Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove Adware Toolbar.kt, idp.program.87352c65 and basicscan? Limits admin right


  • This topic is locked This topic is locked
9 replies to this topic

#1 icecore

icecore

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 25 April 2013 - 03:03 AM

Dear forum members.

 

AVG antivirus is constantly informing me of infections from Adware toolbar.kt, which AVG claims it has removed but pops up again, and from idp.program.87352c65, which AVG seems unable to remove or quarrantine since claming constantly that it is infected. These malware seem to limit my admin rights, preventing me for example from editing host files under system32/drivers/host (wanted to remove hijackthis lines...).

 

I ran the dds and posted the log below. I also ran the rootkit, that log is the bottom.

 

Your help on this is most appreciated, please take a look and see if you can aid me here.

 

Cheers, Icecore.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.17.2
Run by notandi at 7:45:47 on 2013-04-25
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.354.1033.18.1527.436 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\BasicScan\basicscan.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BasicScan\basicscan.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\notandi\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\notandi\Downloads\HijackThis.exe
C:\Users\notandi\Downloads\RogueKiller.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uLocal Page = c:\windows\system32\blank.htm
uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mStart Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
mLocal Page = c:\windows\system32\blank.htm
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uProxyOverride = *.local
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - c:\windows\system32\ieframe.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = c:\windows\system32\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: HistoryTriggerBHO Class: {21A88CB9-84D2-4020-A2D1-B25A21034884} - c:\program files\lg electronics\lg pc suite iv\linkair\LinkAirBrowserHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\web assistant\Extension32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Softonic Helper Object: {E87806B5-E908-45FD-AF5E-957D83E58E68} - c:\program files\softonic\softonic\1.5.21.0\bh\Softonic.dll
TB: Softonic Toolbar: {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - c:\program files\softonic\softonic\1.5.21.0\SoftonicTlbr.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [LG LinkAir] <no file>
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
dRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
StartupFolder: c:\users\notandi\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: LogonHoursAction = dword:2
uPolicies-System: DontDisplayLogonHoursWarnings = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: %SystemRoot%\system32\mswsock.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A5DAA7CF-33FF-48DD-94A5-F281F2780F07} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A5DAA7CF-33FF-48DD-94A5-F281F2780F07}\350756564645F6573686133423034433 : DHCPNameServer = 192.168.1.254
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - c:\windows\system32\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - c:\windows\system32\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - c:\windows\system32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\program files\common files\microsoft shared\help\hxds.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Notify: igfxcui - igfxdev.dll
Notify: ScCertProp - wlnotify.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - c:\windows\system32\unregmp2.exe /ShowWMP
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - c:\windows\system32\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - c:\windows\system32\regsvr32.exe /s /n /i:/userinstall c:\windows\system32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - c:\windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - c:\windows\system32\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\windows\system32\rundll32.exe c:\windows\system32\mscories.dll,Install
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - c:\windows\system32\shell32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\notandi\appdata\roaming\mozilla\firefox\profiles\8dg0xc15.default\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\garmin gps plugin\npGarmin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrl.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\videolan\vlc\npvlc.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\notandi\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-05-19 22:22; {336D0C35-8A85-403a-B9D2-65C292C39087}; c:\program files\web assistant\Firefox
FF - ExtSQL: 2012-09-14 20:40; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - ExtSQL: 2013-02-14 23:41; {972ce4c6-7e08-4474-a285-3208198ce6fd}; c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - ExtSQL: 2013-04-20 16:20; {6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}; c:\program files\mozilla firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;c:\windows\system32\drivers\acpi.sys [2012-3-1 274304]
R0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2012-3-1 22400]
R0 atapi;IDE Channel;c:\windows\system32\drivers\atapi.sys [2009-7-13 21584]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 CLFS;Common Log (CLFS);c:\windows\system32\clfs.sys [2009-7-13 249408]
R0 CNG;CNG;c:\windows\system32\drivers\cng.sys [2012-7-13 369336]
R0 Compbatt;Microsoft Composite Battery Driver;c:\windows\system32\drivers\compbatt.sys [2009-7-13 19024]
R0 Disk;Disk Driver;c:\windows\system32\drivers\disk.sys [2009-7-13 57424]
R0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-7-13 58448]
R0 FltMgr;FltMgr;c:\windows\system32\drivers\fltMgr.sys [2009-7-13 198208]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\system32\drivers\fvevol.sys [2013-4-10 196328]
R0 hwpolicy;Hardware Policy Driver;c:\windows\system32\drivers\hwpolicy.sys [2012-3-1 14208]
R0 intelide;intelide;c:\windows\system32\drivers\intelide.sys [2009-7-13 15424]
R0 KSecDD;KSecDD;c:\windows\system32\drivers\ksecdd.sys [2012-7-13 67440]
R0 KSecPkg;KSecPkg;c:\windows\system32\drivers\ksecpkg.sys [2012-7-13 134000]
R0 mountmgr;Mount Point Manager;c:\windows\system32\drivers\mountmgr.sys [2012-3-1 78208]
R0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-7-13 13888]
R0 Mup;Mup;c:\windows\system32\drivers\mup.sys [2009-7-13 49728]
R0 NDIS;NDIS System Driver;c:\windows\system32\drivers\ndis.sys [2012-9-19 712048]
R0 partmgr;Partition Manager;c:\windows\system32\drivers\partmgr.sys [2012-5-10 56176]
R0 pci;PCI Bus Driver;c:\windows\system32\drivers\pci.sys [2012-3-1 153984]
R0 pcmcia;pcmcia;c:\windows\system32\drivers\pcmcia.sys [2009-7-13 180288]
R0 pcw;Performance Counters for Windows Driver;c:\windows\system32\drivers\pcw.sys [2009-7-13 43088]
R0 rdyboost;ReadyBoost;c:\windows\system32\drivers\rdyboost.sys [2012-3-1 173440]
R0 spldr;Security Processor Loader Driver;c:\windows\system32\drivers\spldr.sys [2009-7-13 17472]
R0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2012-3-1 40704]
R0 Tcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\tcpip.sys [2013-2-13 1293672]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-7-13 32832]
R0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2012-3-1 175360]
R0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2012-3-1 53120]
R0 volmgrx;Dynamic Volume Manager;c:\windows\system32\drivers\volmgrx.sys [2009-7-13 297040]
R0 volsnap;Storage volumes;c:\windows\system32\drivers\volsnap.sys [2012-3-1 245632]
R0 Wdf01000;Kernel Mode Driver Frameworks service;c:\windows\system32\drivers\Wdf01000.sys [2012-11-16 526952]
R1 AFD;Ancillary Function Driver for Winsock;c:\windows\system32\drivers\afd.sys [2012-2-29 338944]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 Beep;Beep;c:\windows\system32\drivers\beep.sys [2009-7-13 6144]
R1 blbdrive;blbdrive;c:\windows\system32\drivers\blbdrive.sys [2009-7-13 35328]
R1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2012-3-1 388096]
R1 DfsC;DFS Namespace Client Driver;c:\windows\system32\drivers\dfsc.sys [2012-3-1 78336]
R1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-7-13 32256]
R1 Msfs;Msfs;c:\windows\system32\drivers\msfs.sys [2009-7-13 22528]
R1 mssmbios;Microsoft System Management BIOS Driver;c:\windows\system32\drivers\mssmbios.sys [2009-7-13 28240]
