1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojans infected

Discussion in 'Virus & Other Malware Removal' started by tmongare04, Feb 15, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. tmongare04

    tmongare04 Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    24
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz, Intel64 Family 6 Model 37 Stepping 5
    Processor Count: 4
    RAM: 3893 Mb
    Graphics Card: Intel(R) HD Graphics, 1722 Mb
    Hard Drives: C: Total - 235461 MB, Free - 95867 MB; D: Total - 16643 MB, Free - 2454 MB; F: Total - 102398 MB, Free - 7 MB; G: Total - 122128 MB, Free - 110797 MB;
    Motherboard: Hewlett-Packard, 1439
    Antivirus: avast! Antivirus, Updated and Enabled

    Hallo,
    Many thanks for the help you render to people with computer issues. My laptop has been infected with trojans and other malware after downloading software from bit torrent which has infected my computer. It sometimes hangs when i am browsing or freezes completely. Please help. Attachments are following here below:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 06/03/2011 15:06:53
    System Uptime: 15/02/2013 08:27:16 (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1439
    Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU | 2266/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 230 GiB total, 93.623 GiB free.
    D: is FIXED (NTFS) - 16 GiB total, 2.397 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 100 GiB total, 0.007 GiB free.
    G: is FIXED (NTFS) - 119 GiB total, 108.201 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&12A0\8&2C22B6CD&0&E0C97AECFC5B_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&12A0\8&2C22B6CD&0&E0C97AECFC5B_C00000000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP636: 03/02/2013 19:00:42 - Windows Backup
    RP637: 05/02/2013 18:52:30 - Windows Update
    RP638: 10/02/2013 15:05:35 - Installed Java 7 Update 13 (64-bit)
    RP639: 10/02/2013 19:02:25 - Windows Backup
    RP640: 12/02/2013 19:06:10 - Windows Update
    RP641: 12/02/2013 21:51:32 - Windows Update
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.22 (x64 edition)
    Adobe AIR
    Adobe Download Assistant
    Adobe Dreamweaver CS5
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader XI (11.0.01)
    Adobe Shockwave Player 11.6
    Agatha Christie - Death on the Nile
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AudibleManager
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    BitTorrent
    Blackhawk Striker 2
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    CCleaner
    Chuzzle Deluxe
    CyberLink DVD Suite
    CyberLink PowerDVD 9
    CyberLink YouCam
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    Dora's Carnival Adventure
    Ellen G. White Writings Comprehensive Research Edition 2008
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Facebook Video Calling 1.2.0.287
    FATE
    FileHippo.com Update Checker
    Final Drive Nitro
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.1.1.0
    HP Advisor
    HP Customer Experience Enhancements
    HP Documentation
    HP Game Console
    HP Games
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Support Assistant
    HP Wireless Assistant
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    iTunes
    Java 7 Update 13 (64-bit)
    Java 7 Update 9
    Java Auto Updater
    Jewel Quest - Heritage
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Compact 3.5 SP1 x64 English
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC100_CRT_SP1_x64
    Microsoft_VC100_CRT_SP1_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Movie Maker
    Moyea YouTube FLV Downloader version: 3.1.2.26
    Mozilla Firefox 19.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVC80_x64_v2
    MSVC80_x86_v2
    MSVC90_x64
    MSVC90_x86
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Opera 12.12
    Penguins!
    Photo Common
    Photo Gallery
    PhotoNow!
    Picasa 3
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    QuickTime
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Recovery Manager
    RtVOsd
    Safari
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 64-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
    Skype Click to Call
    Skype¬ô 6.1
    SopCast 3.4.8
    swMSM
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
    VC80CRTRedist - 8.0.50727.6195
    Virtual Villagers - The Secret City
    Visual Studio 2008 x64 Redistributables
    Visual Studio C++ 10.0 Runtime
    VLC media player 2.0.5
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Xilisoft Video Converter Ultimate
    Yahoo! Detect
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15/02/2013 06:04:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtVOsdService service.
    14/02/2013 19:58:18, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
    13/02/2013 06:04:08, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    11/02/2013 18:58:15, Error: Service Control Manager [7034] - The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
    dds txt
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.9.2
    Run by Tom Mongare at 8:51:22 on 2013-02-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3894.185 [GMT 0:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Tom Mongare\Downloads\HijackThis(1).exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: CatcherBHO Class: {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [Facebook Update] "C:\Users\Tom Mongare\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    uRunOnce: [Uninstall C:\Users\Tom Mongare\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Tom Mongare\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    TCP: Interfaces\{8D6D066A-CE48-4A86-BFEB-A344E812247B} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{8D6D066A-CE48-4A86-BFEB-A344E812247B}\15740313 : DHCPNameServer = 158.43.128.1 208.67.222.222 208.67.220.220
    TCP: Interfaces\{8D6D066A-CE48-4A86-BFEB-A344E812247B}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{8D6D066A-CE48-4A86-BFEB-A344E812247B}\4514C4B44514C4B4D2639334532344 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{8D6D066A-CE48-4A86-BFEB-A344E812247B}\45F6D602D4F6E6761627562E08993702960586F6E656 : DHCPNameServer = 149.254.230.7 149.254.192.126
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tom Mongare\AppData\Roaming\Mozilla\Firefox\Profiles\lwlobl2l.default\
