Solved Poor Overall Performance Outlook missing PST files

BillAllen55

BillAllen55

Posts: 363   +0
My computer is having performance issues. (slow sluggish) After uninstalling Kaspersky anti-spyware my Outlook PST file is now missing resulting in all of my inbound and contacts/calendar entries are missing. Please see requested files from my malware scan and DDS scan. Please accepts my appreciation in advance for whatever assistance you can provide.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Owner :: OWNER-PC [administrator]

12/1/2013 12:29:10 PM
MBAM-log-2013-12-01 (13-46-26).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349864
Time elapsed: 1 hour(s), 16 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> No action taken.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> No action taken.
HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> No action taken.
HKLM\SOFTWARE\Scorpion Saver (PUP.Optional.ScorpionSaver) -> No action taken.

Registry Values Detected: 1
HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Data: http://search.conduit.com?SearchSource=10&CUI=UN42971736467971392&UM=2&ctid=CT3306061 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\Owner\AppData\Local\temp\ct3306061 (PUP.Optional.Conduit.A) -> No action taken.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> No action taken.
C:\ProgramData\Conduit\IE\CT3306061 (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 31
C:\AdwCleaner\Quarantine\C\Program Files\weDownload Manager Pro\utils.exe.vir (PUP.Optional.WeDownload.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\weDownload Manager Pro\weDownload Manager Pro-bg.exe.vir (PUP.Optional.WeDownload.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\weDownload Manager Pro\weDownload Manager Pro-buttonutil.exe.vir (PUP.Optional.WeDownload.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe.vir (PUP.Optional.WeDownload.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe.vir (PUP.Optional.WeDownload.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\weDownload Manager Pro\weDownload Manager Pro-enabler.exe.vir (PUP.Optional.WeDownload.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe.vir (PUP.Optional.WeDownload.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\weDownload Manager Pro\weDownload Manager Pro-updater.exe.vir (PUP.Optional.WeDownload.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\nsi44B1.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\nsi910E.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\nsjE0E3.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\nsy20B0.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\nsy79A5.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\nsyCB9B.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\nsyF911.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\Downloads\Adobe%20Flash%20Player%2011(1).exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Owner\Downloads\Adobe%20Flash%20Player%2011.exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\conduit.xml (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\CT3306061.xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Owner\AppData\Local\temp\ct3306061\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\ProgramData\Conduit\IE\CT3306061\UninstallerUI.exe (PUP.Optional.Conduit.A) -> No action taken.