R1 NetBIOS;NetBIOS Interface;c:\windows\system32\drivers\netbios.sys [2009-7-13 36352]
R1 NetBT;NetBT;c:\windows\system32\drivers\netbt.sys [2012-3-1 187904]
R1 Npfs;Npfs;c:\windows\system32\drivers\npfs.sys [2009-7-13 35328]
R1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-7-13 16896]
R1 Null;Null;c:\windows\system32\drivers\null.sys [2009-7-13 4608]
R1 Psched;QoS Packet Scheduler;c:\windows\system32\drivers\pacer.sys [2009-7-13 104448]
R1 rdbss;Redirected Buffering Sub Sysytem;c:\windows\system32\drivers\rdbss.sys [2012-3-1 242688]
R1 RDPCDD;RDPCDD;c:\windows\system32\drivers\RDPCDD.sys [2012-3-1 6656]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\RDPENCDD.sys [2009-7-14 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\RDPREFMP.sys [2009-7-14 7168]
R1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\drivers\tdx.sys [2012-3-1 74752]
R1 TermDD;Terminal Device Driver;c:\windows\system32\drivers\termdd.sys [2012-3-1 53120]
R1 VgaSave;VgaSave;c:\windows\system32\drivers\vga.sys [2009-7-13 25088]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\drivers\wanarp.sys [2012-3-1 63488]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\drivers\wfplwf.sys [2009-7-13 9728]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-12-18 65192]
R2 Apple Mobile Device;Apple Mobile Device;c:\program files\common files\apple\mobile device support\AppleMobileDeviceService.exe [2012-8-11 55184]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 Audiosrv;Windows Audio;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 20992]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 BasicScan Service;BasicScan Service;c:\program files\basicscan\basicscan.exe [2013-4-20 23040]
R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 20992]
R2 BITS;Background Intelligent Transfer Service;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 CryptSvc;Cryptographic Services;c:\windows\system32\svchost.exe -k NetworkService [2009-7-13 20992]
R2 CscService;Offline Files;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 DcomLaunch;DCOM Server Process Launcher;c:\windows\system32\svchost.exe -k DcomLaunch [2009-7-13 20992]
R2 Dhcp;DHCP Client;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 20992]
R2 Dnscache;DNS Client;c:\windows\system32\svchost.exe -k NetworkService [2009-7-13 20992]
R2 DPS;Diagnostic Policy Service;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 20992]
R2 eventlog;Windows Event Log;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 20992]
R2 EventSystem;COM+ Event System;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
R2 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-3 39272]
R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 iphlpsvc;IP Helper;c:\windows\system32\svchost.exe -k NetSvcs [2009-7-13 20992]
R2 irda;IrDA Protocol;c:\windows\system32\drivers\irda.sys [2009-7-13 96768]
R2 Irmon;Infrared monitor service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 LanmanServer;Server;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 LanmanWorkstation;Workstation;c:\windows\system32\svchost.exe -k NetworkService [2009-7-13 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\drivers\lltdio.sys [2009-7-13 48128]
R2 lmhosts;TCP/IP NetBIOS Helper;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 20992]
R2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-7-13 86528]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 20992]
R2 NlaSvc;Network Location Awareness;c:\windows\system32\svchost.exe -k NetworkService [2009-7-13 20992]
R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
R2 Parvdm;Parvdm;c:\windows\system32\drivers\parvdm.sys [2009-7-13 8704]
R2 PEAUTH;PEAUTH;c:\windows\system32\drivers\PEAuth.sys [2009-7-13 586752]
R2 PlugPlay;Plug and Play;c:\windows\system32\svchost.exe -k DcomLaunch [2009-7-13 20992]
R2 Power;Power;c:\windows\system32\svchost.exe -k DcomLaunch [2009-7-13 20992]
R2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe -k RPCSS [2009-7-13 20992]
R2 RpcSs;Remote Procedure Call (RPC);c:\windows\system32\svchost.exe -k rpcss [2009-7-13 20992]
R2 rspndr;Link-Layer Topology Discovery Responder;c:\windows\system32\drivers\rspndr.sys [2009-7-13 60928]
R2 SamSs;Security Accounts Manager;c:\windows\system32\lsass.exe [2012-2-29 22528]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-6-16 1153368]
R2 SCardSvr;Smart Card;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
R2 Schedule;Task Scheduler;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 secdrv;Security Driver;c:\windows\system32\drivers\secdrv.sys [2009-7-14 20480]
R2 SENS;System Event Notification Service;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 ShellHWDetection;Shell Hardware Detection;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 Spooler;Print Spooler;c:\windows\system32\spoolsv.exe [2012-9-19 317440]
R2 StiSvc;Windows Image Acquisition (WIA);c:\windows\system32\svchost.exe -k imgsvc [2009-7-13 20992]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 TabletInputService;Tablet PC Input Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2012-11-15 35328]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-2-24 3467768]
R2 Themes;Themes;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 TrkWks;Distributed Link Tracking Client;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 Winmgmt;Windows Management Instrumentation;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2011-3-28 1713536]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;c:\program files\windows media player\wmpnetwk.exe [2012-3-1 1121792]
R2 wscsvc;Security Center;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 20992]
R2 WSearch;Windows Search;c:\windows\system32\SearchIndexer.exe [2012-2-29 427520]
R2 wuauserv;Windows Update;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R3 AeLookupSvc;Application Experience;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R3 AgereSoftModem;Agere Systems Soft Modem;c:\windows\system32\drivers\AGRSM.sys [2009-6-10 1035776]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R3 AppMgmt;Application Management;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-6-19 374648]
R3 bowser;Browser Support Driver;c:\windows\system32\drivers\bowser.sys [2012-2-29 69632]
R3 Browser;Computer Browser;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;c:\windows\system32\drivers\CmBatt.sys [2009-7-13 14080]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [2012-3-1 31232]
R3 EapHost;Extensible Authentication Protocol;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-14 88192]
R3 HBtnKey;HP Tablet PC Key Buttons HID Driver;c:\windows\system32\drivers\CPQBttn.sys [2004-4-23 8448]
R3 HTTP;HTTP;c:\windows\system32\drivers\http.sys [2012-3-1 513536]
R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;c:\windows\system32\drivers\i8042prt.sys [2009-7-13 80896]
R3 ialm;ialm;c:\windows\system32\drivers\igxpmp32.sys [2007-1-13 5672032]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2012-3-1 36352]
R3 intelppm;Intel Processor Driver;c:\windows\system32\drivers\intelppm.sys [2009-7-13 53760]
R3 iPod Service;iPod Service;c:\program files\ipod\bin\iPodService.exe [2012-11-29 552848]
R3 IRENUM;IR Bus Enumerator;c:\windows\system32\drivers\irenum.sys [2009-7-13 13824]
R3 kbdclass;Keyboard Class Driver;c:\windows\system32\drivers\kbdclass.sys [2009-7-13 42576]
R3 kbdhid;Keyboard HID Driver;c:\windows\system32\drivers\kbdhid.sys [2012-3-1 28160]
R3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2012-2-29 22528]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 Modem;Modem;c:\windows\system32\drivers\modem.sys [2009-7-13 31744]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\drivers\monitor.sys [2009-7-13 23552]
R3 mouclass;Mouse Class Driver;c:\windows\system32\drivers\mouclass.sys [2009-7-13 41552]
R3 mouhid;Mouse HID Driver;c:\windows\system32\drivers\mouhid.sys [2009-7-13 26112]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-7-13 60416]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;c:\windows\system32\drivers\mrxsmb.sys [2012-2-29 123904]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\drivers\mrxsmb10.sys [2012-2-29 223744]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\drivers\mrxsmb20.sys [2012-2-29 96768]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\drivers\nwifi.sys [2009-7-13 267264]
R3 NdisTapi;Remote Access NDIS TAPI Driver;c:\windows\system32\drivers\ndistapi.sys [2009-7-13 20992]
