Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSSserv.sys-related behavior


  • This topic is locked This topic is locked
105 replies to this topic

#1 robwired

robwired

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 11 August 2013 - 06:13 PM

trans.gif?cver=0%0D%0A
trans.gif?cver=0%0D%0A
On Thursday, Aug. 8, 2013, I installed the free Comodo firewall and Dragon browser. I uninstalled Zone Alarm. Everything worked fine. On Friday, I had no Internet connection, and the upper-right-corner Comodo window showed an hourglass where the Comodo secure programs window should have been. I did a System Restore, and turned on Windows Defender. Then, after 50 minutes on the phone with AT&T, I had Internet access through IE8 only on Windows XP. However, everything else acts like there's a TDSSserv.sys rootkit: I cannot update security software, and Firefox, Chrome and Safari have no Internet connection. I looked under Show Hidden Devices and Non-Plug and Play Drivers, but no sign of an enabled TDSSserv.sys was to be found. TDSSserv.sys is not there either. The virus vaults of Malwarebytes and AVG are now empty. However, I am not being redirected on IE8. Whatever it is, is hiding from Kapersky TDSSKiller, SUPERAntiSpywarePro, etc.
Thank you.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Robert Folsom at 18:03:20 on 2013-08-11
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1044 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bing.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=61008
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=61008
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.33\AVG Secure Search_toolbar.dll
BHO: AddThis Toolbar BHO: {9EBF8AAF-0A31-4786-909A-97A0EF101743} - c:\program files\addthis toolbar\Toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\28.0.1500.95\npchrome_frame.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: ZoneAlarm Spy Blocker: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - c:\program files\addthis toolbar\Toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: ZoneAlarm Spy Blocker: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - c:\program files\addthis toolbar\Toolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.33\AVG Secure Search_toolbar.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123561172609
DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} - hxxp://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} - hxxp://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} - hxxp://xmro.xmradio.com/xstream/registration/dell/xmprofiler.CAB
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe
TCP: NameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{22521423-AC24-45F7-A784-4C8889A39041} : DHCPNameServer = 192.168.0.1 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\28.0.1500.95\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= karna.dat?
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robert folsom\application data\mozilla\firefox\profiles\zv2uxvrp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=0&hl=en
FF - plugin: c:\documents and settings\robert folsom\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\robert folsom\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 01:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.zonealarm.autoRvrt, false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan={dfltLng}&utid=f00a6da7000000000000001195622368&q=
FF - user.js: extensions.zonealarm.id - f00a6da7000000000000001195622368
FF - user.js: extensions.zonealarm.instlDay - 15604
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.410:38:44
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001 tlbrid=ZoneAlarmSecurity
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN27036416615228-1600
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-10 27496]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-3-27 527848]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-3-16 27056]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2011-12-10 6016]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware terminator\FileObjInfo.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-2 22856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-10 40776]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-12-10 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-12-10 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2011-12-10 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-12-10 9472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S4 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-3-16 497320]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-20 418376]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-2 701512]
S4 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]
S4 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-15 30152]
S4 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-10 722528]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
.
=============== Created Last 30 ================
.
2013-08-11 18:39:27 -------- d-----w- c:\program files\HitmanPro
2013-08-11 18:39:27 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-08-11 18:28:22 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-08-11 13:44:06 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-08-11 07:10:33 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2013-08-11 07:10:27 73728 ----a-r- c:\documents and settings\robert folsom\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-11 07:10:27 73728 ----a-r- c:\documents and settings\robert folsom\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-11 07:10:27 73728 ----a-r- c:\documents and settings\robert folsom\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2013-08-11 07:10:14 -------- d-----w- c:\program files\Sophos
2013-08-11 03:42:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-11 03:10:35 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-08-11 03:10:32 92640 ----a-w- c:\program files\mozilla firefox\nssutil3.dll
2013-08-11 03:10:32 91104 ----a-w- c:\program files\mozilla firefox\smime3.dll
2013-08-11 03:10:32 829920 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2013-08-11 03:10:32 21472 ----a-w- c:\program files\mozilla firefox\plc4.dll
2013-08-11 03:10:32 20960 ----a-w- c:\program files\mozilla firefox\plds4.dll
2013-08-11 03:10:32 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2013-08-11 03:10:32 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2013-08-11 03:10:32 170464 ----a-w- c:\program files\mozilla firefox\nspr4.dll
2013-08-11 03:10:32 145376 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2013-08-11 00:33:59 -------- d-----w- c:\program files\Motive
2013-08-10 20:36:47 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-08-10 20:36:47 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-10 20:35:28 -------- d-----w- c:\program files\ZoneAlarmSB
2013-08-10 20:35:28 -------- d-----w- c:\program files\CheckPoint
2013-08-09 05:31:52 -------- d-----w- C:\VTRoot
2013-08-09 05:31:47 71220 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-08-09 05:01:47 -------- d-----w- c:\documents and settings\all users\application data\COMODO
2013-08-09 05:00:47 -------- d-----w- c:\documents and settings\robert folsom\local settings\application data\COMODO
2013-08-09 05:00:32 -------- d-----w- c:\program files\Comodo
2013-07-30 14:59:05 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-07-20 06:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-11 11:37:57 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-11 11:37:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-10 06:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-06-08 04:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2007-04-14 23:17:53 1398584 -c--a-w- c:\program files\registryrepair.exe
2005-09-07 04:38:09 7739192 ----a-w- c:\program files\DivXPlay.exe
.
============= FINISH: 18:04:01.51 ===============

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:56 AM

Posted 13 August 2013 - 04:43 PM

Hello and welcome to BleepingComputer! 
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 robwired

robwired
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 13 August 2013 - 08:29 PM

Thank you, Elle. I'm pasting dds.txt into the body of this message, and am attaching a zipped attach.txt.

I haven't made any changes to my computer since my original post. Also, I haven't had my computer on the past 2 or 3 days. I don't like the idea that someone put the guard dogs to sleep and anyone can come in or go out as they please.

Looking back, I left Zone Alarm active while I downloaded and installed Comodo, then I removed Zone Alarm. I understand that I should have removed Zone Alarm first, then installed Comodo.

Well, now the dds.txt and the attach.txt attachment, then I'll run GMER. Can't thank you enough for helping.

 

Sincerely,

Robert

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Robert Folsom at 20:05:09 on 2013-08-13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1235 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
\??\C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bing.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=61008
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=61008
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.33\AVG Secure Search_toolbar.dll
BHO: AddThis Toolbar BHO: {9EBF8AAF-0A31-4786-909A-97A0EF101743} - c:\program files\addthis toolbar\Toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\28.0.1500.95\npchrome_frame.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: ZoneAlarm Spy Blocker: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - c:\program files\addthis toolbar\Toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: ZoneAlarm Spy Blocker: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - c:\program files\addthis toolbar\Toolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.33\AVG Secure Search_toolbar.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123561172609
DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} - hxxp://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} - hxxp://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} - hxxp://xmro.xmradio.com/xstream/registration/dell/xmprofiler.CAB
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe
TCP: NameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{22521423-AC24-45F7-A784-4C8889A39041} : DHCPNameServer = 192.168.0.1 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\28.0.1500.95\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= karna.dat?
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robert folsom\application data\mozilla\firefox\profiles\zv2uxvrp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=0&hl=en
FF - plugin: c:\documents and settings\robert folsom\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\robert folsom\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 01:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.zonealarm.autoRvrt, false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan={dfltLng}&utid=f00a6da7000000000000001195622368&q=
FF - user.js: extensions.zonealarm.id - f00a6da7000000000000001195622368
FF - user.js: extensions.zonealarm.instlDay - 15604
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.410:38:44
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001 tlbrid=ZoneAlarmSecurity
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN27036416615228-1600
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-10 27496]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-3-27 527848]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-3-16 27056]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2011-12-10 6016]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware terminator\FileObjInfo.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-2 22856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-10 40776]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-12-10 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-12-10 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2011-12-10 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-12-10 9472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S4 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-3-16 497320]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-20 418376]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-2 701512]
S4 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]
S4 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-15 30152]
S4 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-10 722528]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
.
=============== Created Last 30 ================
.
2013-08-11 18:39:27 -------- d-----w- c:\program files\HitmanPro
2013-08-11 18:39:27 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-08-11 18:28:22 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-08-11 13:44:06 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-08-11 07:10:33 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2013-08-11 07:10:27 73728 ----a-r- c:\documents and settings\robert folsom\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-11 07:10:27 73728 ----a-r- c:\documents and settings\robert folsom\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-11 07:10:27 73728 ----a-r- c:\documents and settings\robert folsom\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2013-08-11 07:10:14 -------- d-----w- c:\program files\Sophos
2013-08-11 03:42:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-11 03:10:35 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-08-11 03:10:32 92640 ----a-w- c:\program files\mozilla firefox\nssutil3.dll
2013-08-11 03:10:32 91104 ----a-w- c:\program files\mozilla firefox\smime3.dll
2013-08-11 03:10:32 829920 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2013-08-11 03:10:32 21472 ----a-w- c:\program files\mozilla firefox\plc4.dll
2013-08-11 03:10:32 20960 ----a-w- c:\program files\mozilla firefox\plds4.dll
2013-08-11 03:10:32 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2013-08-11 03:10:32 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2013-08-11 03:10:32 170464 ----a-w- c:\program files\mozilla firefox\nspr4.dll
2013-08-11 03:10:32 145376 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2013-08-11 00:33:59 -------- d-----w- c:\program files\Motive
2013-08-10 20:36:47 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-08-10 20:36:47 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-10 20:35:28 -------- d-----w- c:\program files\ZoneAlarmSB
2013-08-10 20:35:28 -------- d-----w- c:\program files\CheckPoint
2013-08-09 05:31:52 -------- d-----w- C:\VTRoot
2013-08-09 05:31:47 71220 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-08-09 05:01:47 -------- d-----w- c:\documents and settings\all users\application data\COMODO
2013-08-09 05:00:47 -------- d-----w- c:\documents and settings\robert folsom\local settings\application data\COMODO
2013-08-09 05:00:32 -------- d-----w- c:\program files\Comodo
2013-07-30 14:59:05 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-07-20 06:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-11 11:37:57 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-11 11:37:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-10 06:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-06-08 04:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2007-04-14 23:17:53 1398584 -c--a-w- c:\program files\registryrepair.exe
2005-09-07 04:38:09 7739192 ----a-w- c:\program files\DivXPlay.exe
.
============= FINISH: 20:09:27.96 ===============
 

 

Attached Files



#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:56 AM

Posted 14 August 2013 - 04:32 PM

Hi there,

 

 

I will be waiting for the GMER log. :)

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 robwired

robwired
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 14 August 2013 - 08:02 PM

You know, I thought that might come in handy. Here it is!