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428
Run by Owner at 12:29:57 on 2013-12-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.448 [GMT -8:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_17.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_17.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = hxxp=127.0.0.1:49163;https=127.0.0.1:49163
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: {8480b7b1-a45c-4feb-8653-60f834f7ca4b} - <orphaned>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:1
uPolicies-Explorer: NoDriveAutoRun- = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
uPolicies-System: NoScrSavPage = dword:0
uPolicies-System: NoDispApprearancePage = dword:0
mPolicies-Explorer: NoDriveAutoRun- = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 216.228.160.7 216.228.160.8 216.228.160.5 216.228.160.6
TCP: Interfaces\{07AE6EC5-2B47-403F-BBC0-4AF2A6DB3EDE} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{153AD536-538C-4465-AFC8-58B94BDEC93D} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{22542FF5-7590-40F2-9B2A-5FB89C04FAA9} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A} : DHCPNameServer = 198.224.166.135 198.224.167.135
TCP: Interfaces\{4DCB2D10-C777-443E-89A6-979AD115657B} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{518CD836-4FC2-4A22-AE14-B86249DAFE29} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9} : DHCPNameServer = 216.228.160.7 216.228.160.8 216.228.160.5 216.228.160.6
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : DHCPNameServer = 172.16.44.186 172.16.44.185
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : NameServer = 205.171.3.25,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : DHCPNameServer = 216.228.160.7 216.228.160.8 216.228.160.5
TCP: Interfaces\{B819E948-EA6F-41CF-9848-95199EBFC197} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B925B4EC-95DC-4FC3-9E8E-68F2E330D626} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E17B4E4D-9C95-4C58-B453-5AA9E72A2EC8} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EF1A7DF2-51C7-439F-AD61-408A50762872} : NameServer = 8.8.8.8,8.8.4.4
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\16hca966.default-1378132565160\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN53349359313028257&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN53349359313028257&UM=2&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\mozilla plugins\npitunes.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\16hca966.default-1378132565160\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\plugins\np-mswmp.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\16hca966.default-1378132565160\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1205146.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_17.dll
FF - ExtSQL: 2013-12-01 11:43; {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}; c:\users\owner\appdata\roaming\mozilla\firefox\profiles\16hca966.default-1378132565160\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2012-8-9 102728]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-14 15672]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-9 37664]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-11-30 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-11-30 440376]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-11-30 90400]
R2 avnetflt;avnetflt;c:\windows\system32\drivers\avnetflt.sys [2013-11-30 67680]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2012-8-2 154624]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2012-8-3 350792]
R2 Level Quality Watcher;Level Quality Watcher;c:\program files\level quality watcher\v1.01\levelqualitywatcher32.exe run options=01110010000000000000000000000000 sourceguid=f5d333a8-c748-4686-ae0a-9e008f670c22 --> c:\program files\level quality watcher\v1.01\levelqualitywatcher32.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 [?]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-9-4 384824]
R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2011-12-17 13824]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-12-1 40776]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2012-8-19 6637056]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaywin7.sys [2011-10-1 194408]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolwin7.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-11-30 440376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-2-7 822624]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [2012-11-22 23552]
S3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [2012-9-3 115008]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-16 108032]
S3 JQIVQWH;JQIVQWH;c:\users\owner\appdata\local\temp\jqivqwh.exe --> c:\users\owner\appdata\local\temp\JQIVQWH.exe [?]
S3 KV;KV;c:\users\owner\appdata\local\temp\kv.exe --> c:\users\owner\appdata\local\temp\KV.exe [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-6-11 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-6-8 23808]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-11-8 11008]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-3-26 18432]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-31 14848]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-8-23 24416]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfswin7.sys [2011-10-1 581480]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirwin7.sys [2011-10-1 21864]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-12-17 13464]
S3 Te.Service;Te.Service;c:\program files\windows kits\8.0\testing\runtimes\taef\Wex.Services.exe [2012-7-25 94208]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-31 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-13 1343400]
S4 AJNZPONDLY;AJNZPONDLY;c:\users\owner\appdata\local\temp\ajnzpondly.exe --> c:\users\owner\appdata\local\temp\AJNZPONDLY.exe [?]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebg7.exe [2013-11-30 1164360]
S4 BthFilterHelper;Bluetooth Feature Support;c:\program files\csr\vista profile pack\BthFilterHelper.exe [2006-11-7 127488]
S4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-10-23 120728]
S4 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-6-15 65657]
S4 VYGTB;VYGTB;c:\users\owner\appdata\local\temp\vygtb.exe --> c:\users\owner\appdata\local\temp\VYGTB.exe [?]
S4 XHSJPQ;XHSJPQ;c:\users\owner\appdata\local\temp\xhsjpq.exe --> c:\users\owner\appdata\local\temp\XHSJPQ.exe [?]
SUnknown vToolbarUpdater17.1.2;vToolbarUpdater17.1.2; [x]
.
=============== Created Last 30 ================
.
2013-12-01 20:28:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-01 19:55:28 -------- d-----w- C:\temp
2013-12-01 19:55:26 -------- d-----w- c:\program files\Level Quality Watcher
2013-12-01 19:54:57 -------- d-----w- c:\program files\MyPC Backup
2013-12-01 19:44:26 -------- d-----w- c:\programdata\Conduit
2013-12-01 19:44:08 -------- d-----w- c:\users\owner\appdata\local\NativeMessaging
2013-12-01 19:44:06 -------- d-----w- c:\users\owner\appdata\local\Conduit
2013-12-01 19:44:02 -------- d-----w- c:\users\owner\appdata\local\CRE
2013-12-01 19:44:00 -------- d-----w- c:\program files\Conduit
2013-12-01 19:34:46 -------- d-----w- c:\users\owner\appdata\local\ElevatedDiagnostics
2013-12-01 17:48:01 -------- d-----w- c:\users\owner\appdata\local\Adobe
2013-12-01 17:47:23 -------- d-----w- c:\programdata\CrypKey
2013-12-01 17:46:20 27648 ----a-r- c:\windows\Setup_ck.exe
2013-12-01 17:46:20 19584 ----a-w- c:\windows\system32\Ckldrv.sys
2013-12-01 17:46:20 18432 ----a-w- c:\windows\Setup_ck.dll
2013-12-01 17:46:20 165888 ----a-w- c:\windows\Ckconfig.exe
2013-12-01 17:46:20 122880 ----a-w- c:\windows\system32\Crypserv.exe
2013-12-01 17:46:20 11776 ----a-w- c:\windows\Ckrfresh.exe
2013-12-01 17:46:16 -------- d-----w- c:\program files\Stellar Phoenix Outlook PST Repair
2013-12-01 17:45:51 10016840 ----a-w- C:\spopr.exe
2013-12-01 17:45:42 -------- d-----w- c:\users\owner\appdata\local\Programs
2013-12-01 17:12:28 -------- d-----w- c:\users\owner\appdata\local\Apple Computer
2013-12-01 16:35:38 -------- d-----w- c:\users\owner\appdata\local\Microsoft Help
2013-11-30 19:50:05 -------- d-----w- c:\users\owner\appdata\local\Macromedia
2013-11-30 19:49:41 -------- d-----w- c:\users\owner\appdata\local\Mozilla
2013-11-30 19:23:46 -------- d-----w- c:\users\owner\appdata\local\Diagnostics
2013-11-30 19:20:48 -------- d-----w- c:\users\owner\appdata\local\Google
2013-11-30 17:42:17 -------- d-----w- c:\users\owner\appdata\roaming\Avira
2013-11-30 17:35:04 67680 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-11-30 17:35:04 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-30 17:35:03 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-11-30 17:35:01 -------- d-----w- c:\program files\Avira
2013-11-28 22:17:40 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-28 22:17:40 168960 ----a-w- c:\windows\system32\credui.dll
2013-11-28 22:17:40 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-28 22:17:32 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-11-28 22:17:26 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-11-28 22:17:26 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-11-28 22:17:26 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-11-28 21:46:27 -------- d-----w- c:\programdata\Kaspersky Lab
2013-11-28 21:01:52 -------- d-----w- c:\programdata\CDB
2013-11-28 20:47:08 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-28 20:44:40 -------- d-----w- c:\users\owner\appdata\local\temp
2013-11-28 20:24:31 -------- d-----w- c:\program files\sp
2013-11-28 19:43:24 -------- d-----w- c:\users\owner\appdata\local\Mozilla Firefox
2013-11-24 17:05:13 -------- d-----w- C:\AdwCleaner
2013-11-24 16:28:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-24 16:27:48 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-16 18:50:02 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-11-16 18:50:02 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-16 18:50:02 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-16 18:50:02 247808 ----a-w- c:\windows\system32\schannel.dll
2013-11-16 18:50:02 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-16 18:50:02 22016 ----a-w- c:\windows\system32\secur32.dll
2013-11-16 18:50:02 22016 ----a-w- c:\windows\system32\lsass.exe
2013-11-16 18:50:02 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-16 18:50:02 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-16 18:50:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-16 18:50:00 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-11-16 18:49:58 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-16 18:49:57 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-16 18:49:57 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-16 18:49:53 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-16 18:23:59 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-16 18:23:59 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-11-16 18:23:59 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-09 23:44:08 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-09 23:43:32 -------- d-----w- c:\program files\SlimDrivers
2013-11-09 23:33:43 -------- d-----w- C:\Mozilla Plugins
2013-11-09 23:33:43 -------- d-----w- C:\iTunesMiniPlayer.Resources
2013-11-09 23:33:42 -------- d-----w- C:\iTunesHelper.Resources
2013-11-09 23:33:06 -------- d-----w- C:\iTunes.Resources
2013-11-09 23:33:05 -------- d-----w- c:\program files\iPod
2013-11-09 23:32:59 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-09 23:32:59 -------- d-----w- C:\CD Configuration
2013-11-02 08:29:46 293192 ----a-w- C:\iTunesOutlookAddIn.dll
2013-11-02 08:29:44 9789256 ----a-w- C:\iTunes.exe
2013-11-02 08:29:44 405320 ----a-w- C:\iTunesAdmin.dll
2013-11-02 08:29:44 152392 ----a-w- C:\iTunesHelper.exe
2013-11-02 08:29:44 148808 ----a-w- C:\iTunesHelper.dll
2013-11-02 08:29:44 117576 ----a-w- C:\iTunesMiniPlayer.dll
2013-11-02 08:29:36 25449288 ----a-w- C:\iTunes.dll
2013-11-02 08:29:34 776216 ----a-w- C:\gnsdk_sdkmanager.dll
2013-11-02 08:29:34 649032 ----a-w- C:\iPodUpdaterExt.dll
2013-11-02 08:29:34 3008536 ----a-w- C:\gnsdk_dsp.dll
2013-11-02 08:29:34 262680 ----a-w- C:\gnsdk_submit.dll
2013-11-02 08:29:34 219672 ----a-w- C:\gnsdk_musicid.dll
.
==================== Find3M ====================
.
2013-11-30 19:23:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-30 19:23:41 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-28 20:07:03 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-11-19 11:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-02 02:15:34 112968 ----a-w- C:\ITDetector.ocx
2013-10-02 02:15:32 1741128 ----a-w- C:\iAdCore.dll
2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 12:31:24.42 ===============


[dupe]
.
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

redtarget.gif
Your MBAM log says "No action taken".
Re-run MBAM fix all issues and post new log.

redtarget.gif
You posted DDS.txt log twice ( I removed one). I still need Attach.txt log from DDS.
 
I removed all infections from the MBAM prior to sending the txt. Do you want me to run the MBAM again?
This is the requested DDS text.

[wrong log- Broni]
 
Yes I need you to re-run MBAM and post new log.