R3 Ndisuio;NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ndisuio.sys [2012-3-1 46080]
R3 NdisWan;Remote Access NDIS WAN Driver;c:\windows\system32\drivers\ndiswan.sys [2012-3-1 118784]
R3 NDProxy;NDIS Proxy;c:\windows\system32\drivers\ndproxy.sys [2012-3-1 48640]
R3 Netman;Network Connections;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R3 netprofm;Network List Service;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2007-3-6 2595840]
R3 Ntfs;Ntfs;c:\windows\system32\drivers\ntfs.sys [2013-4-23 1211752]
R3 Parport;Parallel port driver;c:\windows\system32\drivers\parport.sys [2009-7-13 79360]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R3 PolicyAgent;IPsec Policy Agent;c:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-13 20992]
R3 PptpMiniport;WAN Miniport (PPTP);c:\windows\system32\drivers\raspptp.sys [2009-7-13 73728]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\drivers\agilevpn.sys [2009-7-13 49152]
R3 Rasl2tp;WAN Miniport (L2TP);c:\windows\system32\drivers\rasl2tp.sys [2009-7-13 78848]
R3 RasPppoe;Remote Access PPPOE Driver;c:\windows\system32\drivers\raspppoe.sys [2009-7-13 77824]
R3 RasSstp;WAN Miniport (SSTP);c:\windows\system32\drivers\rassstp.sys [2009-7-13 75264]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\drivers\rdpbus.sys [2009-7-14 18944]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\drivers\scfilter.sys [2012-3-1 26624]
R3 sdbus;sdbus;c:\windows\system32\drivers\sdbus.sys [2012-3-1 84992]
R3 Serial;Serial Port Driver;c:\windows\system32\drivers\serial.sys [2009-7-13 83456]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
R3 smwdm;smwdm;c:\windows\system32\drivers\smwdm.sys [2005-3-28 220992]
R3 srv;Server SMB 1.xxx Driver;c:\windows\system32\drivers\srv.sys [2012-2-29 311808]
R3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\drivers\srv2.sys [2012-2-29 310272]
R3 srvnet;srvnet;c:\windows\system32\drivers\srvnet.sys [2012-2-29 114688]
R3 SSDPSRV;SSDP Discovery;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
R3 swenum;Software Bus Driver;c:\windows\system32\drivers\swenum.sys [2009-7-13 12240]
R3 SynTP;Synaptics TouchPad Driver;c:\windows\system32\drivers\SynTP.sys [2007-9-15 191408]
R3 tifm21;tifm21;c:\windows\system32\drivers\tifm21.sys [2007-1-24 290304]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\drivers\tunnel.sys [2012-3-1 108544]
R3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2012-3-1 39936]
R3 upnphost;UPnP Device Host;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;c:\windows\system32\drivers\usbehci.sys [2012-3-1 43008]
R3 usbhub;Microsoft USB Standard Hub Driver;c:\windows\system32\drivers\usbhub.sys [2012-3-1 258560]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;c:\windows\system32\drivers\usbuhci.sys [2012-3-1 24064]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2009-7-13 21632]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;c:\windows\system32\drivers\wmiacpi.sys [2009-7-13 11264]
S1 cdrom;CD-ROM Driver;c:\windows\system32\drivers\cdrom.sys [2012-3-1 108544]
S1 EABFiltr;EAB Filter Driver;c:\windows\system32\drivers\EABFiltr.sys [2005-5-5 7936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google uppfærsla Þjónusta (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-20 136176]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2012-3-1 3179520]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2012-3-1 164864]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2012-3-1 10240]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-5 253656]
S3 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2009-6-10 422976]
S3 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2009-7-13 297552]
S3 adpu320;adpu320;c:\windows\system32\drivers\adpu320.sys [2009-7-13 146512]
S3 agp440;Intel AGP Bus Filter;c:\windows\system32\drivers\AGP440.sys [2009-7-13 53312]
S3 aic78xx;aic78xx;c:\windows\system32\drivers\djsvs.sys [2009-6-10 70720]
S3 ALG;Application Layer Gateway Service;c:\windows\system32\alg.exe [2009-7-13 59392]
S3 aliide;aliide;c:\windows\system32\drivers\aliide.sys [2009-7-13 14400]
S3 amdagp;AMD AGP Bus Filter Driver;c:\windows\system32\drivers\AMDAGP.SYS [2009-7-13 53312]
S3 amdide;amdide;c:\windows\system32\drivers\amdide.sys [2009-7-13 14912]
S3 AmdK8;AMD K8 Processor Driver;c:\windows\system32\drivers\amdk8.sys [2009-7-13 55296]
S3 AmdPPM;AMD Processor Driver;c:\windows\system32\drivers\amdppm.sys [2009-7-13 52736]
S3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2012-3-1 80256]
S3 amdsbs;amdsbs;c:\windows\system32\drivers\amdsbs.sys [2009-6-10 159312]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2012-8-11 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2012-8-11 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2012-8-11 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2012-8-11 25088]
S3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2012-3-1 50176]
S3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 arc;arc;c:\windows\system32\drivers\arc.sys [2009-7-13 76368]
S3 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2009-7-13 86608]
S3 AsyncMac;RAS Asynchronous Media Driver;c:\windows\system32\drivers\asyncmac.sys [2009-7-13 17920]
S3 AxInstSV;ActiveX Installer (AxInstSV);c:\windows\system32\svchost.exe -k AxInstSVGroup [2009-7-13 20992]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbdx.sys [2009-6-10 430080]
S3 BDESVC;BitLocker Drive Encryption Service;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys [2009-7-14 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys [2009-7-14 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\drivers\BrSerId.sys [2009-7-14 272128]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-7-14 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-7-14 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;c:\windows\system32\drivers\BrUsbSer.sys [2009-7-14 11904]
S3 BTHMODEM;Bluetooth Serial Communications Driver;c:\windows\system32\drivers\bthmodem.sys [2009-7-13 56320]
S3 bthserv;Bluetooth Support Service;c:\windows\system32\svchost.exe -k bthsvcs [2009-7-13 20992]
S3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2009-7-13 37888]
S3 cmdide;cmdide;c:\windows\system32\drivers\cmdide.sys [2009-7-13 15952]
S3 COMSysApp;COM+ System Application;c:\windows\system32\dllhost.exe [2009-7-13 7168]
S3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe -k defragsvc [2009-7-13 20992]
S3 dot3svc;Wired AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 drmkaud;Microsoft Trusted Audio Drivers;c:\windows\system32\drivers\drmkaud.sys [2009-7-13 5120]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\system32\drivers\dxgkrnl.sys [2012-2-29 728448]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\drivers\evbdx.sys [2009-6-10 3100160]
S3 EFS;Encrypting File System (EFS);c:\windows\system32\lsass.exe [2012-2-29 22528]
S3 ehRecvr;Windows Media Center Receiver Service;c:\windows\ehome\ehrecvr.exe [2012-3-1 556544]
S3 ehSched;Windows Media Center Scheduler Service;c:\windows\ehome\ehsched.exe [2009-7-14 94720]
S3 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2009-6-10 453712]
S3 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2009-7-13 7168]
S3 exfat;exFAT File System Driver;c:\windows\system32\drivers\exfat.sys [2009-7-13 142336]
S3 fastfat;FAT12/16/32 File System Driver;c:\windows\system32\drivers\fastfat.sys [2009-7-13 148480]
S3 Fax;Fax;c:\windows\system32\FXSSVC.exe [2012-3-1 523264]
S3 fdc;Floppy Disk Controller Driver;c:\windows\system32\drivers\fdc.sys [2009-7-13 25088]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-7-13 28160]
S3 flpydisk;Floppy Disk Driver;c:\windows\system32\drivers\flpydisk.sys [2009-7-13 19968]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;c:\windows\microsoft.net\framework\v3.0\wpf\PresentationFontCache.exe [2009-7-14 42856]
S3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\fsdepends.sys [2009-7-13 46160]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;c:\windows\system32\drivers\GAGP30KX.SYS [2009-7-13 57936]
S3 GEARAspiWDM;GEAR ASPI Filter Driver;c:\windows\system32\drivers\GEARAspiWDM.sys [2012-12-9 26840]
S3 grmnusb;grmnusb;c:\windows\system32\drivers\grmnusb.sys [2012-4-18 15720]
S3 gupdatem;Google uppfærsla Þjónusta (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-20 136176]
S3 gusvc;Google Software Updater;c:\program files\google\common\google updater\GoogleUpdaterService.exe [2012-3-22 194032]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-7-13 26624]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;c:\windows\system32\drivers\hdaudbus.sys [2012-3-1 108544]