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-13 23:19:06
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJB-00J3A0 rev.01.03E01 149.05GB
Running: gmer.exe; Driver: C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\kwryapoc.sys

---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\vsdatant.sys                   ZwConnectPort [0xB170735A]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwCreateFile [0xB17015F8]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwCreateKey [0xB1720864]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwCreatePort [0xB1707AE6]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwCreateProcess [0xB171AFD2]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwCreateProcessEx [0xB171B3C0]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwCreateSection [0xB1724B44]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwCreateWaitablePort [0xB1707C1C]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwDeleteFile [0xB170220E]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwDeleteKey [0xB17221AA]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwDeleteValueKey [0xB1721AC4]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwDuplicateObject [0xB1719F0E]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwLoadDriver [0xB16FCF1C]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwLoadKey [0xB1722BB4]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwLoadKey2 [0xB1722DBC]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwMapViewOfSection [0xB1724EAC]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys        ZwNotifyChangeKey [0xB99625D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys        ZwNotifyChangeMultipleKeys [0xB9962700]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwOpenFile [0xB1701E20]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwOpenProcess [0xB171D2DA]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwOpenThread [0xB171CF04]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwProtectVirtualMemory [0xB1731570]
SSDT            \??\C:\WINDOWS\system32\drivers\avgtpx86.sys        ZwQueryValueKey [0xBA2E5258]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwRenameKey [0xB1723B4A]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwReplaceKey [0xB1723480]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwRequestWaitReplyPort [0xB1706F28]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwRestoreKey [0xB172451C]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwSecureConnectPort [0xB1707602]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwSetInformationFile [0xB17025D2]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwSetInformationObject [0xB173145C]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwSetSecurityObject [0xB172408A]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwSetSystemInformation [0xB16FC6DC]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwSetValueKey [0xB172124C]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys        ZwSuspendProcess [0xB9962300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys        ZwSuspendThread [0xB99623E0]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwSystemDebugControl [0xB171C028]
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS  ZwTerminateProcess [0xB16AC640]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys        ZwTerminateThread [0xB9962210]
SSDT            \SystemRoot\System32\vsdatant.sys                   ZwUnloadDriver [0xB16FD330]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys        ZwWriteVirtualMemory [0xB99624D0]

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!_abnormal_termination + 104            804E26D8 12 Bytes  [E6, 7A, 70, B1, D2, AF, 71, ...] {OUT 0x7a, AL; JO 0xffffffb5; SHR [EDI-0x4c3f4e8f], CL; JNO 0xffffffbd}
.text           ntoskrnl.exe!_abnormal_termination + 1D0            804E27A4 12 Bytes  [1C, CF, 6F, B1, B4, 2B, 72, ...]
.text           ntoskrnl.exe!_abnormal_termination + 271            804E2845 3 Bytes  [15, 73, B1]
.text           ntoskrnl.exe!_abnormal_termination + 440            804E2A14 12 Bytes  [00, 23, 96, B9, E0, 23, 96, ...] {ADD [EBX], AH; XCHG ESI, EAX; MOV ECX, 0xb99623e0; SUB AL, AL; JNO 0xffffffbd}
init            C:\WINDOWS\system32\DRIVERS\mohfilt.sys             entry point in "init" section [0xF7792760]
init            C:\WINDOWS\system32\drivers\senfilt.sys             entry point in "init" section [0xB9A73F80]
?               C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\mbr.sys          The filename, directory name, or volume label syntax is incorrect. !

---- Devices - GMER 2.1 ----

Device          \Driver\Tcpip \Device\Ip                            vsdatant.sys

AttachedDevice  \Driver\Tcpip \Device\Ip                            avgtdix.sys

Device          \Driver\Tcpip \Device\Tcp                           vsdatant.sys

AttachedDevice  \Driver\Tcpip \Device\Tcp                           avgtdix.sys

Device          \Driver\Tcpip \Device\Udp                           vsdatant.sys

AttachedDevice  \Driver\Tcpip \Device\Udp                           avgtdix.sys

Device          \Driver\Tcpip \Device\RawIp                         vsdatant.sys

AttachedDevice  \Driver\Tcpip \Device\RawIp                         avgtdix.sys

Device          \Driver\Tcpip \Device\IPMULTICAST                   vsdatant.sys

AttachedDevice  \FileSystem\Fastfat \Fat                            fltmgr.sys

Device          \FileSystem\Cdfs \Cdfs                              tfsnifs.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                               unknown MBR code

---- EOF - GMER 2.1 ----

 



#6 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:56 AM

Posted 14 August 2013 - 08:32 PM

Hi there,
 
I know you have run TDSSKiller before, but I want to see the log myself. :)
 
 
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.

Vista/Windows 7 users right-click and select Run As Administrator.

  • If TDSSKiller does not run, try renaming it. 


  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.


  • Click the Start Scan button.


  • Do not use the computer during the scan


  • If the scan completes with nothing found, click Close to exit.


  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.


  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.

  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).


  • Copy and paste the contents of that file in your next reply.

 

 

 

 

Elle 


Edited by Blind Faith, 14 August 2013 - 08:33 PM.
Typo in the first sentence.

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#7 robwired

robwired
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 15 August 2013 - 01:32 AM

No computer was used during the running of this scan.

 