You posted another DDS.txt log. I need Attach.txt log.
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/12/2011 6:36:07 AM
System Uptime: 12/1/2013 1:48:40 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0FT292
Processor: Genuine Intel(R) CPU T2600 @ 2.16GHz | Microprocessor | 2167/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 35.08 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&13FD3FCA&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&13FD3FCA&0
Service: i8042prt
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Sftfs
Device ID: ROOT\LEGACY_SFTFS\0000
Manufacturer:
Name: Sftfs
PNP Device ID: ROOT\LEGACY_SFTFS\0000
Service: Sftfs
.
==== System Restore Points ===================
.
RP898: 12/1/2013 8:42:59 AM - Windows Modules Installer
RP899: 12/1/2013 8:48:31 AM - Restore Operation
RP900: 12/1/2013 12:10:22 PM - Removed ScorpionSaver
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics DiskDefrag
Backup Assistant Plus
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
Broadcom TPM Driver Installer
Canon MX360 series User Registration
Canon Solution Menu EX
Canon Speed Dial Utility
CCleaner
Compatibility Pack for the 2007 Office system
Digital Line Detect
FileHippo.com Update Checker
Google Apps
Google Chrome
Google Update Helper
Google Updater
HiJackThis
iCloud
IHA_MessageCenter
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iTunes
Kits Configuration Installer
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft DirectX SDK (June 2010)
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MotoHelper MergeModules
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 5.9.0
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
NetBeans IDE 7.3.1
NVIDIA Drivers
OZ776 SCR Driver V1.1.4.202
Picasa 3
Picasa Uploader
QuickSet
QuickTime
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SigmaTel Audio
SlimCleaner
SlimDrivers
Smart Defrag 2
SUPERAntiSpyware
swMSM
Synctunes Desktop
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UVK - Ultra Virus Killer
Vista Profile Pack
Vz In-Home Agent
Windows Driver Kit
Windows Driver Package - Intel (NETwLv32) net (08/15/2010 13.3.0.137)
Windows Driver Package - Intel (NETwNs32) net (07/14/2010 13.3.0.24)
Windows Installer Clean Up
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
12/1/2013 12:21:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/1/2013 12:11:36 PM, Error: Service Control Manager [7031] - The Update outobox service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/1/2013 1:52:20 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2013 1:52:20 PM, Error: Service Control Manager [7001] - The Application Virtualization Client service depends on the Sftfs service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2013 1:52:20 PM, Error: Service Control Manager [7000] - The Sftfs service failed to start due to the following error: A device attached to the system is not functioning.
12/1/2013 1:50:21 PM, Error: Service Control Manager [7034] - The Avira Scheduler service terminated unexpectedly. It has done this 3 time(s).
12/1/2013 1:50:21 PM, Error: Service Control Manager [7031] - The Avira Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/1/2013 1:50:20 PM, Error: Service Control Manager [7031] - The Avira Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/1/2013 1:49:19 PM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
12/1/2013 1:49:19 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
12/1/2013 1:49:19 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
12/1/2013 1:49:11 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
12/1/2013 1:48:46 PM, Error: volmgr [46] - Crash dump initialization failed!
12/1/2013 1:48:01 PM, Error: Service Control Manager [7034] - The Dell Internal Network Card Power Management service terminated unexpectedly. It has done this 1 time(s).
11/30/2013 9:45:00 AM, Error: Service Control Manager [7000] - The vToolbarUpdater17.1.2 service failed to start due to the following error: The system cannot find the file specified.
11/30/2013 9:42:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
11/30/2013 9:42:02 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/30/2013 9:42:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
11/30/2013 3:37:43 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
11/30/2013 3:37:42 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
11/30/2013 3:37:42 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
11/30/2013 11:15:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/30/2013 11:14:33 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2013 11:14:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/30/2013 11:14:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/30/2013 11:14:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/30/2013 11:14:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/30/2013 11:14:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/30/2013 11:14:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/30/2013 11:14:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr CSC DfsC discache KLIF KLIM6 klpd kltdi kneps NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr ssmdrv tdx Wanarpv6 WfpLwf ws2ifsl
11/30/2013 11:14:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
11/30/2013 11:13:56 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/30/2013 11:13:56 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2013 11:13:56 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2013 11:13:56 AM, Error: Service Control Manager [7001] - The Remote Desktop Configuration service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2013 11:13:56 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2013 11:13:56 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2013 11:13:55 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2013 11:13:55 AM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2013 11:13:55 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2013 11:13:54 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/30/2013 11:13:54 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/30/2013 11:13:54 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/30/2013 11:13:54 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/30/2013 11:13:02 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.
11/29/2013 3:43:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/29/2013 3:43:17 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/28/2013 2:22:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dell Internal Network Card Power Management service to connect.
11/28/2013 2:18:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 4.5.1 for Windows 7 (KB2858725).
11/28/2013 12:40:25 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/28/2013 12:31:11 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
11/24/2013 8:39:23 AM, Error: mbamchameleon [61703] -
11/24/2013 8:22:23 AM, Error: Service Control Manager [7030] - The VYGTB service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/24/2013 8:14:50 AM, Error: Service Control Manager [7030] - The AJNZPONDLY service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/24/2013 8:12:54 AM, Error: Service Control Manager [7030] - The XHSJPQ service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/24/2013 8:12:14 AM, Error: Service Control Manager [7030] - The KV service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/24/2013 8:12:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the JQIVQWH service to connect.
11/24/2013 8:12:14 AM, Error: Service Control Manager [7000] - The JQIVQWH service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2013 8:11:43 AM, Error: Service Control Manager [7030] - The JQIVQWH service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/24/2013 5:11:12 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
.
==== End Of File ===========================
 
MBAM spyware log after removing of infections:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Owner :: OWNER-PC [administrator]

12/1/2013 2:10:30 PM
mbam-log-2013-12-01 (14-10-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205279
Time elapsed: 10 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 12/01/2013 14:28:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[84] : NtCreateSection @ 0x8326413D -> HOOKED (Unknown @ 0x8F488BC6)
[Address] SSDT[299] : NtRequestWaitReplyPort @ 0x8327EB22 -> HOOKED (Unknown @ 0x8F488BD0)
[Address] SSDT[316] : NtSetContextThread @ 0x8331E84F -> HOOKED (Unknown @ 0x8F488BCB)
[Address] SSDT[347] : NtSetSecurityObject @ 0x83242805 -> HOOKED (Unknown @ 0x8F488BD5)
[Address] SSDT[368] : NtSystemDebugControl @ 0x832C6802 -> HOOKED (Unknown @ 0x8F488BDA)
[Address] SSDT[370] : NtTerminateProcess @ 0x8329BD9A -> HOOKED (Unknown @ 0x8F488B67)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8F488BEE)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8F488BF3)
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xD0CE333C)
[Inline] EAT @explorer.exe (?ms_GlobalPointersInitializationSemaphore@GCUtilDLL@@2VGCReentrantSemaphore@@A) : GrooveUtil.DLL -> HOOKED (Unknown @ 0x6FD215E9)
[Inline] EAT firefox.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xD0CE333C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM080HI ATA Device +++++
--- User ---
[MBR] 0c73aefa2c61e73e8d63966c70cbbc91
[BSP] b885cf893c28e2877b56a18dfe1cd75d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 33a0f33fb7e7f518f64aedcb9dad35b0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 7633 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_12012013_142821.txt >>
RKreport[0]_S_12012013_142816.txt
 
Looking in the MBAR folder this is the only text file I'm finding. This was titled as the "system-log.txt" I"m not finding the requested log???


Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.161000 GHz
Memory total: 2137124864, free: 799006720

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.161000 GHz
Memory total: 2137124864, free: 711831552
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Broni,
THANK YOU for all of your fine help with this issue!
I'm not sure we have finished this but due to time constraints I will have to call it good for today and will attempt to catch up with you tomorrow.
The system appears much quicker but I still don't have my outlook PST files straightened out.
I will check back tomorrow for further instruction.