S3 HidBatt;HID UPS Battery Driver;c:\windows\system32\drivers\hidbatt.sys [2009-7-13 21504]
S3 HidBth;Microsoft Bluetooth HID Miniport;c:\windows\system32\drivers\hidbth.sys [2009-7-13 91136]
S3 HidIr;Microsoft Infrared HID Driver;c:\windows\system32\drivers\hidir.sys [2009-7-13 37888]
S3 hidserv;Human Interface Device Access;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 HidUsb;Microsoft HID Class Driver;c:\windows\system32\drivers\hidusb.sys [2012-3-1 24064]
S3 hkmsvc;Health Key and Certificate Management;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 20992]
S3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-7-13 67152]
S3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2012-3-1 332160]
S3 idsvc;Windows CardSpace;c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe [2012-3-1 878416]
S3 iirsp;iirsp;c:\windows\system32\drivers\iirsp.sys [2009-7-13 41040]
S3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 IpFilterDriver;IP Traffic Filter Driver;c:\windows\system32\drivers\ipfltdrv.sys [2009-7-13 58880]
S3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2012-3-1 65536]
S3 IPNAT;IP Network Address Translator;c:\windows\system32\drivers\ipnat.sys [2009-7-13 101888]
S3 isapnp;isapnp;c:\windows\system32\drivers\isapnp.sys [2009-7-13 46656]
S3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2012-3-1 233344]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\system32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 20992]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2009-7-13 95824]
S3 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2009-7-13 89168]
S3 LSI_SAS2;LSI_SAS2;c:\windows\system32\drivers\lsi_sas2.sys [2009-7-13 54864]
S3 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2009-7-13 96848]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-4-24 40776]
S3 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2009-6-10 30800]
S3 MegaSR;MegaSR;c:\windows\system32\drivers\MegaSR.sys [2009-7-13 235584]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2012-9-20 30785672]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2013-2-14 115608]
S3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2012-3-1 130432]
S3 MRxDAV;WebDav Client Redirector Driver;c:\windows\system32\drivers\mrxdav.sys [2012-3-1 115712]
S3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2012-3-1 28032]
S3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2012-3-1 116096]
S3 MSDTC;Distributed Transaction Coordinator;c:\windows\system32\msdtc.exe [2009-7-13 134144]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\system32\drivers\mshidkmdf.sys [2009-7-13 4096]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 msiserver;Windows Installer;c:\windows\system32\msiexec.exe [2012-3-1 73216]
S3 MSKSSRV;Microsoft Streaming Service Proxy;c:\windows\system32\drivers\mskssrv.sys [2009-7-13 8320]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;c:\windows\system32\drivers\mspclock.sys [2009-7-13 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;c:\windows\system32\drivers\mspqm.sys [2009-7-13 5504]
S3 MsRPC;MsRPC;c:\windows\system32\drivers\msrpc.sys [2009-7-13 162896]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;c:\windows\system32\drivers\mstee.sys [2009-7-13 6144]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\drivers\MTConfig.sys [2009-7-13 12288]
S3 napagent;Network Access Protection Agent;c:\windows\system32\svchost.exe -k NetworkService [2009-7-13 20992]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\drivers\ndiscap.sys [2009-7-13 27136]
S3 Netlogon;Netlogon;c:\windows\system32\lsass.exe [2012-2-29 22528]
S3 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2009-7-13 44624]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;c:\windows\system32\drivers\NV_AGP.SYS [2009-7-13 105024]
S3 nvraid;nvraid;c:\windows\system32\drivers\nvraid.sys [2012-3-1 117120]
S3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2012-3-1 143744]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);c:\windows\system32\drivers\ohci1394.sys [2009-7-13 62464]
S3 ose;Office  Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 149352]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\system32\svchost.exe -k LocalServicePeerNet [2009-7-13 20992]
S3 p2psvc;Peer Networking Grouping;c:\windows\system32\svchost.exe -k LocalServicePeerNet [2009-7-13 20992]
S3 pciide;pciide;c:\windows\system32\drivers\pciide.sys [2009-7-13 12368]
S3 PeerDistSvc;BranchCache;c:\windows\system32\svchost.exe -k PeerDist [2009-7-13 20992]
S3 pla;Performance Logs & Alerts;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 20992]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\system32\svchost.exe -k LocalServicePeerNet [2009-7-13 20992]
S3 PNRPsvc;Peer Name Resolution Protocol;c:\windows\system32\svchost.exe -k LocalServicePeerNet [2009-7-13 20992]
S3 Processor;Processor Driver;c:\windows\system32\drivers\processr.sys [2009-7-13 52224]
S3 ProtectedStorage;Protected Storage;c:\windows\system32\lsass.exe [2012-2-29 22528]
S3 ql2300;ql2300;c:\windows\system32\drivers\ql2300.sys [2009-6-10 1383488]
S3 ql40xx;ql40xx;c:\windows\system32\drivers\ql40xx.sys [2009-7-13 106064]
S3 QWAVE;Quality Windows Audio Video Experience;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 QWAVEdrv;QWAVE driver;c:\windows\system32\drivers\qwavedrv.sys [2009-7-13 31744]
S3 RasAcd;Remote Access Auto Connection Driver;c:\windows\system32\drivers\rasacd.sys [2009-7-13 11776]
S3 RasAuto;Remote Access Auto Connection Manager;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 RasMan;Remote Access Connection Manager;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 RDPDR;Terminal Server Device Redirector Driver;c:\windows\system32\drivers\rdpdr.sys [2012-3-1 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-1 15872]
S3 RDPWD;RDP Winstation Driver;c:\windows\system32\drivers\rdpwd.sys [2012-6-12 183808]
S3 RemoteRegistry;Remote Registry;c:\windows\system32\svchost.exe -k regsvc [2009-7-13 20992]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;c:\windows\system32\Locator.exe [2009-7-13 9216]
S3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [2012-3-1 5632]
S3 sbp2port;SBP-2 Transport/Protocol Bus Driver;c:\windows\system32\drivers\sbp2port.sys [2012-3-1 85376]
S3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe -k SDRSVC [2009-7-13 20992]
S3 seclogon;Secondary Logon;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 Serenum;Serenum Filter Driver;c:\windows\system32\drivers\serenum.sys [2009-7-13 17920]
S3 sermouse;Serial Mouse Driver;c:\windows\system32\drivers\sermouse.sys [2009-7-13 19968]
S3 SessionEnv;Remote Desktop Configuration;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 sffdisk;SFF Storage Class Driver;c:\windows\system32\drivers\sffdisk.sys [2009-7-13 11264]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-7-13 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;c:\windows\system32\drivers\sffp_sd.sys [2012-3-1 12800]
S3 sfloppy;High-Capacity Floppy Disk Drive;c:\windows\system32\drivers\sfloppy.sys [2009-7-13 13824]
S3 sisagp;SIS AGP Bus Filter;c:\windows\system32\drivers\SISAGP.SYS [2009-7-13 52304]
S3 SiSRaid2;SiSRaid2;c:\windows\system32\drivers\sisraid2.sys [2009-6-10 40016]
S3 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2009-7-13 77888]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\drivers\smb.sys [2009-7-13 71168]
S3 SNMPTRAP;SNMP Trap;c:\windows\system32\snmptrap.exe [2009-7-13 12800]
S3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-12-27 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-12-27 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-12-27 136808]
S3 SstpSvc;Secure Socket Tunneling Protocol Service;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 stexstor;stexstor;c:\windows\system32\drivers\stexstor.sys [2009-7-13 21072]
S3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2012-3-1 28032]
S3 swprv;Microsoft Software Shadow Copy Provider;c:\windows\system32\svchost.exe -k swprv [2009-7-13 20992]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-2-22 37064]
S3 TapiSrv;Telephony;c:\windows\system32\svchost.exe -k NetworkService [2009-7-13 20992]
S3 TBS;TPM Base Services;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;c:\windows\system32\drivers\tcpip.sys [2013-2-13 1293672]
S3 TDPIPE;TDPIPE;c:\windows\system32\drivers\tdpipe.sys [2012-3-1 18432]