01:17:13.0796 3388  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
01:17:13.0968 3388  ============================================================
01:17:13.0968 3388  Current date / time: 2013/08/15 01:17:13.0968
01:17:13.0968 3388  SystemInfo:
01:17:13.0968 3388 
01:17:13.0968 3388  OS Version: 5.1.2600 ServicePack: 3.0
01:17:13.0968 3388  Product type: Workstation
01:17:13.0968 3388  ComputerName: D1RM2S71
01:17:13.0968 3388  UserName: Robert Folsom
01:17:13.0968 3388  Windows directory: C:\WINDOWS
01:17:13.0968 3388  System windows directory: C:\WINDOWS
01:17:13.0968 3388  Processor architecture: Intel x86
01:17:13.0968 3388  Number of processors: 1
01:17:13.0968 3388  Page size: 0x1000
01:17:13.0968 3388  Boot type: Normal boot
01:17:13.0968 3388  ============================================================
01:17:18.0468 3388  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:17:18.0468 3388  ============================================================
01:17:18.0468 3388  \Device\Harddisk0\DR0:
01:17:18.0468 3388  MBR partitions:
01:17:18.0468 3388  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x11B7AF87
01:17:18.0468 3388  ============================================================
01:17:18.0718 3388  C: <-> \Device\Harddisk0\DR0\Partition1
01:17:18.0718 3388  ============================================================
01:17:18.0718 3388  Initialize success
01:17:18.0718 3388  ============================================================
01:17:36.0093 3796  ============================================================
01:17:36.0093 3796  Scan started
01:17:36.0093 3796  Mode: Manual;
01:17:36.0093 3796  ============================================================
01:17:36.0328 3796  ================ Scan system memory ========================
01:17:36.0343 3796  System memory - ok
01:17:36.0343 3796  ================ Scan services =============================
01:17:36.0703 3796  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
01:17:36.0703 3796  !SASCORE - ok
01:17:37.0734 3796  Abiosdsk - ok
01:17:37.0765 3796  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
01:17:37.0843 3796  abp480n5 - ok
01:17:37.0984 3796  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:17:38.0078 3796  ACPI - ok
01:17:38.0109 3796  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
01:17:38.0125 3796  ACPIEC - ok
01:17:38.0203 3796  [ 73685E15EF8B0BD9C30F1AF413F13D49 ] adfs            C:\WINDOWS\system32\drivers\adfs.sys
01:17:38.0203 3796  adfs - ok
01:17:38.0531 3796  [ 9444A3530C2E88B7ED96A566FF9CCC13 ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
01:17:38.0812 3796  Adobe Version Cue CS4 - ok
01:17:39.0046 3796  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:17:39.0156 3796  AdobeFlashPlayerUpdateSvc - ok
01:17:39.0203 3796  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
01:17:39.0234 3796  adpu160m - ok
01:17:39.0343 3796  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
01:17:39.0390 3796  aec - ok
01:17:39.0765 3796  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
01:17:39.0906 3796  AFD - ok
01:17:39.0968 3796  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
01:17:40.0000 3796  agp440 - ok
01:17:40.0046 3796  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
01:17:40.0078 3796  agpCPQ - ok
01:17:40.0125 3796  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
01:17:40.0171 3796  Aha154x - ok
01:17:40.0203 3796  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
01:17:40.0234 3796  aic78u2 - ok
01:17:40.0250 3796  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
01:17:40.0281 3796  aic78xx - ok
01:17:40.0328 3796  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
01:17:40.0343 3796  Alerter - ok
01:17:40.0375 3796  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
01:17:40.0375 3796  ALG - ok
01:17:40.0390 3796  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
01:17:40.0406 3796  AliIde - ok
01:17:40.0453 3796  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
01:17:40.0468 3796  alim1541 - ok
01:17:40.0500 3796  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
01:17:40.0515 3796  amdagp - ok
01:17:40.0546 3796  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
01:17:40.0578 3796  amsint - ok
01:17:40.0843 3796  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:17:40.0890 3796  Apple Mobile Device - ok
01:17:40.0937 3796  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
01:17:40.0953 3796  asc - ok
01:17:40.0984 3796  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
01:17:40.0984 3796  asc3350p - ok
01:17:41.0031 3796  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
01:17:41.0046 3796  asc3550 - ok
01:17:41.0265 3796  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:17:41.0796 3796  aspnet_state - ok
01:17:41.0859 3796  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:17:41.0921 3796  AsyncMac - ok
01:17:41.0984 3796  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
01:17:41.0984 3796  atapi - ok
01:17:42.0000 3796  Atdisk - ok
01:17:42.0031 3796  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:17:42.0109 3796  Atmarpc - ok
01:17:42.0234 3796  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
01:17:42.0234 3796  AudioSrv - ok
01:17:42.0312 3796  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
01:17:42.0375 3796  audstub - ok
01:17:44.0828 3796  [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
01:17:44.0875 3796  AVGIDSAgent - ok
01:17:44.0984 3796  [ 4D7E34E36E586EA26F171A258341BD80 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
01:17:44.0984 3796  AVGIDSDriver - ok
01:17:45.0015 3796  [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
01:17:45.0062 3796  AVGIDSHX - ok
01:17:45.0125 3796  [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
01:17:45.0125 3796  AVGIDSShim - ok
01:17:45.0187 3796  [ 2018C4E9A40B122408763A5635CF14D9 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
01:17:45.0203 3796  Avgldx86 - ok
01:17:45.0296 3796  [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
01:17:45.0390 3796  Avglogx - ok
01:17:45.0437 3796  [ 3F59750A3AA55C46663801E7C2FD1E2B ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
01:17:45.0484 3796  Avgmfx86 - ok
01:17:45.0515 3796  [ EDDE28E993496EE1DC3F0937DFF7BF28 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
01:17:45.0531 3796  Avgrkx86 - ok
01:17:45.0640 3796  [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
01:17:45.0656 3796  Avgtdix - ok
01:17:45.0843 3796  [ 666B789E885F93DD9C7528F9C6A55E29 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
01:17:45.0843 3796  avgtp - ok
01:17:46.0062 3796  [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
01:17:46.0093 3796  avgwd - ok
01:17:46.0187 3796  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
01:17:46.0250 3796  Beep - ok
01:17:46.0515 3796  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
01:17:47.0171 3796  BITS - ok
01:17:47.0562 3796  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:17:47.0859 3796  Bonjour Service - ok
01:17:47.0953 3796  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
01:17:47.0953 3796  Browser - ok
01:17:48.0015 3796  [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\WINDOWS\system32\DRIVERS\motfilt.sys
01:17:48.0031 3796  BTCFilterService - ok
01:17:48.0062 3796  [ C945DC4EEE3F624DFD07788EA7F0DB0A ] bvrp_pci        C:\WINDOWS\system32\drivers\bvrp_pci.sys
01:17:48.0078 3796  bvrp_pci - ok
01:17:48.0140 3796  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
01:17:48.0171 3796  cbidf - ok
01:17:48.0187 3796  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
01:17:48.0187 3796  cbidf2k - ok
01:17:48.0437 3796  [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
01:17:48.0437 3796  CCALib8 - ok
01:17:48.0484 3796  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
01:17:48.0484 3796  cd20xrnt - ok
01:17:48.0531 3796  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
01:17:48.0781 3796  Cdaudio - ok
01:17:48.0953 3796  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
01:17:49.0015 3796  Cdfs - ok
01:17:49.0109 3796  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:17:49.0187 3796  Cdrom - ok
01:17:49.0203 3796  Changer - ok
01:17:49.0328 3796  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc           C:\WINDOWS\system32\cisvc.exe
01:17:49.0328 3796  cisvc - ok
01:17:49.0500 3796  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
01:17:49.0562 3796  ClipSrv - ok
01:17:49.0671 3796  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:17:50.0515 3796  clr_optimization_v2.0.50727_32 - ok
01:17:50.0937 3796  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:17:50.0937 3796  clr_optimization_v4.0.30319_32 - ok
01:17:51.0031 3796  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
01:17:51.0093 3796  CmdIde - ok
01:17:51.0109 3796  COMSysApp - ok
01:17:51.0140 3796  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
01:17:51.0187 3796  Cpqarray - ok
01:17:51.0296 3796  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
01:17:51.0296 3796  CryptSvc - ok
01:17:51.0500 3796  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
01:17:51.0593 3796  dac2w2k - ok
01:17:51.0625 3796  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
01:17:51.0640 3796  dac960nt - ok
01:17:51.0968 3796  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
01:17:51.0968 3796  DcomLaunch - ok
01:17:52.0093 3796  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
01:17:52.0093 3796  Dhcp - ok
01:17:52.0218 3796  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
01:17:52.0234 3796  Disk - ok
01:17:52.0234 3796  dmadmin - ok
01:17:52.0562 3796  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
01:17:53.0000 3796  dmboot - ok
01:17:53.0250 3796  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
01:17:53.0312 3796  dmio - ok
01:17:53.0406 3796  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
01:17:53.0468 3796  dmload - ok
01:17:53.0593 3796  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
01:17:53.0656 3796  dmserver - ok
01:17:53.0828 3796  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
01:17:53.0875 3796  DMusic - ok
01:17:53.0953 3796  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
01:17:53.0953 3796  Dnscache - ok
01:17:54.0062 3796  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
01:17:54.0093 3796  Dot3svc - ok
01:17:54.0140 3796  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
01:17:54.0156 3796  dpti2o - ok
01:17:54.0171 3796  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
01:17:54.0171 3796  drmkaud - ok
01:17:54.0281 3796  [ 96BC8F872F0270C10EDC3931F1C03776 ] drvmcdb         C:\WINDOWS\system32\drivers\drvmcdb.sys
01:17:54.0312 3796  drvmcdb - ok
01:17:54.0359 3796  [ 5AFBEC7A6AC61B211633DFDB1D9E0C89 ] drvnddm         C:\WINDOWS\system32\drivers\drvnddm.sys
01:17:54.0375 3796  drvnddm - ok
01:17:54.0468 3796  [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:17:54.0531 3796  E100B - ok
01:17:54.0640 3796  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
01:17:54.0687 3796  EapHost - ok
01:17:54.0890 3796  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
01:17:54.0906 3796  ERSvc - ok
01:17:54.0984 3796  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
01:17:55.0000 3796  Eventlog - ok
01:17:55.0171 3796  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
01:17:55.0171 3796  EventSystem - ok
01:17:55.0390 3796  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
01:17:55.0468 3796  Fastfat - ok
01:17:55.0671 3796  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
01:17:55.0671 3796  FastUserSwitchingCompatibility - ok
01:17:56.0015 3796  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
01:17:56.0031 3796  Fax - ok
01:17:56.0062 3796  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
01:17:56.0078 3796  Fdc - ok
01:17:56.0218 3796  FileObjInfo - ok
01:17:56.0265 3796  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
01:17:56.0265 3796  Fips - ok
01:17:56.0671 3796  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:17:57.0109 3796  FLEXnet Licensing Service - ok
01:17:57.0187 3796  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:17:57.0265 3796  Flpydisk - ok
01:17:57.0437 3796  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
01:17:57.0531 3796  FltMgr - ok
01:17:57.0984 3796  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:17:58.0062 3796  FontCache3.0.0.0 - ok
01:17:58.0078 3796  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:17:58.0078 3796  Fs_Rec - ok
01:17:58.0218 3796  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:17:58.0265 3796  Ftdisk - ok
01:17:58.0343 3796  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
01:17:58.0343 3796  GEARAspiWDM - ok
01:17:58.0484 3796  [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper   C:\Program Files\NOS\bin\getPlus_Helper.dll
01:17:58.0515 3796  getPlusHelper - ok
01:17:58.0625 3796  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:17:58.0640 3796  Gpc - ok
01:17:59.0015 3796  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
01:17:59.0031 3796  gupdate - ok
01:17:59.0078 3796  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
01:17:59.0078 3796  gupdatem - ok
01:17:59.0187 3796  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:17:59.0234 3796  gusvc - ok
01:17:59.0468 3796  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:17:59.0468 3796  helpsvc - ok
01:17:59.0484 3796  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:17:59.0531 3796  HidUsb - ok
01:17:59.0703 3796  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
01:17:59.0984 3796  hkmsvc - ok
01:18:00.0046 3796  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