ComboFix 13-12-01.01 - Owner 12/01/2013 16:40:10.23.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.739 [GMT -8:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\ntuser.dat
c:\windows\system32\drivers\dfg.sys
c:\windows\system32\FlashPlayerApp.exe
c:\windows\wininit.ini
.
---- Previous Run -------
.
c:\program files\Social Privacy\FF\chrome.manifest
c:\program files\Social Privacy\FF\chrome\content\icon.png
c:\program files\Social Privacy\FF\chrome\content\main.js
c:\program files\Social Privacy\FF\chrome\content\overlay.xul
c:\program files\Social Privacy\FF\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Level Quality Watcher
-------\Service_dfg
.
.
((((((((((((((((((((((((( Files Created from 2013-11-02 to 2013-12-02 )))))))))))))))))))))))))))))))
.
.
2013-12-02 00:48 . 2013-12-02 00:51 -------- d-----w- c:\users\Owner\AppData\Local\temp
2013-12-02 00:48 . 2013-12-02 00:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-02 00:48 . 2013-12-02 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-02 00:17 . 2013-12-02 00:37 -------- d-----w- c:\programdata\REPORTS
2013-12-02 00:17 . 2013-12-02 00:18 -------- d-----w- c:\programdata\LOGFILES
2013-12-02 00:17 . 2013-12-02 00:17 -------- d-----w- c:\programdata\INFECTED
2013-12-01 23:37 . 2013-12-01 23:40 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-01 22:55 . 2013-12-01 22:55 -------- d-----w- c:\users\Owner\mbar
2013-12-01 22:29 . 2013-12-01 22:29 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps
2013-12-01 19:55 . 2013-12-01 19:55 -------- d-----w- C:\temp
2013-12-01 19:55 . 2013-12-01 19:55 -------- d-----w- c:\program files\Level Quality Watcher
2013-12-01 19:54 . 2013-12-01 20:10 -------- d-----w- c:\program files\MyPC Backup
2013-12-01 19:44 . 2013-12-01 21:47 -------- d-----w- c:\programdata\Conduit
2013-12-01 19:44 . 2013-12-01 19:44 -------- d-----w- c:\users\Owner\AppData\Local\NativeMessaging
2013-12-01 19:44 . 2013-12-01 20:24 -------- d-----w- c:\users\Owner\AppData\Local\Conduit
2013-12-01 19:44 . 2013-12-01 19:44 -------- d-----w- c:\users\Owner\AppData\Local\CRE
2013-12-01 19:44 . 2013-12-01 19:44 -------- d-----w- c:\program files\Conduit
2013-12-01 19:34 . 2013-12-01 19:34 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2013-12-01 17:48 . 2013-12-01 17:48 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2013-12-01 17:47 . 2013-12-01 17:47 -------- d-----w- c:\programdata\CrypKey
2013-12-01 17:46 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe
2013-12-01 17:46 . 2008-03-17 16:45 19584 ----a-w- c:\windows\system32\Ckldrv.sys
2013-12-01 17:46 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
2013-12-01 17:46 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
2013-12-01 17:46 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
2013-12-01 17:46 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2013-12-01 17:46 . 2013-12-01 19:16 -------- d-----w- c:\program files\Stellar Phoenix Outlook PST Repair
2013-12-01 17:45 . 2013-12-01 17:46 10016840 ----a-w- C:\spopr.exe
2013-12-01 17:45 . 2013-12-01 17:45 -------- d-----w- c:\users\Owner\AppData\Local\Programs
2013-12-01 17:12 . 2013-12-01 17:12 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer
2013-12-01 16:35 . 2013-12-01 16:35 -------- d-----w- c:\users\Owner\AppData\Local\Microsoft Help
2013-11-30 19:50 . 2013-11-30 19:50 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
2013-11-30 19:49 . 2013-11-30 19:49 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla
2013-11-30 19:23 . 2013-11-30 19:23 -------- d-----w- c:\users\Owner\AppData\Local\Diagnostics
2013-11-30 19:20 . 2013-11-30 19:56 -------- d-----w- c:\users\Owner\AppData\Local\Google
2013-11-30 17:42 . 2013-11-30 17:42 -------- d-----w- c:\users\Owner\AppData\Roaming\Avira
2013-11-30 17:35 . 2013-11-22 20:01 67680 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-11-30 17:35 . 2013-11-22 20:01 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-30 17:35 . 2013-11-22 20:01 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-11-30 17:35 . 2013-11-22 20:01 137208 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-11-30 17:35 . 2013-11-30 17:35 -------- d-----w- c:\program files\Avira
2013-11-28 22:17 . 2013-10-04 01:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-28 22:17 . 2013-10-04 01:56 168960 ----a-w- c:\windows\system32\credui.dll
2013-11-28 22:17 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-28 22:17 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-11-28 22:17 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-11-28 22:17 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-11-28 22:17 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-11-28 21:46 . 2013-12-01 19:06 -------- d-----w- c:\programdata\Kaspersky Lab
2013-11-28 21:01 . 2013-11-28 21:01 -------- d-----w- c:\programdata\CDB
2013-11-28 20:24 . 2013-11-28 20:24 -------- d-----w- c:\program files\sp
2013-11-28 19:43 . 2013-11-30 19:16 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla Firefox
2013-11-24 17:05 . 2013-11-28 19:22 -------- d-----w- C:\AdwCleaner
2013-11-24 16:28 . 2013-12-01 23:53 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-24 16:27 . 2013-12-01 23:40 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-16 18:50 . 2013-09-25 02:01 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-16 18:50 . 2013-09-25 02:01 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-16 18:50 . 2013-09-25 01:57 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-11-16 18:50 . 2013-09-25 01:57 22016 ----a-w- c:\windows\system32\secur32.dll
2013-11-16 18:50 . 2013-09-25 01:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-11-16 18:50 . 2013-09-25 01:56 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-16 18:50 . 2013-09-25 01:56 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-16 18:50 . 2013-09-25 00:49 22016 ----a-w- c:\windows\system32\lsass.exe
2013-11-16 18:50 . 2013-09-25 00:49 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-16 18:50 . 2013-07-04 12:16 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-16 18:50 . 2013-10-03 01:58 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-11-16 18:49 . 2013-10-12 02:01 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-16 18:49 . 2013-10-12 02:03 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-16 18:49 . 2013-10-12 02:01 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-16 18:49 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-16 18:23 . 2013-11-16 18:23 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-16 18:23 . 2013-11-16 18:23 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-11-16 18:23 . 2013-11-16 18:23 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-09 23:44 . 2013-11-16 17:37 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-09 23:43 . 2013-11-09 23:43 -------- d-----w- c:\program files\SlimDrivers
2013-11-09 23:33 . 2013-12-01 16:57 -------- d-----w- C:\Mozilla Plugins
2013-11-09 23:33 . 2013-12-01 16:57 -------- d-----w- C:\iTunesMiniPlayer.Resources
2013-11-09 23:33 . 2013-12-01 16:57 -------- d-----w- C:\iTunesHelper.Resources
2013-11-09 23:33 . 2013-12-01 16:57 -------- d-----w- C:\iTunes.Resources
2013-11-09 23:33 . 2013-11-09 23:33 -------- d-----w- c:\program files\iPod
2013-11-09 23:32 . 2013-12-01 16:57 -------- d-----w- C:\CD Configuration
2013-11-09 23:32 . 2013-11-09 23:33 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-02 08:29 . 2013-11-02 08:29 293192 ----a-w- C:\iTunesOutlookAddIn.dll
2013-11-02 08:29 . 2013-11-02 08:29 9789256 ----a-w- C:\iTunes.exe
2013-11-02 08:29 . 2013-11-02 08:29 405320 ----a-w- C:\iTunesAdmin.dll
2013-11-02 08:29 . 2013-11-02 08:29 152392 ----a-w- C:\iTunesHelper.exe
2013-11-02 08:29 . 2013-11-02 08:29 148808 ----a-w- C:\iTunesHelper.dll
2013-11-02 08:29 . 2013-11-02 08:29 117576 ----a-w- C:\iTunesMiniPlayer.dll
2013-11-02 08:29 . 2013-11-02 08:29 25449288 ----a-w- C:\iTunes.dll
2013-11-02 08:29 . 2013-11-02 08:29 776216 ----a-w- C:\gnsdk_sdkmanager.dll
2013-11-02 08:29 . 2013-11-02 08:29 649032 ----a-w- C:\iPodUpdaterExt.dll
2013-11-02 08:29 . 2013-11-02 08:29 3008536 ----a-w- C:\gnsdk_dsp.dll
2013-11-02 08:29 . 2013-11-02 08:29 262680 ----a-w- C:\gnsdk_submit.dll
2013-11-02 08:29 . 2013-11-02 08:29 219672 ----a-w- C:\gnsdk_musicid.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-30 19:23 . 2012-03-02 17:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-28 20:07 . 2011-12-17 20:44 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-11-19 11:33 . 2011-03-12 14:58 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-02 02:15 . 2013-10-02 02:15 112968 ----a-w- C:\ITDetector.ocx