S3 TDTCP;TDTCP;c:\windows\system32\drivers\tdtcp.sys [2012-3-13 24576]
S3 TermService;Remote Desktop Services;c:\windows\system32\svchost.exe -k NetworkService [2009-7-13 20992]
S3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2012-3-1 204800]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\drivers\tssecsrv.sys [2012-3-1 31232]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-1 52224]
S3 uagp35;Microsoft AGPv3.5 Filter;c:\windows\system32\drivers\UAGP35.SYS [2009-7-13 55888]
S3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-7-13 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\ULIAGPKX.SYS [2009-7-13 57424]
S3 UmPass;Microsoft UMPass Driver;c:\windows\system32\drivers\umpass.sys [2009-7-13 8192]
S3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2012-4-25 43520]
S3 usbaudio;USB Audio Driver (WDM);c:\windows\system32\drivers\USBAUDIO.sys [2012-3-1 80768]
S3 usbccgp;Microsoft USB Generic Parent Driver;c:\windows\system32\drivers\usbccgp.sys [2012-3-1 75776]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-7-13 86016]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;c:\windows\system32\drivers\usbohci.sys [2012-3-1 20480]
S3 usbprint;Microsoft USB PRINTER Class;c:\windows\system32\drivers\usbprint.sys [2009-7-14 19968]
S3 USBSTOR;USB Mass Storage Driver;c:\windows\system32\drivers\USBSTOR.SYS [2012-3-1 76288]
S3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2012-2-29 22528]
S3 vds;Virtual Disk;c:\windows\system32\vds.exe [2012-3-1 453632]
S3 vga;vga;c:\windows\system32\drivers\vgapnp.sys [2009-7-13 26112]
S3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2012-3-1 160128]
S3 viaagp;VIA AGP Bus Filter;c:\windows\system32\drivers\VIAAGP.SYS [2009-7-13 53328]
S3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\drivers\viac7.sys [2009-7-13 52736]
S3 viaide;viaide;c:\windows\system32\drivers\viaide.sys [2009-7-13 16976]
S3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [2012-3-1 17920]
S3 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys [2009-6-10 141904]
S3 VSS;Volume Shadow Copy;c:\windows\system32\VSSVC.exe [2012-3-1 1025536]
S3 vwifibus;Virtual WiFi Bus Driver;c:\windows\system32\drivers\vwifibus.sys [2009-7-13 19968]
S3 W32Time;Windows Time;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 WANARP;Remote Access IP ARP Driver;c:\windows\system32\drivers\wanarp.sys [2012-3-1 63488]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-1 1343400]
S3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2012-3-1 1203200]
S3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe -k WbioSvcGroup [2009-7-13 20992]
S3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [2009-7-13 20992]
S3 Wd;Wd;c:\windows\system32\drivers\wd.sys [2009-7-13 19024]
S3 WdiSystemHost;Diagnostic System Host;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WebClient;WebClient;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe -k NetworkService [2009-7-13 20992]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 WerSvc;Windows Error Reporting Service;c:\windows\system32\svchost.exe -k WerSvcGroup [2009-7-13 20992]
S3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-7-13 19008]
S3 WinDefend;Windows Defender;c:\windows\system32\svchost.exe -k secsvcs [2009-7-13 20992]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;c:\windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k NetworkService [2009-7-13 20992]
S3 WinUsb;SAMSUNG Android USB Driver;c:\windows\system32\drivers\winusb.sys [2012-3-1 35968]
S3 wmiApSrv;WMI Performance Adapter;c:\windows\system32\wbem\WmiApSrv.exe [2009-7-13 136192]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 20992]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WudfPf;User Mode Driver Frameworks Platform Driver;c:\windows\system32\drivers\WUDFPf.sys [2012-11-16 66560]
S3 WUDFRd;WUDFRd;c:\windows\system32\drivers\WUDFRd.sys [2012-11-16 155136]
S3 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 20992]
S4 Bonjour Service;Bonjour Service;c:\program files\bonjour\mDNSResponder.exe [2011-8-30 390504]
S4 cdfs;CD/DVD File System Reader;c:\windows\system32\drivers\cdfs.sys [2009-7-13 70656]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]
S4 crcdisk;Crcdisk Filter Driver;c:\windows\system32\drivers\crcdisk.sys [2009-7-13 22096]
S4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;c:\windows\microsoft.net\framework\v3.0\windows communication foundation\SMSvcHost.exe [2012-3-1 128848]
S4 RemoteAccess;Routing and Remote Access;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S4 SharedAccess;Internet Connection Sharing (ICS);c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S4 udfs;udfs;c:\windows\system32\drivers\udfs.sys [2012-3-1 246784]
S4 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-5-19 185856]
S4 ws2ifsl;Winsock IFS Driver;c:\windows\system32\drivers\ws2ifsl.sys [2009-7-13 16384]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="c:\windows\hh.exe" %1
FileExt: .ini: inifile=c:\windows\system32\NOTEPAD.EXE %1
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1
ShellExec: AcroRD32.exe: Read="c:\program files\adobe\reader 10.0\reader\AcroRd32.exe" "%1"
ShellExec: ehshell.exe: open="c:\windows\ehome\ehshell.exe" "%1"
ShellExec: iexplore.exe: open="c:\program files\internet explorer\iexplore.exe" %1
ShellExec: ImgBurn.exe: open="c:\program files\imgburn\ImgBurn.exe" /MODE WRITE /SOURCE "%1"
ShellExec: iTunes.exe: open="c:\program files\itunes\iTunes.exe" /open "%L"
ShellExec: iTunes.exe: play="c:\program files\itunes\iTunes.exe" /play "%L"
ShellExec: MovieMaker.exe: Open="c:\program files\windows live\photo gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="c:\windows\system32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=c:\windows\system32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=c:\windows\system32\NOTEPAD.EXE %1
ShellExec: ois.exe: Edit=c:\progra~1\micros~4\office14\OIS.EXE /shellEdit "%1"
ShellExec: ois.exe: Open=c:\progra~1\micros~4\office14\OIS.EXE /shellOpen "%1"
ShellExec: ois.exe: Preview=c:\progra~1\micros~4\office14\OIS.EXE /shellPreview "%1"
ShellExec: photoviewer.dll: open=c:\windows\system32\rundll32.exe "c:\program files\windows photo viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=c:\windows\system32\rundll32.exe "c:\program files\windows photo viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: uTorrent.exe: open="c:\users\notandi\appdata\roaming\utorrent\uTorrent.exe" "%1"
ShellExec: vlc.exe: Open="c:\program files\videolan\vlc\vlc.exe" --started-from-file "%1"
ShellExec: Winword.exe: edit="c:\program files\microsoft office\office14\WINWORD.EXE" /n "%1"
ShellExec: WLXPhotoViewer.dll: open="c:\program files\windows live\photo gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="c:\program files\windows media player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="c:\program files\windows media player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2013-04-25 07:28:26 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-04-25 07:14:04 -------- d-----w- c:\users\notandi\appdata\local\{4B7676C6-04F4-4547-8B90-C950D5DA4F26}
2013-04-24 21:37:20 -------- d-----w- c:\programdata\BasicScan
2013-04-24 19:16:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-24 18:30:19 -------- d-----w- c:\users\notandi\appdata\local\{C29578FB-07A7-4363-BF61-17900EC61579}
2013-04-23 17:57:24 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-22 22:24:10 -------- d-----w- c:\users\notandi\appdata\local\{090887EA-74F6-4C14-B4EE-8AE29636B78D}
2013-04-21 22:38:45 -------- d-----w- c:\users\notandi\appdata\local\{8864B2F5-7F4E-4AAC-947C-B6521F042CCF}
2013-04-21 10:38:29 -------- d-----w- c:\users\notandi\appdata\local\{90C498EC-E0F9-4CE7-83E6-7D98FA1B0064}
2013-04-20 20:00:35 -------- d-----w- c:\users\notandi\appdata\roaming\ImgBurn
2013-04-20 19:58:07 -------- d-----w- c:\program files\ImgBurn
2013-04-20 16:20:03 -------- d-----w- c:\program files\BasicScan
2013-04-20 11:55:33 -------- d-----w- c:\users\notandi\appdata\local\{CE43250F-8464-48EF-974D-2DECC440A0E6}
2013-04-19 08:22:31 -------- d-----w- c:\program files\Conduit
2013-04-19 08:16:19 -------- d-----w- c:\users\notandi\appdata\local\Conduit
2013-04-19 08:13:45 -------- d-----w- c:\users\notandi\appdata\roaming\uTorrent
2013-04-19 07:02:39 -------- d-----w- c:\users\notandi\appdata\local\{23686E6C-0F33-42DE-AE05-B28B86A5375C}
2013-04-16 06:42:14 -------- d-----w- c:\users\notandi\appdata\local\{9D79D780-336A-4CCB-9DD6-08B835584EB1}