01:18:00.0093 3796  hpn - ok
01:18:00.0281 3796  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
01:18:00.0390 3796  HTTP - ok
01:18:00.0453 3796  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
01:18:00.0468 3796  HTTPFilter - ok
01:18:00.0515 3796  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
01:18:00.0515 3796  i2omgmt - ok
01:18:00.0562 3796  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
01:18:00.0578 3796  i2omp - ok
01:18:00.0640 3796  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:18:00.0656 3796  i8042prt - ok
01:18:01.0343 3796  [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
01:18:01.0937 3796  ialm - ok
01:18:02.0328 3796  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:18:02.0468 3796  IDriverT - ok
01:18:03.0125 3796  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:18:03.0515 3796  idsvc - ok
01:18:03.0562 3796  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
01:18:03.0578 3796  Imapi - ok
01:18:03.0890 3796  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
01:18:03.0890 3796  ImapiService - ok
01:18:03.0937 3796  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
01:18:04.0031 3796  ini910u - ok
01:18:04.0859 3796  [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51        C:\WINDOWS\system32\DRIVERS\IntelC51.sys
01:18:04.0890 3796  IntelC51 - ok
01:18:05.0281 3796  [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52        C:\WINDOWS\system32\DRIVERS\IntelC52.sys
01:18:05.0312 3796  IntelC52 - ok
01:18:05.0375 3796  [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53        C:\WINDOWS\system32\DRIVERS\IntelC53.sys
01:18:05.0437 3796  IntelC53 - ok
01:18:05.0531 3796  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
01:18:05.0906 3796  IntelIde - ok
01:18:05.0921 3796  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:18:05.0968 3796  intelppm - ok
01:18:06.0000 3796  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
01:18:06.0015 3796  Ip6Fw - ok
01:18:06.0078 3796  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:18:06.0078 3796  IpFilterDriver - ok
01:18:06.0125 3796  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:18:06.0171 3796  IpInIp - ok
01:18:06.0250 3796  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:18:06.0343 3796  IpNat - ok
01:18:06.0890 3796  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
01:18:07.0250 3796  iPod Service - ok
01:18:07.0281 3796  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:18:07.0406 3796  IPSec - ok
01:18:07.0484 3796  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
01:18:07.0546 3796  IRENUM - ok
01:18:07.0609 3796  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:18:07.0687 3796  isapnp - ok
01:18:08.0109 3796  [ 724A6A9AB5E1807665C5DB71C30BFC5F ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
01:18:08.0109 3796  ISWKL - ok
01:18:08.0328 3796  [ 57FE873B8246DEF1372503CBC57A7499 ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
01:18:08.0531 3796  IswSvc - ok
01:18:08.0562 3796  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:18:08.0593 3796  Kbdclass - ok
01:18:08.0687 3796  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:18:08.0718 3796  kbdhid - ok
01:18:08.0953 3796  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
01:18:09.0046 3796  kmixer - ok
01:18:09.0140 3796  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
01:18:09.0203 3796  KSecDD - ok
01:18:09.0296 3796  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
01:18:09.0296 3796  lanmanserver - ok
01:18:09.0421 3796  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
01:18:09.0421 3796  lanmanworkstation - ok
01:18:09.0437 3796  Lbd - ok
01:18:09.0453 3796  lbrtfdc - ok
01:18:09.0890 3796  [ E19C8550B4C6C67FABFFD998EACF440A ] LexBceS         C:\WINDOWS\system32\LEXBCES.EXE
01:18:09.0890 3796  LexBceS - ok
01:18:10.0015 3796  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
01:18:10.0046 3796  LmHosts - ok
01:18:10.0171 3796  [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC          C:\WINDOWS\system32\tcpsvcs.exe
01:18:10.0218 3796  LPDSVC - ok
01:18:10.0234 3796  [ A2AE666CEE860BABE7FA6F1662B71737 ] MASPINT         C:\WINDOWS\system32\drivers\MASPINT.sys
01:18:10.0265 3796  MASPINT - ok
01:18:10.0390 3796  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
01:18:10.0406 3796  MBAMProtector - ok
01:18:10.0656 3796  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:18:10.0984 3796  MBAMScheduler - ok
01:18:11.0265 3796  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
01:18:11.0609 3796  MBAMService - ok
01:18:11.0656 3796  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
01:18:11.0671 3796  MBAMSwissArmy - ok
01:18:11.0687 3796  MCSTRM - ok
01:18:11.0953 3796  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
01:18:11.0984 3796  Messenger - ok
01:18:12.0218 3796  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
01:18:12.0250 3796  Microsoft Office Groove Audit Service - ok
01:18:12.0312 3796  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
01:18:12.0359 3796  mnmdd - ok
01:18:12.0406 3796  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
01:18:12.0453 3796  mnmsrvc - ok
01:18:12.0500 3796  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
01:18:12.0515 3796  Modem - ok
01:18:12.0531 3796  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
01:18:12.0593 3796  MODEMCSA - ok
01:18:12.0640 3796  [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt         C:\WINDOWS\system32\DRIVERS\mohfilt.sys
01:18:12.0640 3796  mohfilt - ok
01:18:12.0703 3796  [ F4EA1193A52C8FE4B8A135E210ABE546 ] motccgp         C:\WINDOWS\system32\DRIVERS\motccgp.sys
01:18:12.0718 3796  motccgp - ok
01:18:12.0859 3796  [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl       C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
01:18:12.0906 3796  motccgpfl - ok
01:18:12.0921 3796  [ 69814ACD50A9D6D28296050EF6215D46 ] motmodem        C:\WINDOWS\system32\DRIVERS\motmodem.sys
01:18:12.0953 3796  motmodem - ok
01:18:13.0093 3796  [ 3BBC6C2402242401F791548AAEBF3D39 ] MotoHelper      C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
01:18:13.0250 3796  MotoHelper - ok
01:18:13.0250 3796  [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\WINDOWS\system32\DRIVERS\motswch.sys
01:18:13.0265 3796  MotoSwitchService - ok
01:18:13.0296 3796  [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet      C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
01:18:13.0359 3796  Motousbnet - ok
01:18:13.0421 3796  [ 2136CCA3D1BF7C0248E5366B1A6C24E3 ] motusbdevice    C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
01:18:13.0453 3796  motusbdevice - ok
01:18:13.0484 3796  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:18:13.0546 3796  Mouclass - ok
01:18:13.0625 3796  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:18:13.0687 3796  mouhid - ok
01:18:13.0812 3796  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
01:18:13.0890 3796  MountMgr - ok
01:18:13.0968 3796  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:18:14.0062 3796  MozillaMaintenance - ok
01:18:14.0125 3796  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
01:18:14.0140 3796  mraid35x - ok
01:18:14.0218 3796  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
01:18:14.0234 3796  MREMP50 - ok
01:18:14.0250 3796  MREMP50a64 - ok
01:18:14.0250 3796  MREMPR5 - ok
01:18:14.0265 3796  MRENDIS5 - ok
01:18:14.0281 3796  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
01:18:14.0312 3796  MRESP50 - ok
01:18:14.0312 3796  MRESP50a64 - ok
01:18:14.0421 3796  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:18:14.0531 3796  MRxDAV - ok
01:18:14.0921 3796  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:18:15.0140 3796  MRxSmb - ok
01:18:15.0171 3796  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
01:18:15.0234 3796  MSDTC - ok
01:18:15.0265 3796  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
01:18:15.0359 3796  Msfs - ok
01:18:15.0390 3796  MSIServer - ok
01:18:15.0406 3796  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:18:15.0421 3796  MSKSSRV - ok
01:18:15.0531 3796  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:18:15.0625 3796  MSPCLOCK - ok
01:18:15.0656 3796  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
01:18:15.0687 3796  MSPQM - ok
01:18:15.0875 3796  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:18:15.0890 3796  mssmbios - ok
01:18:16.0031 3796  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
01:18:16.0125 3796  Mup - ok
01:18:16.0343 3796  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
01:18:16.0453 3796  napagent - ok
01:18:16.0546 3796  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
01:18:16.0625 3796  NDIS - ok
01:18:16.0703 3796  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:18:16.0718 3796  NdisTapi - ok
01:18:16.0921 3796  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:18:16.0968 3796  Ndisuio - ok
01:18:17.0000 3796  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:18:17.0031 3796  NdisWan - ok
01:18:17.0093 3796  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
01:18:17.0125 3796  NDProxy - ok
01:18:17.0156 3796  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
01:18:17.0171 3796  NetBIOS - ok
01:18:17.0312 3796  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
01:18:17.0390 3796  NetBT - ok
01:18:17.0562 3796  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
01:18:17.0640 3796  NetDDE - ok
01:18:17.0687 3796  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
01:18:17.0703 3796  NetDDEdsdm - ok
01:18:17.0781 3796  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
01:18:17.0875 3796  Netlogon - ok
01:18:18.0093 3796  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
01:18:18.0093 3796  Netman - ok
01:18:18.0265 3796  [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc          C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
01:18:18.0343 3796  NetSvc - ok
01:18:18.0484 3796  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:18:18.0531 3796  NetTcpPortSharing - ok
01:18:18.0718 3796  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
01:18:18.0718 3796  Nla - ok
01:18:18.0937 3796  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
01:18:18.0953 3796  Npfs - ok
01:18:19.0156 3796  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
01:18:19.0359 3796  Ntfs - ok
01:18:19.0390 3796  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
01:18:19.0390 3796  NtLmSsp - ok
01:18:19.0718 3796  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
01:18:20.0015 3796  NtmsSvc - ok
01:18:20.0046 3796  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
01:18:20.0078 3796  Null - ok
01:18:21.0218 3796  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:18:22.0156 3796  nv - ok
01:18:22.0250 3796  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:18:22.0312 3796  NwlnkFlt - ok
01:18:22.0359 3796  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:18:22.0390 3796  NwlnkFwd - ok
01:18:22.0968 3796  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:18:23.0156 3796  odserv - ok
01:18:23.0250 3796  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:18:23.0312 3796  ose - ok
01:18:25.0437 3796  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:18:27.0640 3796  osppsvc - ok
01:18:27.0734 3796  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
01:18:27.0765 3796  Parport - ok
01:18:27.0781 3796  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
01:18:27.0796 3796  PartMgr - ok
01:18:27.0843 3796  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
01:18:27.0968 3796  ParVdm - ok
01:18:27.0984 3796  PCAMPR5 - ok
01:18:28.0015 3796  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
01:18:28.0062 3796  PCI - ok
01:18:28.0062 3796  PCIDump - ok
01:18:28.0109 3796  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
01:18:28.0109 3796  PCIIde - ok
01:18:28.0203 3796  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
01:18:28.0250 3796  Pcmcia - ok
01:18:28.0250 3796  PDCOMP - ok
01:18:28.0265 3796  PDFRAME - ok
01:18:28.0265 3796  PDRELI - ok
01:18:28.0281 3796  PDRFRAME - ok
01:18:28.0328 3796  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
01:18:28.0328 3796  perc2 - ok
01:18:28.0359 3796  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
01:18:28.0375 3796  perc2hib - ok
01:18:28.0468 3796  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
01:18:28.0468 3796  PlugPlay - ok
01:18:28.0484 3796  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
01:18:28.0484 3796  PolicyAgent - ok
01:18:28.0531 3796  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:18:28.0562 3796  PptpMiniport - ok
01:18:28.0578 3796  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
01:18:28.0578 3796  ProtectedStorage - ok
01:18:28.0625 3796  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
01:18:28.0656 3796  PSched - ok
01:18:28.0687 3796  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:18:28.0703 3796  Ptilink - ok
01:18:28.0828 3796  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:18:29.0046 3796  PxHelp20 - ok
01:18:29.0109 3796  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
01:18:29.0156 3796  ql1080 - ok
01:18:29.0218 3796  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
01:18:29.0250 3796  Ql10wnt - ok
01:18:29.0281 3796  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
01:18:29.0328 3796  ql12160 - ok
01:18:29.0375 3796  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
01:18:29.0453 3796  ql1240 - ok
01:18:29.0468 3796  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
01:18:29.0500 3796  ql1280 - ok
01:18:29.0546 3796  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:18:29.0593 3796  RasAcd - ok