2013-10-02 02:15 . 2013-10-02 02:15 1741128 ----a-w- C:\iAdCore.dll
2013-09-04 01:15 . 2013-10-18 20:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14 . 2013-10-18 20:00 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14 . 2013-10-18 20:00 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14 . 2013-10-18 20:00 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14 . 2013-10-18 20:00 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14 . 2013-10-18 20:00 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14 . 2013-10-18 20:00 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoScrSavPage"= 0 (0x0)
"NoDispApprearancePage"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSystemDetect]
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-24 03:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleIEDAV]
2013-09-04 23:23 1315144 ----a-w- c:\program files\Common Files\Apple\Internet Services\AppleIEDAV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2013-09-15 21:34 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-09-15 02:09 1213848 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks.daemon]
c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 02:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HowToSimplified Search Scope Monitor]
c:\progra~1\HOWTOS~2\bar\1.bin\8esrchmn.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2013-09-14 10:38 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 02:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 08:29 152392 ----a-w- C:\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
c:\program files\Microsoft Security Client\msseces.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 02:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 10:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-13 21:44 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
c:\users\Owner\AppData\Roaming\Spotify\Spotify.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-11-09 23:25 5717272 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-03-12 14:42 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
c:\program files\AVG SafeGuard toolbar\vprot.exe [BU]
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-11-22 440376]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-08 822624]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6016]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 cpuz134;cpuz134;c:\users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [2012-09-03 115008]
R3 eusingtools;eusingtools;c:\windows\system32\drivers\eusingtools.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-16 108032]
R3 JQIVQWH;JQIVQWH;c:\users\Owner\AppData\Local\Temp\JQIVQWH.exe [x]
R3 KV;KV;c:\users\Owner\AppData\Local\Temp\KV.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 20864]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 8448]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 23808]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11008]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2012-03-26 18432]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-29 4233728]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2012-08-23 24416]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 581480]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 21864]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-11-28 13464]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-26 94208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-14 1343400]
R4 AJNZPONDLY;AJNZPONDLY;c:\users\Owner\AppData\Local\Temp\AJNZPONDLY.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2013-11-22 1164360]
R4 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-08 127488]
R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
R4 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-03 65657]
R4 VYGTB;VYGTB;c:\users\Owner\AppData\Local\Temp\VYGTB.exe [x]
R4 XHSJPQ;XHSJPQ;c:\users\Owner\AppData\Local\Temp\XHSJPQ.exe [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF32.sys [2010-11-04 102728]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 15672]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-16 37664]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-22 37352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-11-22 67680]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2012-08-03 154624]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2013-09-14 350792]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2006-11-07 13824]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2000-01-01 6637056]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 194408]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 21:35 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-08 19:23]
.
2013-07-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-12 14:24]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cec8274f52f9f9.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
.
2013-10-26 c:\windows\Tasks\SlimCleaner Run.job
- c:\program files\SlimCleaner\SlimCleaner.exe [2013-07-10 16:53]
.
2013-07-25 c:\windows\Tasks\User_Feed_Synchronization-{A73C834D-636D-46F7-A165-BE4EE7F25BAD}.job
- c:\windows\system32\msfeedssync.exe [2013-11-16 18:24]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49163;https=127.0.0.1:49163
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: craigslist.org\accounts
Trusted Zone: dell.com
TCP: DhcpNameServer = 216.228.160.7 216.228.160.8 216.228.160.5 216.228.160.6
TCP: Interfaces\{07AE6EC5-2B47-403F-BBC0-4AF2A6DB3EDE}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{153AD536-538C-4465-AFC8-58B94BDEC93D}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{22542FF5-7590-40F2-9B2A-5FB89C04FAA9}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4DCB2D10-C777-443E-89A6-979AD115657B}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{518CD836-4FC2-4A22-AE14-B86249DAFE29}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737: NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647: NameServer = 205.171.3.25,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6: NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{B819E948-EA6F-41CF-9848-95199EBFC197}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B925B4EC-95DC-4FC3-9E8E-68F2E330D626}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E17B4E4D-9C95-4C58-B453-5AA9E72A2EC8}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EF1A7DF2-51C7-439F-AD61-408A50762872}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN53349359313028257&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN53349359313028257&UM=2&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MSIService
MSConfigStartUp-BTMTrayAgent - c:\program files\Motorola\Bluetooth\btmshell.dll
MSConfigStartUp-dnsshield - c:\program files\Social Privacy DNS\dnswatch.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,c0,aa,
31,75,5c,5e,35,aa,62,82,42,b5,d5,f4,71
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6a,97,1c,dc,64,07,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
.
[HKEY_USERS\LocalService\Software\Microsoft\Windows NT\CurrentVersion\Windows]
@DACL=(02 0000)
"DebugOptions"="2048"
"Documents"=""
"DosPrint"="no"
"Load"=""
"NetMessage"="no"
"NullPort"="None"
"Programs"="com exe bat pif cmd"
"UserSelectedDefault"=dword:00000000
"Device"="Send To OneNote 2010,winspool,NUL:"
.
[HKEY_USERS\LocalService\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@DACL=(02 0000)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
.
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows]
@DACL=(02 0000)
"DebugOptions"="2048"
"Documents"=""
"DosPrint"="no"
"Load"=""
"NetMessage"="no"
"NullPort"="None"
"Programs"="com exe bat pif cmd"
"UserSelectedDefault"=dword:00000000
"Device"="Send To OneNote 2010,winspool,NUL:"
.
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@DACL=(02 0000)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_17_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_17_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\System32\snmp.exe
c:\windows\system32\STacSV.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-12-01 16:57:10 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-02 00:57
.
Pre-Run: 38,090,174,464 bytes free
Post-Run: 37,674,438,656 bytes free
.
- - End Of File - - 2B83DDFFCAAE124C8860ADF2D491C2B8
A36C5E4F47E84449FF07ED3517B43A31
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
Driver::
KV
AJNZPONDLY
VYGTB
XHSJPQ

