program files\Microsoft Device Center\ipoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType Pro]
    2012-06-27 04:36 1109072 ----a-w- c:\program files\Microsoft Device Center\itype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotoCast]
    2012-07-31 00:29 2009 ----a-w- c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-10-02 16:34 150552 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    2007-09-02 20:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
    2012-09-02 23:05 1193176 ----a-w- c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2012-09-07 23:30 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-03-12 14:42 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
    2012-07-13 01:30 384232 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
    R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [x]
    R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
    R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
    R3 Synth3dVsc;Synth3dVsc; [x]
    R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub; [x]
    R3 VGPU;VGPU; [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R4 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
    R4 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [x]
    R4 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [x]
    R4 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [x]
    R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
    R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R4 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF32.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
    S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-08 21:55]
    .
    2012-09-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-12 14:24]
    .
    2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
    .
    2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uStart Page = https://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 216.228.160.7 216.228.160.8
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737: NameServer = 8.8.8.8,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647: NameServer = 205.171.3.25,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6: NameServer = 8.8.8.8,216.228.160.7
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc=KW_ss&mntrId=101843ec000000000000001641b573ad&q=
    FF - user.js: extentions.y2layers.installId - deb8e4ac-6d0e-41d7-baf5-bf341cb11960
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=101843ec000000000000001641b573ad&q=
    FF - user.js: extensions.BabylonToolbar.id - 101843ec000000000000001641b573ad
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15598
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:10
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110790&tt=120912_cpc_3712_8
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-92057520.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
    dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:6a,97,1c,dc,64,07,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3092)
    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    c:\windows\system32\locator.exe
    c:\windows\System32\snmp.exe
    c:\windows\System32\vds.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-23 15:19:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-23 22:19
    ComboFix2.txt 2012-09-22 23:17
    .
    Pre-Run: 35,474,034,688 bytes free
    Post-Run: 35,280,420,864 bytes free
    .
    - - End Of File - - 84698ED56E6F81D329EA6D5B0C3EA92B
  15. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Looks good.

    How is computer doing?

    =======================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

    ==========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  16. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    After completing the last instruction you gave, I again ran my
    Super Anti spyware scan and it STILL is giving the same feedback regarding registry infection and spyware infection. I'm currently running a Search and destroy spybot program to see if it will remove these obstinate characters. I will provide you further logs as soon as I get them. Thank you again for your fine assistance.
  17. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    I'd like to see that Super log.
  18. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    After running the Spy Bot S&D, I again ran the Super-Anti spyware scan. The scan reported no registry infection and no spyware infection.
    Just for chuckles after this I ran a driver scan through a slimdriver downloaded program: website https://www.slimwareutilities.com/slimdrivers.php which downloads drivers to a users system for free, it is reporting that I have 11 drivers that require update. After going to this website I went to the Dell driver update and it confirmed the first websites conclusion. This is of concern to me as I updated my system not more than a week ago. Using this same listed program which at that time reported all drivers as being current. After doing this, I attempted to run the OTL scan which you requested and it stalled out at the area in which it scanned the Firefox settings. I waited it 10 minutes for it to continue with no joy. I'm concerned that in one way or another my system has been compromised and would appreciate your feedback regarding the latest complications. I believe the original concern is now resolved but am wondering how this latest situation may be related.
  19. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Unless you're having some particular problem(s) drivers should be left alone.
    Also keep in mind one of my rules:
    Please continue with my reply #15.
  20. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    After doing this, I attempted to run the OTL scan which you requested and it stalled out at the area in which it scanned the Firefox settings. I waited it 10 minutes for it to continue with no joy.