01:18:29.0750 3796  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
01:18:29.0843 3796  RasAuto - ok
01:18:30.0046 3796  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:18:30.0109 3796  Rasl2tp - ok
01:18:30.0203 3796  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
01:18:30.0203 3796  RasMan - ok
01:18:30.0234 3796  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:18:30.0250 3796  RasPppoe - ok
01:18:30.0265 3796  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
01:18:30.0281 3796  Raspti - ok
01:18:30.0375 3796  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:18:30.0437 3796  Rdbss - ok
01:18:30.0453 3796  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:18:30.0468 3796  RDPCDD - ok
01:18:30.0609 3796  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:18:30.0671 3796  rdpdr - ok
01:18:30.0781 3796  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
01:18:30.0828 3796  RDPWD - ok
01:18:31.0046 3796  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
01:18:31.0093 3796  RDSessMgr - ok
01:18:31.0171 3796  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
01:18:31.0187 3796  redbook - ok
01:18:31.0265 3796  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
01:18:31.0281 3796  RemoteAccess - ok
01:18:31.0343 3796  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
01:18:31.0359 3796  RpcLocator - ok
01:18:31.0593 3796  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
01:18:31.0593 3796  RpcSs - ok
01:18:31.0765 3796  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
01:18:31.0828 3796  RSVP - ok
01:18:32.0062 3796  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
01:18:32.0125 3796  rtl8139 - ok
01:18:32.0171 3796  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
01:18:32.0203 3796  SamSs - ok
01:18:32.0484 3796  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
01:18:32.0484 3796  SASDIFSV - ok
01:18:32.0671 3796  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
01:18:32.0703 3796  SASKUTIL - ok
01:18:32.0812 3796  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
01:18:33.0031 3796  SCardSvr - ok
01:18:33.0234 3796  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
01:18:33.0265 3796  Schedule - ok
01:18:33.0375 3796  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:18:33.0421 3796  Secdrv - ok
01:18:33.0484 3796  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
01:18:33.0500 3796  seclogon - ok
01:18:34.0015 3796  [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt         C:\WINDOWS\system32\drivers\senfilt.sys
01:18:34.0312 3796  senfilt - ok
01:18:34.0328 3796  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
01:18:34.0343 3796  SENS - ok
01:18:34.0421 3796  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
01:18:34.0453 3796  serenum - ok
01:18:34.0500 3796  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
01:18:34.0546 3796  Serial - ok
01:18:34.0687 3796  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
01:18:34.0765 3796  Sfloppy - ok
01:18:35.0125 3796  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
01:18:35.0140 3796  SharedAccess - ok
01:18:35.0265 3796  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:18:35.0265 3796  ShellHWDetection - ok
01:18:35.0281 3796  Simbad - ok
01:18:35.0375 3796  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
01:18:35.0437 3796  sisagp - ok
01:18:35.0593 3796  [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
01:18:35.0750 3796  smwdm - ok
01:18:35.0828 3796  [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP            C:\WINDOWS\System32\snmp.exe
01:18:35.0828 3796  SNMP - ok
01:18:35.0859 3796  [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
01:18:36.0000 3796  SNMPTRAP - ok
01:18:36.0031 3796  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
01:18:36.0046 3796  Sparrow - ok
01:18:36.0093 3796  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
01:18:36.0109 3796  splitter - ok
01:18:36.0203 3796  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
01:18:36.0203 3796  Spooler - ok
01:18:36.0250 3796  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
01:18:36.0281 3796  sr - ok
01:18:36.0421 3796  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
01:18:36.0421 3796  srservice - ok
01:18:36.0593 3796  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
01:18:36.0609 3796  Srv - ok
01:18:36.0625 3796  [ 98625722AD52B40305E74AAA83C93086 ] sscdbhk5        C:\WINDOWS\system32\drivers\sscdbhk5.sys
01:18:36.0640 3796  sscdbhk5 - ok
01:18:36.0750 3796  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
01:18:36.0750 3796  SSDPSRV - ok
01:18:36.0781 3796  [ D79412E3942C8A257253487536D5A994 ] ssrtln          C:\WINDOWS\system32\drivers\ssrtln.sys
01:18:36.0796 3796  ssrtln - ok
01:18:37.0156 3796  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
01:18:37.0187 3796  stisvc - ok
01:18:37.0281 3796  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
01:18:37.0296 3796  swenum - ok
01:18:37.0343 3796  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
01:18:37.0406 3796  swmidi - ok
01:18:37.0421 3796  SwPrv - ok
01:18:37.0484 3796  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
01:18:37.0562 3796  symc810 - ok
01:18:37.0609 3796  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
01:18:37.0671 3796  symc8xx - ok
01:18:37.0703 3796  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
01:18:37.0718 3796  sym_hi - ok
01:18:37.0781 3796  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
01:18:37.0875 3796  sym_u3 - ok
01:18:38.0125 3796  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
01:18:38.0187 3796  sysaudio - ok
01:18:38.0281 3796  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
01:18:38.0421 3796  SysmonLog - ok
01:18:38.0593 3796  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
01:18:38.0609 3796  TapiSrv - ok
01:18:38.0875 3796  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:18:39.0125 3796  Tcpip - ok
01:18:39.0203 3796  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
01:18:39.0250 3796  TDPIPE - ok
01:18:39.0281 3796  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
01:18:39.0328 3796  TDTCP - ok
01:18:39.0375 3796  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
01:18:39.0421 3796  TermDD - ok
01:18:39.0562 3796  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
01:18:39.0562 3796  TermService - ok
01:18:39.0734 3796  [ D0177776E11B0B3F272EEBD262A69661 ] tfsnboio        C:\WINDOWS\system32\dla\tfsnboio.sys
01:18:39.0750 3796  tfsnboio - ok
01:18:39.0781 3796  [ 599804BC938B8305A5422319774DA871 ] tfsncofs        C:\WINDOWS\system32\dla\tfsncofs.sys
01:18:39.0796 3796  tfsncofs - ok
01:18:39.0812 3796  [ A1902C00ADC11C4D83F8E3ED947A6A32 ] tfsndrct        C:\WINDOWS\system32\dla\tfsndrct.sys
01:18:39.0812 3796  tfsndrct - ok
01:18:39.0890 3796  [ D8DDB3F2B1BEF15CFF6728D89C042C61 ] tfsndres        C:\WINDOWS\system32\dla\tfsndres.sys
01:18:40.0031 3796  tfsndres - ok
01:18:40.0062 3796  [ C4F2DEA75300971CDAEE311007DE138D ] tfsnifs         C:\WINDOWS\system32\dla\tfsnifs.sys
01:18:40.0109 3796  tfsnifs - ok
01:18:40.0125 3796  [ 272925BE0EA919F08286D2EE6F102B0F ] tfsnopio        C:\WINDOWS\system32\dla\tfsnopio.sys
01:18:40.0140 3796  tfsnopio - ok
01:18:40.0156 3796  [ 7B7D955E5CEBC2FB88B03EF875D52A2F ] tfsnpool        C:\WINDOWS\system32\dla\tfsnpool.sys
01:18:40.0171 3796  tfsnpool - ok
01:18:40.0218 3796  [ E3D01263109D800C1967C12C10A0B018 ] tfsnudf         C:\WINDOWS\system32\dla\tfsnudf.sys
01:18:40.0250 3796  tfsnudf - ok
01:18:40.0328 3796  [ B9E9C377906E3A65BC74598FFF7F7458 ] tfsnudfa        C:\WINDOWS\system32\dla\tfsnudfa.sys
01:18:40.0359 3796  tfsnudfa - ok
01:18:40.0500 3796  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
01:18:40.0500 3796  Themes - ok
01:18:40.0515 3796  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
01:18:40.0625 3796  TosIde - ok
01:18:40.0781 3796  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
01:18:40.0781 3796  TrkWks - ok
01:18:41.0046 3796  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
01:18:41.0171 3796  Udfs - ok
01:18:41.0218 3796  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
01:18:41.0265 3796  ultra - ok
01:18:41.0531 3796  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
01:18:41.0875 3796  Update - ok
01:18:42.0203 3796  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
01:18:42.0328 3796  upnphost - ok
01:18:42.0359 3796  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
01:18:42.0375 3796  UPS - ok
01:18:42.0421 3796  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:18:42.0437 3796  usbccgp - ok
01:18:42.0453 3796  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:18:42.0468 3796  usbehci - ok
01:18:42.0546 3796  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:18:42.0562 3796  usbhub - ok
01:18:42.0609 3796  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:18:42.0609 3796  usbprint - ok
01:18:42.0640 3796  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:18:42.0656 3796  usbscan - ok
01:18:42.0734 3796  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:18:42.0734 3796  USBSTOR - ok
01:18:42.0781 3796  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:18:42.0796 3796  usbuhci - ok
01:18:42.0812 3796  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
01:18:42.0828 3796  VgaSave - ok
01:18:42.0875 3796  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
01:18:43.0015 3796  viaagp - ok
01:18:43.0031 3796  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
01:18:43.0031 3796  ViaIde - ok
01:18:43.0125 3796  [ 00A204BE7084B214605DB4D433C9A7E2 ] Viewpoint Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
01:18:43.0140 3796  Viewpoint Service - ok
01:18:43.0187 3796  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
01:18:43.0218 3796  VolSnap - ok
01:18:43.0453 3796  [ B96ECAE46A68F57862BACF59EEC24FEF ] Vsdatant        C:\WINDOWS\system32\vsdatant.sys
01:18:43.0453 3796  Vsdatant - ok
01:18:43.0671 3796  vsmon - ok
01:18:43.0859 3796  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
01:18:44.0125 3796  VSS - ok
01:18:44.0625 3796  [ C8AF3B4F699B193A69A1EE9367CBAA40 ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
01:18:45.0265 3796  vToolbarUpdater12.2.6 - ok
01:18:45.0484 3796  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
01:18:45.0484 3796  w32time - ok
01:18:45.0578 3796  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:18:45.0656 3796  Wanarp - ok
01:18:45.0687 3796  wanatw - ok
01:18:46.0156 3796  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
01:18:46.0437 3796  Wdf01000 - ok
01:18:46.0453 3796  WDICA - ok
01:18:46.0531 3796  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
01:18:46.0625 3796  wdmaud - ok
01:18:46.0765 3796  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
01:18:46.0765 3796  WebClient - ok
01:18:47.0062 3796  [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend       C:\Program Files\Windows Defender\MsMpEng.exe
01:18:47.0140 3796  WinDefend - ok
01:18:47.0453 3796  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
01:18:47.0453 3796  winmgmt - ok
01:18:48.0406 3796  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:18:49.0171 3796  wlidsvc - ok
01:18:49.0218 3796  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
01:18:49.0296 3796  WmdmPmSN - ok
01:18:49.0390 3796  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:18:49.0453 3796  WmiApSrv - ok
01:18:49.0875 3796  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
01:18:50.0328 3796  WMPNetworkSvc - ok
01:18:50.0375 3796  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
01:18:50.0390 3796  WpdUsb - ok
01:18:50.0890 3796  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:18:51.0484 3796  WPFFontCache_v0400 - ok
01:18:51.0656 3796  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
01:18:51.0703 3796  wscsvc - ok
01:18:51.0734 3796  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
01:18:51.0765 3796  wuauserv - ok
01:18:52.0015 3796  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:18:52.0093 3796  WudfPf - ok
01:18:52.0218 3796  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:18:52.0265 3796  WudfRd - ok
01:18:52.0359 3796  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
01:18:52.0359 3796  WudfSvc - ok
01:18:52.0593 3796  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
01:18:52.0593 3796  WZCSVC - ok
01:18:52.0687 3796  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
01:18:52.0734 3796  xmlprov - ok
01:18:52.0750 3796  ================ Scan global ===============================
01:18:52.0828 3796  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
01:18:53.0109 3796  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
01:18:53.0218 3796  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
01:18:53.0296 3796  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
01:18:53.0296 3796  [Global] - ok
01:18:53.0296 3796  ================ Scan MBR ==================================
01:18:53.0343 3796  [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
01:18:54.0890 3796  \Device\Harddisk0\DR0 - ok
01:18:54.0890 3796  ================ Scan VBR ==================================
01:18:54.0890 3796  [ 3D7FF34802D05AB5743EC9A68111DBF9 ] \Device\Harddisk0\DR0\Partition1
01:18:54.0906 3796  \Device\Harddisk0\DR0\Partition1 - ok
01:18:54.0906 3796  ============================================================
01:18:54.0906 3796  Scan finished
01:18:54.0906 3796  ============================================================
01:18:54.0921 3788  Detected object count: 0
01:18:54.0921 3788  Actual detected object count: 0
01:19:45.0312 2928  Deinitialize success
 