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Mr Broni,
My apologies for my tardiness. I meant to write to let you know I would be unavailable until the following weekend.
I work as an Apple advisor and my work week is very hectic.
Please see the requested Combofix record:


ComboFix 13-12-07.01 - Owner 12/07/2013 9:27:07.24.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.851 [GMT -8:00]
Running from: C:\Users\Owner\Downloads\ComboFix.exe
Command switches used :: C:\Users\Owner\Desktop\cfscript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


Infected copy of C:\Windows\system32\userinit.exe was found and disinfected
Restored copy from - C:\Windows\ERDNT\cache\userinit.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AJNZPONDLY
-------\Service_KV
-------\Service_VYGTB
-------\Service_XHSJPQ


((((((((((((((((((((((((( Files Created from 2013-11-07 to 2013-12-07 )))))))))))))))))))))))))))))))


2013-12-07 17:39:22 . 2013-12-07 17:39:22 -------- d-----w- C:\Users\Public\AppData\Local\temp
2013-12-07 17:39:22 . 2013-12-07 17:39:22 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-12-07 17:22:09 . 2013-12-07 17:22:09 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-12-02 00:48:54 . 2013-12-07 17:42:03 -------- d-----w- C:\Users\Owner\AppData\Local\temp
2013-12-02 00:17:37 . 2013-12-02 00:37:43 -------- d-----w- C:\ProgramData\REPORTS
2013-12-02 00:17:37 . 2013-12-02 00:18:29 -------- d-----w- C:\ProgramData\LOGFILES
2013-12-02 00:17:37 . 2013-12-02 00:17:37 -------- d-----w- C:\ProgramData\INFECTED
2013-12-01 23:37:36 . 2013-12-01 23:40:45 105176 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2013-12-01 22:55:25 . 2013-12-01 22:55:26 -------- d-----w- C:\Users\Owner\mbar
2013-12-01 22:29:58 . 2013-12-01 22:29:58 -------- d-----w- C:\Users\Owner\AppData\Local\CrashDumps
2013-12-01 19:55:28 . 2013-12-01 19:55:32 -------- d-----w- C:\temp
2013-12-01 19:55:26 . 2013-12-01 19:55:26 -------- d-----w- C:\Program Files\Level Quality Watcher
2013-12-01 19:54:57 . 2013-12-01 20:10:04 -------- d-----w- C:\Program Files\MyPC Backup
2013-12-01 19:44:26 . 2013-12-01 21:47:40 -------- d-----w- C:\ProgramData\Conduit
2013-12-01 19:44:08 . 2013-12-01 19:44:08 -------- d-----w- C:\Users\Owner\AppData\Local\NativeMessaging
2013-12-01 19:44:06 . 2013-12-01 20:24:03 -------- d-----w- C:\Users\Owner\AppData\Local\Conduit
2013-12-01 19:44:02 . 2013-12-01 19:44:09 -------- d-----w- C:\Users\Owner\AppData\Local\CRE
2013-12-01 19:44:00 . 2013-12-01 19:44:31 -------- d-----w- C:\Program Files\Conduit
2013-12-01 19:34:46 . 2013-12-01 19:34:46 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2013-12-01 17:48:01 . 2013-12-01 17:48:01 -------- d-----w- C:\Users\Owner\AppData\Local\Adobe
2013-12-01 17:47:23 . 2013-12-01 17:47:23 -------- d-----w- C:\ProgramData\CrypKey
2013-12-01 17:46:20 . 2008-05-07 23:29:38 122880 ----a-w- C:\Windows\system32\Crypserv.exe
2013-12-01 17:46:20 . 2008-03-17 16:45:52 19584 ----a-w- C:\Windows\system32\Ckldrv.sys
2013-12-01 17:46:20 . 1999-06-18 20:49:32 165888 ----a-w- C:\Windows\Ckconfig.exe
2013-12-01 17:46:20 . 1996-05-03 16:21:20 27648 ----a-r- C:\Windows\Setup_ck.exe
2013-12-01 17:46:20 . 1996-05-03 14:36:50 18432 ----a-w- C:\Windows\Setup_ck.dll
2013-12-01 17:46:20 . 1995-07-04 17:33:04 11776 ----a-w- C:\Windows\Ckrfresh.exe
2013-12-01 17:46:16 . 2013-12-01 19:16:03 -------- d-----w- C:\Program Files\Stellar Phoenix Outlook PST Repair
2013-12-01 17:45:51 . 2013-12-01 17:46:04 10016840 ----a-w- C:\spopr.exe
2013-12-01 17:45:42 . 2013-12-01 17:45:42 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2013-12-01 17:12:28 . 2013-12-01 17:12:28 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2013-12-01 16:35:38 . 2013-12-01 16:35:38 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft Help
2013-11-30 19:50:05 . 2013-11-30 19:50:05 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
2013-11-30 19:49:41 . 2013-11-30 19:49:41 -------- d-----w- C:\Users\Owner\AppData\Local\Mozilla
2013-11-30 19:23:46 . 2013-11-30 19:23:46 -------- d-----w- C:\Users\Owner\AppData\Local\Diagnostics
2013-11-30 19:20:48 . 2013-11-30 19:56:00 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2013-11-30 17:42:17 . 2013-11-30 17:42:17 -------- d-----w- C:\Users\Owner\AppData\Roaming\Avira
2013-11-30 17:35:04 . 2013-11-22 20:01:31 67680 ----a-w- C:\Windows\system32\drivers\avnetflt.sys
2013-11-30 17:35:04 . 2013-11-22 20:01:31 37352 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2013-11-30 17:35:03 . 2013-11-22 20:01:31 90400 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2013-11-30 17:35:03 . 2013-11-22 20:01:31 137208 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2013-11-30 17:35:01 . 2013-11-30 17:35:01 -------- d-----w- C:\Program Files\Avira
2013-11-28 22:17:40 . 2013-10-04 01:58:50 152576 ----a-w- C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-28 22:17:40 . 2013-10-04 01:56:25 168960 ----a-w- C:\Windows\system32\credui.dll
2013-11-28 22:17:40 . 2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\system32\authui.dll
2013-11-28 22:17:32 . 2013-08-28 00:57:20 434688 ----a-w- C:\Windows\system32\scavengeui.dll
2013-11-28 22:17:26 . 2013-07-04 11:57:28 205824 ----a-w- C:\Windows\system32\WebClnt.dll
2013-11-28 22:17:26 . 2013-07-04 11:51:04 81920 ----a-w- C:\Windows\system32\davclnt.dll
2013-11-28 22:17:26 . 2013-07-04 09:48:52 115712 ----a-w- C:\Windows\system32\drivers\mrxdav.sys
2013-11-28 21:46:27 . 2013-12-01 19:06:28 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-11-28 21:01:52 . 2013-11-28 21:01:54 -------- d-----w- C:\ProgramData\CDB
2013-11-28 20:24:31 . 2013-11-28 20:24:31 -------- d-----w- C:\Program Files\sp
2013-11-28 19:43:24 . 2013-11-30 19:16:16 -------- d-----w- C:\Users\Owner\AppData\Local\Mozilla Firefox
2013-11-24 17:05:13 . 2013-11-28 19:22:53 -------- d-----w- C:\AdwCleaner
2013-11-24 16:28:23 . 2013-12-01 23:53:34 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-24 16:27:48 . 2013-12-01 23:40:23 75992 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2013-11-16 18:50:02 . 2013-09-25 02:01:08 136640 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2013-11-16 18:50:02 . 2013-09-25 02:01:06 67520 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2013-11-16 18:50:02 . 2013-09-25 01:57:46 99840 ----a-w- C:\Windows\system32\sspicli.dll
2013-11-16 18:50:02 . 2013-09-25 01:57:26 22016 ----a-w- C:\Windows\system32\secur32.dll
2013-11-16 18:50:02 . 2013-09-25 01:57:24 247808 ----a-w- C:\Windows\system32\schannel.dll
2013-11-16 18:50:02 . 2013-09-25 01:56:42 220160 ----a-w- C:\Windows\system32\ncrypt.dll
2013-11-16 18:50:02 . 2013-09-25 01:56:02 1038848 ----a-w- C:\Windows\system32\lsasrv.dll
2013-11-16 18:50:02 . 2013-09-25 00:49:20 22016 ----a-w- C:\Windows\system32\lsass.exe
2013-11-16 18:50:02 . 2013-09-25 00:49:18 15872 ----a-w- C:\Windows\system32\sspisrv.dll
2013-11-16 18:50:02 . 2013-07-04 12:16:47 369848 ----a-w- C:\Windows\system32\drivers\cng.sys
2013-11-16 18:50:00 . 2013-10-03 01:58:07 305152 ----a-w- C:\Windows\system32\gdi32.dll
2013-11-16 18:49:58 . 2013-10-12 02:01:41 679424 ----a-w- C:\Windows\system32\IKEEXT.DLL
2013-11-16 18:49:57 . 2013-10-12 02:03:08 656896 ----a-w- C:\Windows\system32\nshwfp.dll
2013-11-16 18:49:57 . 2013-10-12 02:01:25 216576 ----a-w- C:\Windows\system32\FWPUCLNT.DLL
2013-11-16 18:49:53 . 2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\system32\crypt32.dll
2013-11-16 18:23:59 . 2013-11-16 18:23:59 338944 ----a-w- C:\Windows\system32\drivers\afd.sys
2013-11-16 18:23:59 . 2013-11-16 18:23:59 231424 ----a-w- C:\Windows\system32\mswsock.dll
2013-11-16 18:23:59 . 2013-11-16 18:23:59 1294272 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-11-09 23:44:08 . 2013-11-16 17:37:01 37664 ----a-w- C:\Windows\system32\drivers\avgtpx86.sys
2013-11-09 23:43:32 . 2013-11-09 23:43:32 -------- d-----w- C:\Program Files\SlimDrivers
2013-11-09 23:33:43 . 2013-12-01 16:57:29 -------- d-----w- C:\Mozilla Plugins
2013-11-09 23:33:43 . 2013-12-01 16:57:29 -------- d-----w- C:\iTunesMiniPlayer.Resources
2013-11-09 23:33:42 . 2013-12-01 16:57:29 -------- d-----w- C:\iTunesHelper.Resources
2013-11-09 23:33:06 . 2013-12-01 16:57:29 -------- d-----w- C:\iTunes.Resources
2013-11-09 23:33:05 . 2013-11-09 23:33:05 -------- d-----w- C:\Program Files\iPod