    That was done without completion
  21. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    See if it'll run from safe mode.
  22. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    It didn't run in safe mode. Same reaction the OTL program locks up (message given stating that OTL is unresponsive.) once it gets to scanning for the Firefox browser.
  23. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  24. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    When attempting to run the TFC program this resulted in the system hanging in which I had to go to the task manager to restart. After the restart the TFC program successfully ran. I've now completed all direction with exception of the ESET online scan which I will do now. The requested text follow:
    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avira Desktop
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    WinPatrol
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.65.0.1400
    CCleaner
    Java 7 Update 7
    Adobe Flash Player 11.4.402.278
    Adobe Reader X (10.1.4)
    Mozilla Firefox (16.0)
    ````````Process Check: objlist.exe by Laurent````````
    WinPatrol winpatrol.exe is disabled!
    Spybot Teatimer.exe is disabled!
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 19-09-2012
    Ran by Owner (administrator) on 24-09-2012 at 10:27:51
    Running from "C:\Users\Owner\Downloads"
    Microsoft Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2012-09-11 14:42] - [2012-08-22 10:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-23 14:23:09
    -----------------------------
    14:23:09.904 OS Version: Windows 6.1.7601 Service Pack 1
    14:23:09.904 Number of processors: 2 586 0xE08
    14:23:09.904 ComputerName: OWNER-PC UserName: Owner
    14:23:10.714 Initialize success
    14:25:19.673 AVAST engine defs: 12092301
    14:25:38.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:25:38.225 Disk 0 Vendor: SAMSUNG_HM080HI AB100-12 Size: 76319MB BusType: 3
    14:25:38.245 Disk 0 MBR read successfully
    14:25:38.255 Disk 0 MBR scan
    14:25:38.265 Disk 0 Windows 7 default MBR code
    14:25:38.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    14:25:38.285 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
    14:25:38.295 Disk 0 scanning sectors +156299264
    14:25:38.395 Disk 0 scanning C:\Windows\system32\drivers
    14:25:50.645 Service scanning
    14:26:17.605 Modules scanning
    14:26:28.995 Disk 0 trace - called modules:
    14:26:29.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    14:26:29.355 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c51118]
    14:26:29.355 3 CLASSPNP.SYS[891cf59e] -> nt!IofCallDriver -> [0x85786898]
    14:26:29.365 5 ACPI.sys[88aa93d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ea5610]
    14:26:29.940 AVAST engine scan C:\Windows
    14:26:32.620 AVAST engine scan C:\Windows\system32
    14:29:55.705 AVAST engine scan C:\Windows\system32\drivers
    14:30:10.965 AVAST engine scan C:\Users\Owner
    14:38:16.604 AVAST engine scan C:\ProgramData
    14:41:38.542 Scan finished successfully
    14:42:30.052 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    14:42:30.052 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


    # AdwCleaner v2.003 - Logfile created 09/24/2012 at 10:32:08
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\ProgramData\AVG Secure Search
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
    File Deleted : C:\user.js
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Giant Savings
    Folder Deleted : C:\Program Files\Ilivid
    Folder Deleted : C:\Program Files\Inbox Toolbar
    Folder Deleted : C:\Program Files\Productivity_3.1
    Folder Deleted : C:\Program Files\Windows iLivid Toolbar
    Folder Deleted : C:\Program Files\Yontoo
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\IBUpdaterService
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
    Folder Deleted : C:\Users\Owner\AppData\Local\CouponAlert_2p
    Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Deleted : C:\Users\Owner\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\CouponAlert_2p
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Productivity_3.1
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Searchqutoolbar
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\FCTB

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\Productivity_3.1
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24819A30-F728-4AC1-A3A9-BC5C31B7CCC2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF0A74D9-F714-48BA-9CD1-2387518B6AD3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
    Key Deleted : HKLM\Software\Productivity_3.1
    Key Deleted : HKLM\Software\Search Settings
    Key Deleted : HKLM\Software\Viewpoint

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v16.0 (en-US)

    Profile name : default-1343151942524 [Profil par défaut]
    File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\prefs.js

    C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\user.js ... Deleted !