 



#8 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:56 AM

Posted 16 August 2013 - 07:27 PM

Hi there,

 

 

 

Please download ComboFix from one of these locations:
 
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.
     

    Query_RC.gif

     
     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
     

    RC_successful.gif

     
     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
     
     
     
     
     
     
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #9 robwired

    robwired
    • Topic Starter

    • Members
    • 64 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:56 PM

    Posted 17 August 2013 - 12:59 AM

    I ran ComboFix. The Microsoft Windows Recovery Console could not be installed. I received a message to the effect of Files not allowed to load ABORT, then a ComboFix dialog box that asked if I wanted to continue with scan.
    Also, I disabled AVG for 15 minutes, and clicked on Disable real time ..., but the countdown continued, so I hope it didn't ot skew any results.

    Here is the ComboFix log. Again, thank you for all you are doing.

     

    ComboFix 13-08-16.03 - Robert Folsom 08/16/2013  23:49:25.1.1 - x86
    Running from: c:\documents and settings\Robert Folsom\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Robert Folsom\Application Data\340406
    c:\windows\MailSwitch.ocx
    c:\windows\patch.exe
    c:\windows\system32\%SYSTE~1
    c:\windows\system32\bszip.dll
    c:\windows\system32\FF05DA0D.dll
    c:\windows\tmp
    c:\windows\tmp\dd_vcredistMSI244D.txt
    c:\windows\tmp\dd_vcredistMSI46C3.txt
    c:\windows\tmp\dd_vcredistUI244D.txt
    c:\windows\tmp\dd_vcredistUI46C3.txt
    c:\windows\tmp\IswTmp\Logs\ISWSHEX.swl
    c:\windows\tmp\qtsingleapp-koboex-f4a6-0-lockfile
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_TDSSSERV.SYS
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-07-17 to 2013-08-17  )))))))))))))))))))))))))))))))
    .
    .
    2013-08-11 18:39 . 2013-08-11 18:39 -------- d-----w- c:\program files\HitmanPro
    2013-08-11 18:39 . 2013-08-11 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
    2013-08-11 18:28 . 2013-08-11 18:28 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
    2013-08-11 13:44 . 2013-08-11 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2013-08-11 07:10 . 2013-08-11 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
    2013-08-11 07:10 . 2013-08-11 07:10 73728 ----a-r- c:\documents and settings\Robert Folsom\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2013-08-11 07:10 . 2013-08-11 07:10 73728 ----a-r- c:\documents and settings\Robert Folsom\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2013-08-11 07:10 . 2013-08-11 07:10 73728 ----a-r- c:\documents and settings\Robert Folsom\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
    2013-08-11 07:10 . 2013-08-11 07:10 -------- d-----w- c:\program files\Sophos
    2013-08-11 05:51 . 2013-08-11 05:51 -------- d-----w- c:\documents and settings\robwired
    2013-08-11 05:33 . 2013-08-11 05:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2013-08-11 05:28 . 2013-08-11 05:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
    2013-08-11 03:42 . 2013-08-11 18:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-08-11 00:33 . 2013-08-11 00:33 -------- d-----w- c:\program files\Motive
    2013-08-10 20:36 . 2013-08-10 20:36 -------- d-----w- c:\windows\system32\wbem\Repository
    2013-08-10 20:35 . 2013-08-10 20:35 -------- d-----w- c:\program files\ZoneAlarmSB
    2013-08-10 20:35 . 2013-08-10 20:35 -------- d-----w- c:\program files\CheckPoint
    2013-08-10 18:45 . 2013-08-10 18:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera Software
    2013-08-10 18:45 . 2013-08-10 18:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Opera Software
    2013-08-10 13:11 . 2013-08-10 13:11 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
    2013-08-09 05:31 . 2013-08-09 05:31 -------- d-----w- C:\VTRoot
    2013-08-09 05:31 . 2013-08-09 05:54 71220 ----a-w- c:\windows\system32\drivers\fvstore.dat
    2013-08-09 05:01 . 2013-08-10 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
    2013-08-09 05:00 . 2013-08-10 20:35 -------- d-----w- c:\documents and settings\Robert Folsom\Local Settings\Application Data\COMODO
    2013-08-09 05:00 . 2013-08-10 20:35 -------- d-----w- c:\program files\Comodo
    2013-07-30 14:59 . 2013-08-15 01:56 -------- d-----w- c:\windows\system32\MRT
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-07-26 02:47 . 2004-08-10 17:51 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-07-26 02:47 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-07-26 02:47 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-07-25 15:52 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
    2013-07-20 06:51 . 2012-08-09 18:56 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-07-20 06:50 . 2012-04-19 09:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-07-20 06:50 . 2011-12-23 18:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-07-20 06:50 . 2011-10-07 12:23 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-07-11 11:37 . 2012-04-17 20:50 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-07-11 11:37 . 2011-05-19 14:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-07-10 10:37 . 2004-08-10 17:51 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-10 06:32 . 2011-09-13 12:30 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-07-04 02:59 . 2004-08-10 17:51 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 02:08 . 2004-08-04 03:59 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-07-01 06:45 . 2011-08-08 12:08 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2013-06-04 07:23 . 2004-08-10 17:51 562688 ----a-w- c:\windows\system32\qedit.dll
    2013-06-04 01:40 . 2004-08-10 17:51 1876736 ----a-w- c:\windows\system32\win32k.sys
    2013-05-28 01:59 . 2004-08-10 17:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-05-28 00:41 . 2009-04-14 19:56 6144 ----a-w- c:\windows\system32\xpsp4res.dll
    2007-04-14 23:17 . 2007-04-14 23:17 1398584 -c--a-w- c:\program files\registryrepair.exe
    2005-09-07 04:38 . 2005-09-07 04:38 7739192 ----a-w- c:\program files\DivXPlay.exe
    2010-03-31 15:09 . 2010-03-31 15:09 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll
    2010-04-08 17:36 . 2010-04-08 17:36 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll
    2012-06-14 22:20 . 2013-08-11 03:10 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-09-10 18:43 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.33\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743}]
    2012-02-02 06:43 1613312 ----a-w- c:\program files\AddThis Toolbar\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2012-02-02 1613312]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.33\AVG Secure Search_toolbar.dll" [2012-09-10 1734240]
    .
    [HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2012-02-02 1613312]
    .
    [HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Robert Folsom\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Robert Folsom\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Robert Folsom\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Robert Folsom\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 4762496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-10 947808]
    "ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-10 856160]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 738984]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
    backup=c:\windows\pss\dlbcserv.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
    backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
    backup=c:\windows\pss\ymetray.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^AOL OpenRide.lnk]
    backup=c:\windows\pss\AOL OpenRide.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk]
    backup=c:\windows\pss\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^oneDrum.lnk]
    path=c:\documents and settings\Robert Folsom\Desktop\Unused Desktop Shortcuts\oneDrum.lnk
    backup=c:\windows\pss\oneDrum.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
    path=c:\documents and settings\Robert Folsom\Desktop\Unused Desktop Shortcuts\OpenOffice.org 3.2.lnk
    backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^TrueAssistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\TrueSuite\TrueAssistant.lnk
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdBlocker
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_UninstallTracking
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-06-07 04:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2010-11-20 20:17 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-03-17 02:58 47392 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-05-31 01:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Dial Connection Manager]
    2008-06-03 14:59 1457256 -c--a-w- c:\program files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2004-07-19 12:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2005-05-31 11:33 122941 -c--a-w- c:\windows\system32\dla\tfswctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-08-24 20:09 136176 ----atw- c:\program files\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2011-10-28 17:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-20 15:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-09-20 15:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-09-20 15:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
    2003-09-04 01:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 21:50 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 21:50 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Cubby]
    2012-05-07 23:49 4269392 ----a-w- c:\documents and settings\Robert Folsom\Application Data\cubby\cubby.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2013-04-04 19:50 532040 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-15 00:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
    2012-05-14 04:45 932528 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-05-23 05:39 75520 -c--a-w- c:\program files\Adobe\Acrobat 9.0\Designer 8.2\jre\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2006-11-04 00:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
    2005-09-07 20:01 1358336 -c--a-w- c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    2005-08-15 20:24 3092480 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YPager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
    2006-07-21 21:19 129536 -c--a-w- c:\progra~1\Yahoo!\browser\ybrwicon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "Viewpoint Manager Service"=2 (0x2)
    "NetSvc"=3 (0x3)
    "iPod Service"=3 (0x3)
    "IDriverT"=3 (0x3)
    "AOL ACS"=2 (0x2)
    "WinDefend"=2 (0x2)
    "WANMiniportService"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "gusvc"=3 (0x3)
    "idsvc"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "Viewpoint Service"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "Adobe Version Cue CS4"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "gupdate"=2 (0x2)
    "osppsvc"=3 (0x3)
    "wlidsvc"=2 (0x2)
    "SeaPort"=2 (0x2)
    "PDSched"=2 (0x2)
    "PDEngine"=3 (0x3)
    "BBSvc"=3 (0x3)
    "gupdatem"=3 (0x3)
    "MotoHelper"=2 (0x2)
    "MBAMService"=2 (0x2)
    "AdobeFlashPlayerUpdateSvc"=3 (0x3)
    "MozillaMaintenance"=3 (0x3)
    "vToolbarUpdater12.2.6"=2 (0x2)
    "IswSvc"=2 (0x2)
    "MBAMScheduler"=2 (0x2)
    "RealNetworks Downloader Resolver Service"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\Robert Folsom\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\AddThis Toolbar\\TroubleShooter.exe"=
    "c:\\Program Files\\AddThis Toolbar\\ToolbarUpdate.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    "c:\\Documents and Settings\\Robert Folsom\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    .
    R?2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 246072]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 39224]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 171320]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 182072]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/10/2012 1:43 PM 27496]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [3/16/2012 11:06 AM 27056]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [12/10/2011 2:37 AM 6016]
    S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/2/2008 11:57 PM 22856]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/10/2013 10:42 PM 40776]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/10/2011 2:37 AM 20480]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/10/2011 2:37 AM 8320]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [12/10/2011 2:37 AM 23424]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [12/10/2011 2:37 AM 9472]
    S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
    S4 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [3/16/2012 11:07 AM 497320]
    S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/20/2012 12:12 AM 418376]
    S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/2/2008 11:57 PM 701512]
    S4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [4/26/2011 3:23 PM 223088]
    S4 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 12:39 AM 30152]
    S4 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/10/2012 1:43 PM 722528]
    S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ    getPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 11:37]
    .
    2013-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
    .
    2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 20:09]
    .
    2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 20:09]
    .
    2013-08-11 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
    .
    2013-08-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ea1f29b3-cf72-4618-a20f-60a7ec920568.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2013-08-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f7e814f4-0d3d-4bcb-94a8-4efa3b51c68d.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://bing.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    uInternet Settings,ProxyOverride = 192.168.*.*;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    DPF: Microsoft XML Parser for Java
    DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} - hxxp://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
    DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} - hxxp://xmro.xmradio.com/xstream/registration/dell/xmprofiler.CAB
    FF - ProfilePath - c:\documents and settings\Robert Folsom\Application Data\Mozilla\Firefox\Profiles\zv2uxvrp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=0&hl=en
    FF - ExtSQL: !HIDDEN! 2009-09-01 01:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.zonealarm.autoRvrt, false
    FF - user.js: extensions.zonealarm_i.hmpg - true
    FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368
    FF - user.js: extensions.zonealarm.dfltSrch - true
    FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
    FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368&q={searchTerms}
    FF - user.js: extensions.zonealarm_i.dnsErr - true
    FF - user.js: extensions.zonealarm_i.newTab - true
    FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368
    FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan={dfltLng}&utid=f00a6da7000000000000001195622368&q=
    FF - user.js: extensions.zonealarm.id - f00a6da7000000000000001195622368
    FF - user.js: extensions.zonealarm.instlDay - 15604
    FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
    FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
    FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.410:38
    FF - user.js: extensions.zonealarm.prtnrId - checkpoint
    FF - user.js: extensions.zonealarm.prdct - zonealarm
    FF - user.js: extensions.zonealarm.aflt - 1001 tlbrid=ZoneAlarmSecurity
    FF - user.js: extensions.zonealarm_i.smplGrp - none
    FF - user.js: extensions.zonealarm.tlbrId - base
    FF - user.js: extensions.zonealarm.instlRef - ZLN27036416615228-1600
    FF - user.js: extensions.zonealarm.dfltLng - en
    FF - user.js: extensions.zonealarm.excTlbr - false
    FF - user.js: extensions.zonealarm.admin - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    SafeBoot-klmdb.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-08-17 00:20
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,40,d7,1e,a5,a3,32,49,ae,8b,76,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,40,d7,1e,a5,a3,32,49,ae,8b,76,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(964)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'explorer.exe'(2628)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Robert Folsom\Application Data\Dropbox\bin\DropboxExt.17.dll
    c:\program files\Google\Drive\googledrivesync32.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\hnetcfg.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG2013\avgrsx.exe
    c:\program files\AVG\AVG2013\avgcsrvx.exe
    c:\program files\CheckPoint\ZoneAlarm\vsmon.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    c:\windows\System32\snmp.exe
    c:\program files\AVG\AVG2013\avgnsx.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    .
    **************************************************************************
    .
    Completion time: 2013-08-17  00:35:30 - machine was rebooted
    ComboFix-quarantined-files.txt  2013-08-17 05:34
    .
    Pre-Run: 89,213,648,896 bytes free
    Post-Run: 90,169,327,616 bytes free
    .
    - - End Of File - - 634DF6085E53F98804D53B8660DB7291
    B16A2359F4962B0C622D81A1C1F4B703
     