2013-04-15 19:52:34 -------- d-----w- c:\users\notandi\appdata\roaming\BatteryBar
2013-04-15 18:29:18 -------- d-----w- c:\users\notandi\appdata\local\{571225DD-04EC-4129-83FF-529EABF8D106}
2013-04-13 17:59:12 -------- d-----w- c:\users\notandi\appdata\local\{4DD65FAD-919C-4A2B-AE8C-37E3FDC86CD7}
2013-04-13 05:58:44 -------- d-----w- c:\users\notandi\appdata\local\{C4C664CB-74CC-4233-BEF9-78C34FA21ED8}
2013-04-12 17:18:26 -------- d-----w- c:\users\notandi\appdata\local\{62989A40-5362-4501-B995-13A165ADBD6C}
2013-04-11 09:24:36 73216 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-11 09:24:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-11 09:24:35 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-04-11 09:24:35 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-04-11 09:24:35 149616 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-04-11 09:24:34 65024 ----a-w- c:\windows\system32\jsproxy.dll
2013-04-11 09:24:34 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-04-11 09:24:33 176640 ----a-w- c:\windows\system32\ieui.dll
2013-04-11 09:24:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-11 09:24:32 607744 ----a-w- c:\windows\system32\msfeeds.dll
2013-04-11 09:24:32 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-04-11 09:24:31 717824 ----a-w- c:\windows\system32\jscript.dll
2013-04-11 09:24:31 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-11 09:24:30 757376 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-04-11 09:24:30 231936 ----a-w- c:\windows\system32\url.dll
2013-04-11 09:24:30 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-11 09:24:29 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-04-11 09:24:29 1796096 ----a-w- c:\windows\system32\iertutil.dll
2013-04-11 09:24:28 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-04-11 09:24:28 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-11 09:24:28 1104384 ----a-w- c:\windows\system32\urlmon.dll
2013-04-11 09:24:26 12324352 ----a-w- c:\windows\system32\mshtml.dll
2013-04-11 09:24:25 9738752 ----a-w- c:\windows\system32\ieframe.dll
2013-04-11 09:20:16 -------- d-----w- c:\users\notandi\appdata\local\{D7FD3852-D01B-42FC-AA33-6C362D9DC399}
2013-04-10 18:44:14 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 18:44:13 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 18:44:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 18:44:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 18:44:01 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 18:44:00 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 18:43:48 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 18:43:44 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 18:43:43 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 18:31:10 -------- d-----w- c:\users\notandi\appdata\local\{AE69172D-A745-4D6F-A1CA-FC78F7A942DB}
2013-04-08 20:13:47 -------- d-----w- c:\users\notandi\appdata\local\{B83FBB3A-96B9-46B6-AD15-C11D0A243E25}
2013-04-07 23:18:50 -------- d-----w- c:\users\notandi\appdata\local\{6CA1A9BD-CA85-4A84-AE38-447672BD8D1D}
2013-04-07 23:14:34 -------- d-----w- c:\users\notandi\appdata\local\{AD2C5A8E-82F3-4681-B8C2-1D49A6C9588F}
2013-04-04 22:35:04 -------- d-----w- c:\users\notandi\appdata\local\{F83150A2-04F6-40C8-A98A-A2F64C62E436}
2013-04-04 22:31:22 -------- d-----w- c:\users\notandi\appdata\local\{D6AAA632-B06E-4A80-95EE-2A8B1811EFD9}
2013-04-03 21:31:13 -------- d-----w- c:\users\notandi\appdata\local\{1F415FC0-E0B4-4FB9-A0B9-C2EEFD731DA2}
2013-04-03 09:55:31 -------- d-----w- c:\program files\common files\Java
2013-04-03 09:55:11 262560 ----a-w- c:\windows\system32\javaws.exe
2013-04-03 09:54:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-03 09:54:02 174496 ----a-w- c:\windows\system32\javaw.exe
2013-04-03 09:53:54 174496 ----a-w- c:\windows\system32\java.exe
2013-04-03 09:30:44 -------- d-----w- c:\users\notandi\appdata\local\{BAEC7CCA-C662-4E45-9606-871A9CC2CF4C}
2013-04-02 20:01:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-02 19:41:16 -------- d-----w- c:\users\notandi\appdata\local\{1C84E382-3DCF-46E3-9F85-300DCB0253BF}
2013-03-18 21:21:00 -------- d-----w- c:\users\notandi\appdata\local\{780BF07A-C0F3-4BB5-B72F-B59C1FEF2002}
2013-03-18 08:20:25 -------- d-----w- c:\users\notandi\appdata\local\{0DCA057B-EE5B-419D-BEA6-EEC990970CD5}
2013-03-17 20:19:57 -------- d-----w- c:\users\notandi\appdata\local\{8D180E43-0241-47D3-B045-EA3743C11BA4}
2013-03-16 20:19:30 -------- d-----w- c:\users\notandi\appdata\local\{D0F86CB5-E40F-4C8E-BBBD-AAF2829E8FB6}
2013-03-14 20:18:22 -------- d-----w- c:\users\notandi\appdata\local\{F0B84654-877B-4893-A255-ADA639BF1559}
2013-03-10 22:45:01 -------- d-----w- c:\users\notandi\appdata\local\{06877CD6-8B90-4227-944C-05D577E38D1A}
2013-03-06 07:46:09 -------- d-----w- c:\users\notandi\appdata\local\{839A0102-21E8-44CE-B58F-6D083E5AC193}
2013-03-05 19:45:53 -------- d-----w- c:\users\notandi\appdata\local\{86D7A583-A1E9-4D89-9C68-1A1B4CE83E60}
2013-02-28 14:41:22 -------- d-----w- c:\users\notandi\appdata\local\{AE1EDBAD-812B-4B42-AF4A-58480D224144}
2013-02-27 08:09:05 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-27 08:08:23 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-02-27 08:08:15 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 08:08:15 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 08:08:14 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 08:08:09 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-02-27 08:08:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 08:08:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 08:08:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 08:08:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 08:08:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 08:08:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 08:08:04 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-02-27 08:08:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-02-27 08:08:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-02-27 08:08:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-02-27 08:08:02 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-02-27 08:08:02 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-02-27 08:08:02 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-02-27 08:08:02 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-02-27 08:08:00 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-02-27 08:08:00 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-02-27 08:08:00 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-02-27 08:07:59 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-02-27 08:07:59 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-02-27 08:07:58 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-02-27 08:07:54 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-02-27 08:03:29 -------- d-----w- c:\users\notandi\appdata\local\{4DB3211B-F863-4606-8566-74E6DE879941}
2013-02-24 15:50:17 -------- d-----w- c:\users\notandi\appdata\local\Macromedia
.
==================== Find6M  ====================
.
2013-04-11 09:16:56 70490256 ----a-w- c:\windows\system32\MRT.exe
2013-04-03 09:53:17 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-03 09:53:17 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-14 05:19:42 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-14 05:19:42 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-22 01:50:36 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-22 01:37:16 40136 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-04 04:50:52 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-03 05:05:20 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04:43 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:47:44 868352 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-15 23:33:26 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-11-09 04:43:04 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll
.
============= FINISH:  7:48:14,40 ===============
 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : notandi [Admin rights]
Mode : Scan -- Date : 04/25/2013 07:31:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHT2060AH PL ATA Device +++++
--- User ---
[MBR] e252c421e96347d0a71853cf52ab33e7
[BSP] 4820c3982977273f400c54c3e51ce4fd : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57129 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04252013_02d0731.txt >>
RKreport[1]_S_04252013_02d0731.txt