2013-11-09 23:32:59 . 2013-12-01 16:57:16 -------- d-----w- C:\CD Configuration
2013-11-09 23:32:59 . 2013-11-09 23:33:43 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-12-07 17:22:09 . 2012-03-02 17:33:50 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-28 20:07:03 . 2011-12-17 20:44:21 13464 ----a-w- C:\Windows\system32\drivers\SWDUMon.sys
2013-11-19 11:33:38 . 2011-03-12 14:58:40 230048 ------w- C:\Windows\system32\MpSigStub.exe
2013-11-02 08:29:46 . 2013-11-02 08:29:46 293192 ----a-w- C:\iTunesOutlookAddIn.dll
2013-11-02 08:29:44 . 2013-11-02 08:29:44 9789256 ----a-w- C:\iTunes.exe
2013-11-02 08:29:44 . 2013-11-02 08:29:44 405320 ----a-w- C:\iTunesAdmin.dll
2013-11-02 08:29:44 . 2013-11-02 08:29:44 152392 ----a-w- C:\iTunesHelper.exe
2013-11-02 08:29:44 . 2013-11-02 08:29:44 148808 ----a-w- C:\iTunesHelper.dll
2013-11-02 08:29:44 . 2013-11-02 08:29:44 117576 ----a-w- C:\iTunesMiniPlayer.dll
2013-11-02 08:29:36 . 2013-11-02 08:29:36 25449288 ----a-w- C:\iTunes.dll
2013-11-02 08:29:34 . 2013-11-02 08:29:34 776216 ----a-w- C:\gnsdk_sdkmanager.dll
2013-11-02 08:29:34 . 2013-11-02 08:29:34 649032 ----a-w- C:\iPodUpdaterExt.dll
2013-11-02 08:29:34 . 2013-11-02 08:29:34 3008536 ----a-w- C:\gnsdk_dsp.dll
2013-11-02 08:29:34 . 2013-11-02 08:29:34 262680 ----a-w- C:\gnsdk_submit.dll
2013-11-02 08:29:34 . 2013-11-02 08:29:34 219672 ----a-w- C:\gnsdk_musicid.dll
2013-10-02 02:15:34 . 2013-10-02 02:15:34 112968 ----a-w- C:\ITDetector.ocx
2013-10-02 02:15:32 . 2013-10-02 02:15:32 1741128 ----a-w- C:\iAdCore.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoScrSavPage"= 0 (0x0)
"NoDispApprearancePage"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 22:36:36 115440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=C:\Windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\Windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
backup=C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=C:\Windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=C:\Windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=C:\Windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
backup=C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
backup=C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSystemDetect]
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-24 03:43:34 926896 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleIEDAV]
2013-09-04 23:23:44 1315144 ----a-w- C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2013-09-15 21:34:06 59720 ----a-w- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43:52 59720 ----a-w- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-26 02:08:00 2569616 ----a-w- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-09-15 02:09:52 1213848 ----a-w- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks.daemon]
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-11-23 08:22:04 307712 ----a-w- C:\Program Files\FileHippo.com\UpdateChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36:46 30040 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 02:30:48 173592 ----a-w- C:\Windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HowToSimplified Search Scope Monitor]
C:\PROGRA~1\HOWTOS~2\bar\1.bin\8esrchmn.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2013-09-14 10:38:54 59720 ----a-w- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 02:30:48 141848 ----a-w- C:\Windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 08:29:44 152392 ----a-w- C:\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
c:\Program Files\Microsoft Security Client\msseces.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 02:30:48 150552 ----a-w- C:\Windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 10:59:04 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-13 21:44:48 405504 ----a-w- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-11-09 23:25:20 5717272 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-03-12 14:42:33 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
C:\Program Files\AVG SafeGuard toolbar\vprot.exe [BU]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-11-22 20:01:34 440376]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-08 03:54:54 822624]
R2 sftlist;Application Virtualization Client;C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 08:30:36 508776]
R3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys [2009-01-30 01:11:20 6016]
R3 BTMCOM;Bluetooth Serial Port;C:\Windows\system32\Drivers\btmcom.sys [x]
R3 cpudrv;cpudrv;C:\Program Files\SystemRequirementsLab\cpudrv.sys [2009-12-18 18:58:52 11336]
R3 cpuz134;cpuz134;C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 efavdrv;efavdrv;C:\Windows\system32\drivers\efavdrv.sys [2012-09-03 23:47:18 115008]
R3 eusingtools;eusingtools;C:\Windows\system32\drivers\eusingtools.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe [2013-11-16 18:24:44 108032]
R3 JQIVQWH;JQIVQWH;C:\Users\Owner\AppData\Local\Temp\JQIVQWH.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2012-06-11 18:56:32 20864]
R3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 21:57:46 8448]
R3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 23:09:10 23808]
R3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 20:59:04 11008]
R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl.sys [2012-03-26 21:50:12 18432]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [2009-05-29 06:41:28 4233728]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:44:32 14848]
R3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2012-08-23 22:56:08 24416]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 08:30:36 581480]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 08:30:40 21864]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 22:13:45 207360]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 22:13:46 980992]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 22:13:45 661504]
R3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys [2013-11-28 20:07:03 13464]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 Te.Service;Te.Service;C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-26 02:04:02 94208]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:40:25 49664]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-14 01:02:46 1343400]
R4 AntiVirWebService;Avira Web Protection;C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2013-11-22 20:01:31 1164360]
R4 BthFilterHelper;Bluetooth Feature Support;C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-08 01:26:52 127488]
R4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 22:58:52 120728]
R4 PST Service;PST Service;C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-03 00:06:38 65657]
S0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\system32\DRIVERS\MxEFUF32.sys [2010-11-04 22:18:04 102728]
S0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 02:02:20 15672]
S1 avgtp;avgtp;C:\Windows\system32\drivers\avgtpx86.sys [2013-11-16 17:37:01 37664]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-11-22 20:01:31 37352]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 16:27:02 12880]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 21:55:22 67664]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 20:11:42 119056]
S2 avnetflt;avnetflt;C:\Windows\system32\DRIVERS\avnetflt.sys [2013-11-22 20:01:31 67680]
S2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2012-08-03 01:30:44 154624]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2013-09-14 01:24:32 350792]
S3 BTHFILT;Bluetooth Command Filter;C:\Windows\system32\DRIVERS\BthFilt.sys [2006-11-07 06:13:36 13824]
S3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys [2013-03-25 21:41:44 65200]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETwLv32.sys [2000-01-01 00:00:00 6637056]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 08:30:38 194408]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 08:30:42 19304]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 08:30:42 219496]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 21:35:59 1210320 ----a-w- C:\Program Files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2013-12-07 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-08 00:17:19 . 2013-12-07 17:44:10]