     



    #10 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:12:56 AM

    Posted 17 August 2013 - 02:13 PM

    Hi there,

     

     

    How is the system working right now? Can you give me a little feedback on that?

     

    And also, I'd like to see if something is still present. Can you re-run ComboFix? And post the log afterwards. :)

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #11 robwired

    robwired
    • Topic Starter

    • Members
    • 64 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:56 PM

    Posted 17 August 2013 - 03:52 PM

    Elle,

    System seems to be running a little faster, however I still cannot update AVG, so it has an alert symbol over the tray icon. I don't trust the system enough to work on it -- apply for a better job, post to social media, etc. I've been saving photos to disc because of the ComboFix link to manually install Microsoft Windows Restore Console from disc. Don't want to lose anything, but I have not done the manual install yet.
    I'm replying to let you know how system is running. I will now rerun ComboFix, which is a little bit like watching paint dry, and post log here.

     

    Robert



    #12 robwired

    robwired
    • Topic Starter

    • Members
    • 64 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:56 PM

    Posted 17 August 2013 - 06:27 PM

    Elle,

    This is a complete ComboFix log. One that completed about 4:20 p.m. had its log blocked from popping up AVG, even though I disabled it according to instructions, as before. That AVG message:

     

    AVG Detection

    Threat: General behavioral detection

    Object name: C:\ComboFix\REGT.3XE

     

    Now, the complete, uninterrupted ComboFix log:

     