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:56 AM

Posted 25 April 2013 - 10:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:56 AM

Posted 02 May 2013 - 08:18 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:56 AM

Posted 20 May 2013 - 09:55 AM

This topic has been re-opened at the request of the person who originally posted.

#5 icecore

icecore
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 20 May 2013 - 11:45 AM

Dear nasdaq, thank you for re- opening the topic.

I followed your guidelines in step 2, see below. The antivirus AVG software does not suggest quarrantine as of now, have not run it again after Combofix etc.

Combofix log:

 

ComboFix 13-05-18.04 - notandi 20.05.2013  11:39:56.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.354.1033.18.1527.830 [GMT 0:00]
Running from: c:\users\notandi\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BasicScan
c:\program files\BasicScan\basicscan.dll
c:\program files\BasicScan\basicscan.exe
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome\basicscan.jar
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\BasicScan
c:\programdata\d04e329503480c1c4171ccaf0ea972b5_c
c:\users\notandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0E22E379-FB0B-4435-B09F-B731A21E457B}.xps
c:\users\notandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{31A99D1A-36C0-4EC2-AAB0-34E5307F12E6}.xps
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BasicScan Service
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-20 to 2013-05-20  )))))))))))))))))))))))))))))))
.
.
2013-05-20 11:52 . 2013-05-20 11:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-20 11:52 . 2013-05-20 11:52 -------- d-----w- c:\users\Börnin\AppData\Local\temp
2013-05-15 23:18 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 23:18 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 23:18 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 23:18 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 23:18 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 23:18 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 23:18 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 23:18 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-04-24 19:16 . 2013-04-24 19:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-23 17:57 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-20 20:00 . 2013-04-20 20:00 -------- d-----w- c:\users\notandi\AppData\Roaming\ImgBurn
2013-04-20 19:58 . 2013-04-20 19:58 -------- d-----w- c:\program files\ImgBurn
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 03:02 . 2012-05-05 11:52 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-16 03:02 . 2012-02-29 16:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-01 03:28 . 2011-03-28 18:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 04:45 . 2013-05-15 23:18 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 23:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-03 09:53 . 2013-04-03 09:54 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-03 09:53 . 2012-07-13 09:51 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-03 09:53 . 2012-02-29 16:54 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-19 05:04 . 2013-04-10 18:44 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 18:44 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 18:44 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 18:44 69632 ----a-w- c:\windows\system32\smss.exe
2013-02-22 01:50 . 2013-02-22 01:50 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-22 01:37 . 2013-02-22 01:37 40136 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-02-01 18:21 . 2013-02-14 23:41 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"uTorrent"="c:\users\notandi\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-01 802136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-29 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-29 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-29 135168]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adawarebp"="reg.exe delete HKCU\Software\AppDataLow\Software\adawarebp" [X]
"adawarebp_XP"="reg.exe delete HKCU\Software\adawarebp" [X]
.
c:\users\notandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^notandi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\notandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^notandi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\users\notandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 14:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 14:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-01 06:15 136176 ----a-w- c:\users\notandi\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-11-29 00:49 151952 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-12-20 09:44 844296 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-12-20 09:44 310280 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [x]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [x]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 03:02]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 21:39]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 21:39]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1849290473-2512560655-813702730-1000Core.job
- c:\users\notandi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 06:15]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1849290473-2512560655-813702730-1000UA.job
- c:\users\notandi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 06:15]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\notandi\AppData\Roaming\Mozilla\Firefox\Profiles\8dg0xc15.default\
FF - ExtSQL: 2013-04-20 16:20; {6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}; c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-LG LinkAir - (no file)
HKCU-Run-Facebook Update - c:\users\notandi\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
MSConfigStartUp-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
AddRemove-BasicScan - c:\program files\BasicScan\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2013-05-20  12:08:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-20 12:08
.
Pre-Run: 8.181.940.224 bytes free
Post-Run: 8.922.750.976 bytes free
.
- - End Of File - - 030A560F88A024E8EA9DF3E83386154E
 

Security Check log

 Results of screen317's Security Check version 0.99.63  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox 18.0.2 Firefox out of Date!  
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 

Adware Cleaner log before restarting and before deleting after search

# AdwCleaner v2.301 - Logfile created 05/20/2013 at 16:16:11

# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : notandi - TABBINN
# Boot Mode : Normal
# Running from : C:\Users\notandi\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : Web Assistant Updater
 
***** [Files / Folders] *****
 
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Softonic
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Börnin\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Börnin\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\notandi\AppData\Local\Conduit
Folder Deleted : C:\Users\notandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\notandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Folder Deleted : C:\Users\notandi\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\notandi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\notandi\AppData\LocalLow\PriceGong
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Key Deleted : HKLM\Software\Softonic
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16576
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v18.0.2 (is)
 
File : C:\Users\notandi\AppData\Roaming\Mozilla\Firefox\Profiles\8dg0xc15.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\notandi\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.43] : keyword = "basicscan.com",
Deleted [l.47] : search_url = "hxxp://www.basicscan.com/?tmp=redir_bho_bing&dist=0&prt=BscscnPB&keywords={sear[...]
Deleted [l.2261] : homepage = "hxxp://isearch.avg.com/?cid=&mid=befdbdcb34af47d0a79ad146f65e7f5b-a3ac2d30003e4dc251[...]
 