    Deleted : user_pref("CT2260173.1000082.isPlayDisplay", "true");
    Deleted : user_pref("CT2260173.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Deleted : user_pref("CT2260173.1000234.TWC_TMP_city", "BEND");
    Deleted : user_pref("CT2260173.1000234.TWC_TMP_country", "US");
    Deleted : user_pref("CT2260173.1000234.TWC_locId", "USOR0031");
    Deleted : user_pref("CT2260173.1000234.TWC_location", "Bend, OR");
    Deleted : user_pref("CT2260173.1000234.TWC_region", "US");
    Deleted : user_pref("CT2260173.1000234.TWC_temp_dis", "f");
    Deleted : user_pref("CT2260173.1000234.TWC_wind_dis", "mph");
    Deleted : user_pref("CT2260173.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"71°F\",\"temperat[...]
    Deleted : user_pref("CT2260173.128958821111237507.APP_WIN_FEATURES", "savelocation=0,saveresizedsize=0,openpos[...]
    Deleted : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT2260173.FirstTime", "true");
    Deleted : user_pref("CT2260173.FirstTimeFF3", "true");
    Deleted : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB1[...]
    Deleted : user_pref("CT2260173.UserID", "UN77938898788714354");
    Deleted : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT2260173.browser.search.defaultthis.engineName", true);
    Deleted : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT2260173.enableAlerts", "always");
    Deleted : user_pref("CT2260173.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT2260173.fixUrls", true);
    Deleted : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2260173.isNewTabEnabled", true);
    Deleted : user_pref("CT2260173.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT2260173.keyword", true);
    Deleted : user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
    Deleted : user_pref("CT2260173.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\",\\\[...]
    Deleted : user_pref("CT2260173.search.searchAppId", "128848965243869715");
    Deleted : user_pref("CT2260173.search.searchCount", "0");
    Deleted : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT2260173.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
    Deleted : user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344899384658");
    Deleted : user_pref("CT2260173.serviceLayer_services_appTracking_lastUpdate", "1344899386009");
    Deleted : user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1344899384667");
    Deleted : user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344899385332");
    Deleted : user_pref("CT2260173.serviceLayer_services_login_10.10.24.2_lastUpdate", "1344960469670");
    Deleted : user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344899385459");
    Deleted : user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1344899383669");
    Deleted : user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1344899383205");
    Deleted : user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344899385412");
    Deleted : user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1344960469260");
    Deleted : user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1344899384013");
    Deleted : user_pref("CT2260173.settingsINI", true);
    Deleted : user_pref("CT2260173.smartbar.CTID", "CT2260173");
    Deleted : user_pref("CT2260173.smartbar.Uninstall", "0");
    Deleted : user_pref("CT2260173.smartbar.isHidden", true);
    Deleted : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
    Deleted : user_pref("CT2260173.toolbarBornServerTime", "14-8-2012");
    Deleted : user_pref("CT2260173.toolbarCurrentServerTime", "14-8-2012");
    Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
    Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.freecause.com/search?fr=freecause&[...]
    Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2260173");
    Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc[...]
    Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
    Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
    Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110790&tt=120912_cpc_3712_8");
    Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "21");
    Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
    Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "0");
    Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
    Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "1AEB7CE851ED30ADE05EB14851FBBCBA");
    Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
    Deleted : user_pref("extensions.BabylonToolbar.id", "101843ec000000000000001641b573ad");
    Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15598");
    Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
    Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1216:10:13");
    Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
    Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
    Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
    Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
    Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
    Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
    Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1216:10:13");
    Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110790&tt=120912_cpc_3712_8");
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&tt=01081[...]
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1216:10:13");
    Deleted : user_pref("extensions.inboxcomtoolbar@inbox.com.install-event-fired", true);
    Deleted : user_pref("extensions.sahtb.alerts.menu", "[{\"text\":\"Click here for Ssi Surveys Coupons[...]
    Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"2[...]
    Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee[...]
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.2806055.KeywordHistory", "survey%2520explosion%[...]
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 17);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", false);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 17);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.RemoveAllData", true);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1345242738573");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search[...]
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeInstallSaved", true);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.homepage", "hxxp%3A//www.cocc.edu[...]
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.search", "Google");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.comp.search.2806055.width", "287");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", true);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", false);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", true);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.runcmd.", "358497052");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.session", "AF63896AE6DF7160BD298A43E9441E43917D[...]
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", false);
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "80244927");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "bd14df63444b601d95470ef2f33fd18003a[...]
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars");
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
    Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", true);
    Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc=KW_ss&[...]
    Deleted : user_pref("tfp.abs.CT2260173", true);

    -\\ Google Chrome v23.0.1271.1

    File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.1153] : homepage = "hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc=HP_ss&mntrId=101843ec000000000000001641b573ad",

    *************************

    AdwCleaner[R1].txt - [23607 octets] - [24/09/2012 10:29:45]
    AdwCleaner[R2].txt - [23668 octets] - [24/09/2012 10:30:51]
    AdwCleaner[R3].txt - [23729 octets] - [24/09/2012 10:31:53]
    AdwCleaner[S1].txt - [24049 octets] - [24/09/2012 10:32:08]

    ########## EOF - C:\AdwCleaner[S1].txt - [24110 octets] ##########
  25. BillAllen55

    BillAllen55 TechSpot Maniac Topic Starter Posts: 421

    ESET ONLINE SCANNER : NO THREATS FOUND
    I think unless I've made an error, this completes your directions in helping me to clear my infected system. From where I'm sitting everything seems to be back to normal. What do you think?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.