2013-07-24 C:\Windows\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-12 14:42:29 . 2011-09-14 14:24:32]

2013-12-07 C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef370f644efdf.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43:59 . 2011-03-12 14:43:56]

2013-07-25 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43:59 . 2011-03-12 14:43:56]

2013-10-26 C:\Windows\Tasks\SlimCleaner Run.job
- C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-07-10 16:53:24 . 2013-07-10 16:53:24]

2013-07-25 C:\Windows\Tasks\User_Feed_Synchronization-{A73C834D-636D-46F7-A165-BE4EE7F25BAD}.job
- C:\Windows\system32\msfeedssync.exe [2013-11-16 18:24:44 . 2013-11-16 18:24:44]


------- Supplementary Scan -------

uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49163;https=127.0.0.1:49163
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
Trusted Zone: craigslist.org\accounts
Trusted Zone: dell.com
TCP: DhcpNameServer = 216.228.160.7 216.228.160.8 216.228.160.5 216.228.160.6
TCP: Interfaces\{07AE6EC5-2B47-403F-BBC0-4AF2A6DB3EDE}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{153AD536-538C-4465-AFC8-58B94BDEC93D}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{22542FF5-7590-40F2-9B2A-5FB89C04FAA9}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4DCB2D10-C777-443E-89A6-979AD115657B}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{518CD836-4FC2-4A22-AE14-B86249DAFE29}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737: NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647: NameServer = 205.171.3.25,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6: NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{B819E948-EA6F-41CF-9848-95199EBFC197}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B925B4EC-95DC-4FC3-9E8E-68F2E330D626}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E17B4E4D-9C95-4C58-B453-5AA9E72A2EC8}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EF1A7DF2-51C7-439F-AD61-408A50762872}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN53349359313028257&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN53349359313028257&UM=2&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
 
Looks good.

How is computer doing?

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Computer is running just as it did prior to the infection. However, I"m not yet able to recover my PST file from my Outlook email. Can you give me direction how to do that?
 
Three of the requested scans
# AdwCleaner v3.014 - Report created 07/12/2013 at 13:53:26
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner(2).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\ValueApps
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\user.js
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\16hca966.default-1378132565160\prefs.js ]

Line Deleted : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1385929556898,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN53349359313028257&UM=2&UP=SP0D3111B5-CE30-41EF-AF4A-A598B8301693");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN53349359313028257&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");
Line Deleted : user_pref("browser.search.defaultenginename", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN53349359313028257&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN53349359313028257&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN53349359313028257&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "VLPM+0CWYGW7EI8VA6QQBDJ9SYTXHQ9KBBHY3HLGZPP74CXNQH7TOE9FXF4ZRGURPZ3POUMLIRX1LO49N8TO4Q");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN53349359313028257&UM=2&SearchSource=13");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_currentVersion", "312E31312E352E31");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_migrated_from_ls.storedInFile", false);

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [29221 octets] - [24/11/2013 09:05:18]
AdwCleaner[R1].txt - [1154 octets] - [28/11/2013 11:20:27]
AdwCleaner[R2].txt - [6004 octets] - [07/12/2013 13:52:35]
AdwCleaner[S0].txt - [28083 octets] - [24/11/2013 09:07:31]
AdwCleaner[S1].txt - [1218 octets] - [28/11/2013 11:22:50]
AdwCleaner[S2].txt - [5947 octets] - [07/12/2013 13:53:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [6007 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x86
Ran by Owner on Sat 12/07/2013 at 13:58:05.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1552026397-1008680744-895623460-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011431152}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-us-silent_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-us-silent_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1546336E-F4F4-4BFB-9862-FB1268A911C7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2CCFDB7B-8701-4B8C-8B01-E55E1AAB52C5}



~~~ Files

Successfully deleted: [File] "C:\Users\Owner\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\fixcleaner"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\superfish"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\weatherblink"
Successfully deleted: [Folder] "C:\Program Files\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\max uninstaller"
Successfully deleted: [Folder] "C:\Program Files\pc cleaners"
Successfully deleted: [Folder] "C:\Program Files\solid savings"
Successfully deleted: [Folder] "C:\Program Files\sparktrust"
Successfully deleted: [Folder] "C:\Program Files\superfish"



~~~ FireFox

Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\16hca966.default-1378132565160\extensions\toolbar_avira-v7@apn.ask.com.xpi
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\superfish@superfish.com
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\16hca966.default-1378132565160\minidumps [43 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/07/2013 at 14:01:20.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 12/7/2013 2:06:08 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.71% Memory free
1.99 Gb Paging File | 0.71 Gb Available in Paging File | 35.43% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 34.32 Gb Free Space | 46.11% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 2.71 Gb Free Space | 36.40% Space Free | Partition Type: FAT32
Drive F: | 82.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 8.00 Gb Total Space | 7.29 Gb Free Space | 91.10% Space Free | Partition Type: FAT32
Drive H: | 14.89 Gb Total Space | 14.81 Gb Free Space | 99.41% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/07 14:04:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL(1).exe
PRC - [2013/12/07 10:44:15 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/12/07 10:43:04 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/12/07 10:42:46 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/12/07 10:42:44 | 000,683,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/12/07 09:44:09 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_24.exe
PRC - [2013/11/12 19:39:06 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/23 10:43:27 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/10/23 10:43:19 | 001,673,680 | ---- | M] (APN) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/09/13 17:24:32 | 000,350,792 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2013/08/01 16:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/23 12:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] () -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/02 17:30:44 | 000,154,624 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2011/10/01 00:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/07/20 18:11:12 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/07 09:44:08 | 016,288,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_24.dll
MOD - [2013/11/12 19:39:45 | 003,363,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\JQIVQWH.exe -- (JQIVQWH)
SRV - [2013/12/07 10:44:15 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/07 10:43:07 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2013/12/07 10:42:46 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/12/07 09:44:10 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/16 10:24:44 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/11/12 19:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 10:43:27 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/09/13 17:24:32 | 000,350,792 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2013/05/26 20:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 12:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/23 14:58:52 | 000,120,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/08/02 17:30:44 | 000,154,624 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2012/07/25 18:04:02 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2011/10/01 00:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 00:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Disabled | Stopped] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/03/13 17:02:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/07/20 18:11:12 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2006/11/07 17:26:52 | 000,127,488 | ---- | M] (CSR, plc) [Disabled | Stopped] -- C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe -- (BthFilterHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys -- (ProcObsrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\eusingtools.sys -- (eusingtools)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btmcom.sys -- (BTMCOM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2013/12/07 10:44:55 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/12/07 10:44:54 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/12/07 10:44:54 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/12/07 10:44:54 | 000,067,680 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avnetflt.sys -- (avnetflt)
DRV - [2013/12/07 10:44:54 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/11/28 12:07:03 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/11/16 09:37:01 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/25 13:41:44 | 000,065,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/09/03 15:47:18 | 000,115,008 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\efavdrv.sys -- (efavdrv)
DRV - [2012/08/23 14:56:08 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2012/08/23 06:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 06:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/11 10:56:32 | 000,020,864 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2012/06/08 15:09:10 | 000,023,808 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2012/06/08 15:08:52 | 000,006,656 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012/06/08 15:08:26 | 000,024,576 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2012/06/06 09:50:54 | 000,113,664 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2012/03/26 13:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012/01/25 13:57:46 | 000,008,448 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/11/08 12:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/10/01 00:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvolwin7.sys -- (Sftvol)
DRV - [2011/10/01 00:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirwin7.sys -- (Sftredir)
DRV - [2011/10/01 00:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaywin7.sys -- (Sftplay)
DRV - [2011/10/01 00:30:36 | 000,581,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfswin7.sys -- (Sftfs)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/04 14:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/09/09 16:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/03/17 08:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/01/16 09:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006/11/06 22:13:36 | 000,013,824 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthFilt.sys -- (BTHFILT)
DRV - [1999/12/31 16:00:00 | 006,637,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {8480b7b1-a45c-4feb-8653-60f834f7ca4b} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49163;https=127.0.0.1:49163
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
783
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back