*************************
 
AdwCleaner[R1].txt - [10331 octets] - [20/05/2013 16:13:08]
AdwCleaner[R2].txt - [10392 octets] - [20/05/2013 16:14:54]
AdwCleaner[R3].txt - [10392 octets] - [20/05/2013 16:16:06]
AdwCleaner[S1].txt - [10423 octets] - [20/05/2013 16:16:11]
 
########## EOF - C:\AdwCleaner[S1].txt - [10484 octets] ##########
 

Adware Cleaner after restarting, searching and deleting

# AdwCleaner v2.301 - Logfile created 05/20/2013 at 16:16:11

# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : notandi - TABBINN
# Boot Mode : Normal
# Running from : C:\Users\notandi\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : Web Assistant Updater
 
***** [Files / Folders] *****
 
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Softonic
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Börnin\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Börnin\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\notandi\AppData\Local\Conduit
Folder Deleted : C:\Users\notandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\notandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Folder Deleted : C:\Users\notandi\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\notandi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\notandi\AppData\LocalLow\PriceGong
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Key Deleted : HKLM\Software\Softonic
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16576
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v18.0.2 (is)
 
File : C:\Users\notandi\AppData\Roaming\Mozilla\Firefox\Profiles\8dg0xc15.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\notandi\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.43] : keyword = "basicscan.com",
Deleted [l.47] : search_url = "hxxp://www.basicscan.com/?tmp=redir_bho_bing&dist=0&prt=BscscnPB&keywords={sear[...]
Deleted [l.2261] : homepage = "hxxp://isearch.avg.com/?cid=&mid=befdbdcb34af47d0a79ad146f65e7f5b-a3ac2d30003e4dc251[...]
 
*************************
 
AdwCleaner[R1].txt - [10331 octets] - [20/05/2013 16:13:08]
AdwCleaner[R2].txt - [10392 octets] - [20/05/2013 16:14:54]
AdwCleaner[R3].txt - [10392 octets] - [20/05/2013 16:16:06]
AdwCleaner[S1].txt - [10423 octets] - [20/05/2013 16:16:11]
 
########## EOF - C:\AdwCleaner[S1].txt - [10484 octets] ##########
 

Ran AVG PC analyzer, without fixing the found issues which are: 

 

Registry errors: 171 errors

Junk files: 191 errors

Broken shortcuts 5 errors



#6 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:56 AM

Posted 20 May 2013 - 01:31 PM

Ran AVG PC analyzer, without fixing the found issues which are:

Registry errors: 171 errors
Junk files: 191 errors
Broken shortcuts 5 errors

If you can fix these with AVG good. Before proceeding make sure you created a restore point. If anything goes wrong you can always on do the removal.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 17

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Please let me know what problem persists.
Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Open notepad and copy/paste the text in the quote box below into it:
 
:
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adawarebp"=-
"adawarebp_XP"=-

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

#7 icecore

icecore
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 20 May 2013 - 06:59 PM

AVG PC analyser did not help - you were correct in that ;)

 

Here is the Combofix log after all Java and Adobe work:

 

 

ComboFix 13-05-18.04 - notandi 20.05.2013  11:39:56.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.354.1033.18.1527.830 [GMT 0:00]
Running from: c:\users\notandi\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BasicScan
c:\program files\BasicScan\basicscan.dll
c:\program files\BasicScan\basicscan.exe
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome\basicscan.jar
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\BasicScan
c:\programdata\d04e329503480c1c4171ccaf0ea972b5_c
c:\users\notandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0E22E379-FB0B-4435-B09F-B731A21E457B}.xps
c:\users\notandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{31A99D1A-36C0-4EC2-AAB0-34E5307F12E6}.xps
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BasicScan Service
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-20 to 2013-05-20  )))))))))))))))))))))))))))))))
.
.
2013-05-20 11:52 . 2013-05-20 11:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-20 11:52 . 2013-05-20 11:52 -------- d-----w- c:\users\Börnin\AppData\Local\temp
2013-05-15 23:18 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 23:18 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 23:18 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 23:18 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 23:18 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 23:18 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 23:18 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 23:18 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-04-24 19:16 . 2013-04-24 19:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-23 17:57 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-20 20:00 . 2013-04-20 20:00 -------- d-----w- c:\users\notandi\AppData\Roaming\ImgBurn
2013-04-20 19:58 . 2013-04-20 19:58 -------- d-----w- c:\program files\ImgBurn
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 03:02 . 2012-05-05 11:52 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-16 03:02 . 2012-02-29 16:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-01 03:28 . 2011-03-28 18:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 04:45 . 2013-05-15 23:18 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 23:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-03 09:53 . 2013-04-03 09:54 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-03 09:53 . 2012-07-13 09:51 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-03 09:53 . 2012-02-29 16:54 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-19 05:04 . 2013-04-10 18:44 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 18:44 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 18:44 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 18:44 69632 ----a-w- c:\windows\system32\smss.exe
2013-02-22 01:50 . 2013-02-22 01:50 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-22 01:37 . 2013-02-22 01:37 40136 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-02-01 18:21 . 2013-02-14 23:41 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"uTorrent"="c:\users\notandi\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-01 802136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-29 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-29 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-29 135168]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adawarebp"="reg.exe delete HKCU\Software\AppDataLow\Software\adawarebp" [X]
"adawarebp_XP"="reg.exe delete HKCU\Software\adawarebp" [X]
.
c:\users\notandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^notandi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\notandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^notandi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\users\notandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 14:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 14:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-01 06:15 136176 ----a-w- c:\users\notandi\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-11-29 00:49 151952 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-12-20 09:44 844296 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-12-20 09:44 310280 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [x]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [x]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 03:02]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 21:39]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 21:39]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1849290473-2512560655-813702730-1000Core.job
- c:\users\notandi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 06:15]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1849290473-2512560655-813702730-1000UA.job
- c:\users\notandi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 06:15]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\notandi\AppData\Roaming\Mozilla\Firefox\Profiles\8dg0xc15.default\
FF - ExtSQL: 2013-04-20 16:20; {6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}; c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-LG LinkAir - (no file)
HKCU-Run-Facebook Update - c:\users\notandi\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
MSConfigStartUp-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
AddRemove-BasicScan - c:\program files\BasicScan\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2013-05-20  12:08:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-20 12:08
.
Pre-Run: 8.181.940.224 bytes free
Post-Run: 8.922.750.976 bytes free
.
- - End Of File - - 030A560F88A024E8EA9DF3E83386154E


#8 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:56 AM

Posted 21 May 2013 - 08:23 AM

What are the remaining issues with this computer?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:56 AM

Posted 27 May 2013 - 08:05 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:56 AM

Posted 02 June 2013 - 08:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users