    ComboFix 13-08-16.03 - Robert Folsom 08/17/2013  17:47:25.3.1 - x86
    Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1482 [GMT -5:00]
    Running from: c:\documents and settings\Robert Folsom\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-07-17 to 2013-08-17  )))))))))))))))))))))))))))))))
    .
    .
    2013-08-11 18:39 . 2013-08-11 18:39 -------- d-----w- c:\program files\HitmanPro
    2013-08-11 18:39 . 2013-08-11 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
    2013-08-11 18:28 . 2013-08-11 18:28 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
    2013-08-11 13:44 . 2013-08-11 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2013-08-11 07:10 . 2013-08-11 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
    2013-08-11 07:10 . 2013-08-11 07:10 73728 ----a-r- c:\documents and settings\Robert Folsom\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2013-08-11 07:10 . 2013-08-11 07:10 73728 ----a-r- c:\documents and settings\Robert Folsom\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2013-08-11 07:10 . 2013-08-11 07:10 73728 ----a-r- c:\documents and settings\Robert Folsom\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
    2013-08-11 07:10 . 2013-08-11 07:10 -------- d-----w- c:\program files\Sophos
    2013-08-11 05:51 . 2013-08-11 05:51 -------- d-----w- c:\documents and settings\robwired
    2013-08-11 05:33 . 2013-08-11 05:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2013-08-11 05:28 . 2013-08-11 05:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
    2013-08-11 03:42 . 2013-08-11 18:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-08-11 00:33 . 2013-08-11 00:33 -------- d-----w- c:\program files\Motive
    2013-08-10 20:36 . 2013-08-10 20:36 -------- d-----w- c:\windows\system32\wbem\Repository
    2013-08-10 20:35 . 2013-08-10 20:35 -------- d-----w- c:\program files\ZoneAlarmSB
    2013-08-10 20:35 . 2013-08-10 20:35 -------- d-----w- c:\program files\CheckPoint
    2013-08-10 18:45 . 2013-08-10 18:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera Software
    2013-08-10 18:45 . 2013-08-10 18:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Opera Software
    2013-08-10 13:11 . 2013-08-10 13:11 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
    2013-08-09 05:31 . 2013-08-09 05:31 -------- d-----w- C:\VTRoot
    2013-08-09 05:31 . 2013-08-09 05:54 71220 ----a-w- c:\windows\system32\drivers\fvstore.dat
    2013-08-09 05:01 . 2013-08-10 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
    2013-08-09 05:00 . 2013-08-10 20:35 -------- d-----w- c:\documents and settings\Robert Folsom\Local Settings\Application Data\COMODO
    2013-08-09 05:00 . 2013-08-10 20:35 -------- d-----w- c:\program files\Comodo
    2013-07-30 14:59 . 2013-08-15 01:56 -------- d-----w- c:\windows\system32\MRT
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-07-26 02:47 . 2004-08-10 17:51 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-07-26 02:47 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-07-26 02:47 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-07-25 15:52 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
    2013-07-20 06:51 . 2012-08-09 18:56 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-07-20 06:50 . 2012-04-19 09:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-07-20 06:50 . 2011-12-23 18:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-07-20 06:50 . 2011-10-07 12:23 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-07-11 11:37 . 2012-04-17 20:50 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-07-11 11:37 . 2011-05-19 14:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-07-10 10:37 . 2004-08-10 17:51 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-10 06:32 . 2011-09-13 12:30 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-07-04 02:59 . 2004-08-10 17:51 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 02:08 . 2004-08-04 03:59 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-07-01 06:45 . 2011-08-08 12:08 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2013-06-04 07:23 . 2004-08-10 17:51 562688 ----a-w- c:\windows\system32\qedit.dll
    2013-06-04 01:40 . 2004-08-10 17:51 1876736 ----a-w- c:\windows\system32\win32k.sys
    2013-05-28 01:59 . 2004-08-10 17:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-05-28 00:41 . 2009-04-14 19:56 6144 ----a-w- c:\windows\system32\xpsp4res.dll
    2007-04-14 23:17 . 2007-04-14 23:17 1398584 -c--a-w- c:\program files\registryrepair.exe
    2005-09-07 04:38 . 2005-09-07 04:38 7739192 ----a-w- c:\program files\DivXPlay.exe
    2010-03-31 15:09 . 2010-03-31 15:09 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll
    2010-04-08 17:36 . 2010-04-08 17:36 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll
    2012-06-14 22:20 . 2013-08-11 03:10 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-09-10 18:43 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.33\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743}]
    2012-02-02 06:43 1613312 ----a-w- c:\program files\AddThis Toolbar\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2012-02-02 1613312]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.33\AVG Secure Search_toolbar.dll" [2012-09-10 1734240]
    .
    [HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2012-02-02 1613312]
    .
    [HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Robert Folsom\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Robert Folsom\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Robert Folsom\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Robert Folsom\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 4762496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-10 947808]
    "ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-10 856160]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 738984]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
    backup=c:\windows\pss\dlbcserv.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
    backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
    backup=c:\windows\pss\ymetray.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^AOL OpenRide.lnk]
    backup=c:\windows\pss\AOL OpenRide.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk]
    backup=c:\windows\pss\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^oneDrum.lnk]
    path=c:\documents and settings\Robert Folsom\Desktop\Unused Desktop Shortcuts\oneDrum.lnk
    backup=c:\windows\pss\oneDrum.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
    path=c:\documents and settings\Robert Folsom\Desktop\Unused Desktop Shortcuts\OpenOffice.org 3.2.lnk
    backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robert Folsom^Start Menu^Programs^Startup^TrueAssistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\TrueSuite\TrueAssistant.lnk
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-06-07 04:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2010-11-20 20:17 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-03-17 02:58 47392 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-05-31 01:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Dial Connection Manager]
    2008-06-03 14:59 1457256 -c--a-w- c:\program files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2004-07-19 12:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2005-05-31 11:33 122941 -c--a-w- c:\windows\system32\dla\tfswctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-08-24 20:09 136176 ----atw- c:\program files\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2011-10-28 17:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-20 15:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-09-20 15:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-09-20 15:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
    2003-09-04 01:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 21:50 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 21:50 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Cubby]
    2012-05-07 23:49 4269392 ----a-w- c:\documents and settings\Robert Folsom\Application Data\cubby\cubby.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2013-04-04 19:50 532040 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-15 00:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
    2012-05-14 04:45 932528 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-05-23 05:39 75520 -c--a-w- c:\program files\Adobe\Acrobat 9.0\Designer 8.2\jre\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2006-11-04 00:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
    2005-09-07 20:01 1358336 -c--a-w- c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    2005-08-15 20:24 3092480 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YPager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
    2006-07-21 21:19 129536 -c--a-w- c:\progra~1\Yahoo!\browser\ybrwicon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "Viewpoint Manager Service"=2 (0x2)
    "NetSvc"=3 (0x3)
    "iPod Service"=3 (0x3)
    "IDriverT"=3 (0x3)
    "AOL ACS"=2 (0x2)
    "WinDefend"=2 (0x2)
    "WANMiniportService"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "gusvc"=3 (0x3)
    "idsvc"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "Viewpoint Service"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "Adobe Version Cue CS4"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "gupdate"=2 (0x2)
    "osppsvc"=3 (0x3)
    "wlidsvc"=2 (0x2)
    "SeaPort"=2 (0x2)
    "PDSched"=2 (0x2)
    "PDEngine"=3 (0x3)
    "BBSvc"=3 (0x3)
    "gupdatem"=3 (0x3)
    "MotoHelper"=2 (0x2)
    "MBAMService"=2 (0x2)
    "AdobeFlashPlayerUpdateSvc"=3 (0x3)
    "MozillaMaintenance"=3 (0x3)
    "vToolbarUpdater12.2.6"=2 (0x2)
    "IswSvc"=2 (0x2)
    "MBAMScheduler"=2 (0x2)
    "RealNetworks Downloader Resolver Service"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\Robert Folsom\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\AddThis Toolbar\\TroubleShooter.exe"=
    "c:\\Program Files\\AddThis Toolbar\\ToolbarUpdate.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    "c:\\Documents and Settings\\Robert Folsom\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 246072]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 39224]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 171320]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 182072]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/10/2012 1:43 PM 27496]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [3/16/2012 11:06 AM 27056]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [12/10/2011 2:37 AM 6016]
    S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/2/2008 11:57 PM 22856]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/10/2013 10:42 PM 40776]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/10/2011 2:37 AM 20480]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/10/2011 2:37 AM 8320]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [12/10/2011 2:37 AM 23424]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [12/10/2011 2:37 AM 9472]
    S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
    S4 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [3/16/2012 11:07 AM 497320]
    S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/20/2012 12:12 AM 418376]
    S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/2/2008 11:57 PM 701512]
    S4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [4/26/2011 3:23 PM 223088]
    S4 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 12:39 AM 30152]
    S4 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/10/2012 1:43 PM 722528]
    S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ    getPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 11:37]
    .
    2013-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
    .
    2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 20:09]
    .
    2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 20:09]
    .
    2013-08-11 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
    .
    2013-08-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ea1f29b3-cf72-4618-a20f-60a7ec920568.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2013-08-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f7e814f4-0d3d-4bcb-94a8-4efa3b51c68d.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://bing.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    uInternet Settings,ProxyOverride = 192.168.*.*;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    DPF: Microsoft XML Parser for Java
    DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} - hxxp://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
    DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} - hxxp://xmro.xmradio.com/xstream/registration/dell/xmprofiler.CAB
    FF - ProfilePath - c:\documents and settings\Robert Folsom\Application Data\Mozilla\Firefox\Profiles\zv2uxvrp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=0&hl=en
    FF - ExtSQL: !HIDDEN! 2009-09-01 01:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.zonealarm.autoRvrt, false
    FF - user.js: extensions.zonealarm_i.hmpg - true
    FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368
    FF - user.js: extensions.zonealarm.dfltSrch - true
    FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
    FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368&q={searchTerms}
    FF - user.js: extensions.zonealarm_i.dnsErr - true
    FF - user.js: extensions.zonealarm_i.newTab - true
    FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=en&utid=f00a6da7000000000000001195622368
    FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN27036416615228-1600&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan={dfltLng}&utid=f00a6da7000000000000001195622368&q=
    FF - user.js: extensions.zonealarm.id - f00a6da7000000000000001195622368
    FF - user.js: extensions.zonealarm.instlDay - 15604
    FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
    FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
    FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.410:38
    FF - user.js: extensions.zonealarm.prtnrId - checkpoint
    FF - user.js: extensions.zonealarm.prdct - zonealarm
    FF - user.js: extensions.zonealarm.aflt - 1001 tlbrid=ZoneAlarmSecurity
    FF - user.js: extensions.zonealarm_i.smplGrp - none
    FF - user.js: extensions.zonealarm.tlbrId - base
    FF - user.js: extensions.zonealarm.instlRef - ZLN27036416615228-1600
    FF - user.js: extensions.zonealarm.dfltLng - en
    FF - user.js: extensions.zonealarm.excTlbr - false
    FF - user.js: extensions.zonealarm.admin - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-08-17 18:09
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,40,d7,1e,a5,a3,32,49,ae,8b,76,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,40,d7,1e,a5,a3,32,49,ae,8b,76,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(976)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'explorer.exe'(3588)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Robert Folsom\Application Data\Dropbox\bin\DropboxExt.17.dll
    c:\program files\Google\Drive\googledrivesync32.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\hnetcfg.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2013-08-17  18:14:06
    ComboFix-quarantined-files.txt  2013-08-17 23:14
    ComboFix2.txt  2013-08-17 05:35
    .
    Pre-Run: 92,229,685,248 bytes free
    Post-Run: 92,219,215,872 bytes free
    .
    - - End Of File - - 1D53C72644DBD1972F303B69375C7F55
    B16A2359F4962B0C622D81A1C1F4B703
     



    #13 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:12:56 AM

    Posted 19 August 2013 - 05:34 AM

    Hi there,

     

     

    Alright, I think we got rid of one of the baddies. I want to see deeper this time so please create an OTL Report

     

     
     
    • Please download OTL from one of the following mirrors:
       
    • Save it to your desktop.
       
    • Double click on the otlicon.png  icon on your desktop.
       
    • Click the "Scan All Users" checkbox.
       
    • Push the runscan.png  button.
       
    • Two reports will open, copy and paste them in a reply here:
       
      •  
      • OTL.txt <-- Will be opened
         
      • Extra.txt <-- Will be minimized
         

    ===================================================

     

    Also, I'd like to check something else. Please download aswMBR ( 4.5MB ) to your desktop.

    • Double click the aswMBR.exe icon, and click Run.

    • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.

    • Click the Scan button to start the scan.

    • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

     

     

     

    Elle 


    Edited by Blind Faith, 19 August 2013 - 05:35 AM.

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #14 robwired

    robwired
    • Topic Starter

    • Members
    • 64 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:56 PM

    Posted 19 August 2013 - 10:45 PM

    When I did not see an email saying a new reply has been posted to this comment, I came here directly. I see where you have requested that I download two utilities and run them. But this evening when I booted up my computer, Internet Explorer, the only browser I have that has an Internet connection, would not come up. I may have tried to start it before the system was completely up. I am on another computer, and it has been suggAested to me to save the downloads you mentioned to disk and try to install them on my desktop from there.

    I see where "Follow this topic?" is checkmarked, so I don't know why I didn't receive the email saying there had been a new reply.

    Also, I will try booting up my computer and waiting before launching IE.



    #15 robwired

    robwired
    • Topic Starter

    • Members
    • 64 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:56 PM

    Posted 20 August 2013 - 01:19 AM

    IE will not load. I did delete second inactive account, which I created in the hopes it would be uninfected. I hope deleting account did not cause IE to not load. RanOTL, saved OTL.txt and Extras.txt. aswMBR.exe would not open. Am writing from phone now. Will post .txts tomorrow from another computer.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users