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\Tom Mongare\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-12-22 20:24; [email protected]; C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF - ExtSQL: 2013-02-08 14:17; [email protected]; C:\Users\Tom Mongare\AppData\Roaming\Mozilla\Firefox\Profiles\lwlobl2l.default\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-8 14456]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-22 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-22 370288]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-25 98208]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-22 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-22 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-22 44808]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-25 13336]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-25 2320920]
    R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-8-2 32880]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
    R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
    S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-14 281088]
    S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-14 15360]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-8-4 14448]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-17 19456]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-5-18 243744]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-12 349800]
    S3 S2usbser;S2 USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\S2usbser.sys [2011-10-2 118272]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-17 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-20 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-02-14 17:59:59 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
    2013-02-14 17:59:58 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2013-02-14 17:59:57 116120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
    2013-02-14 17:59:56 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2013-02-14 17:59:55 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2013-02-14 17:59:54 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
    2013-02-12 21:58:10 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-12 21:58:10 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-12 21:53:59 763424 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
    2013-02-12 19:19:56 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-02-12 19:19:53 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-12 19:19:51 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-02-12 19:19:30 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-12 19:19:22 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-02-12 19:19:17 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-02-12 19:19:16 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-02-12 19:19:14 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-02-12 19:19:14 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-02-12 19:19:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-02-12 19:18:49 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-02-12 19:18:47 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-02-12 19:08:07 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{113CDE43-428A-4D9E-8ABD-EA532A491F91}\mpengine.dll
    2013-02-10 15:10:08 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-02-08 14:23:58 -------- d-----w- C:\Users\Tom Mongare\AppData\Roaming\LavasoftStatistics
    2013-02-08 14:18:58 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
    2013-02-08 14:17:35 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2013-02-08 06:55:33 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox.bak
    2013-02-07 22:09:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-30 15:39:09 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2013-01-30 15:38:11 -------- d-----w- C:\Program Files\Microsoft Analysis Services
    2013-01-30 15:38:11 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2013-01-30 15:37:58 -------- d-----w- C:\Windows\SHELLNEW
    .
    ==================== Find3M ====================
    .
    2013-02-12 22:19:43 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-12 22:19:43 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-10 15:09:52 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2013-02-10 15:09:51 963488 ----a-w- C:\Windows\System32\deployJava1.dll
    2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-06 20:36:51 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2013-01-06 20:36:51 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-12 21:37:56 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    .
    ============= FINISH: 8:53:15.02 ===============
    hijak this
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 08:47:41, on 15/02/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Tom Mongare\Downloads\HijackThis(1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Tom Mongare\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tom Mongare\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tom Mongare\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://www.samsungsetup.com
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13301 bytes
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    The only obvious thing that I can see there is a blekko search engine redirect junkware in firefox. we can fix that a bit later on
    first

    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  3. tmongare04

    tmongare04 Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    24
    GMer txt.
    Hi I forgot to post the other log which is here below:
    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-15 12:36:38
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.02.0 465.76GB
    Running: ureim1ms.exe; Driver: C:\Users\TOMMON~1\AppData\Local\Temp\kxryiaow.sys


    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\system32\svchost.exe [584:1528] 000007fef9c31e00
    Thread C:\Windows\system32\svchost.exe [584:1556] 000007fef9b81a50
    Thread C:\Windows\system32\svchost.exe [584:1292] 000007fefcc01a70
    Thread C:\Windows\system32\svchost.exe [584:2996] 000007fefcc01a70
    Thread C:\Windows\system32\svchost.exe [584:3888] 000007fef9d3506c
    Thread C:\Windows\system32\svchost.exe [584:3892] 000007fef5ea1c20
    Thread C:\Windows\system32\svchost.exe [584:3896] 000007fef5ea1c20
    Thread C:\Windows\system32\svchost.exe [584:3404] 000007fefb105124
    Thread C:\Windows\system32\svchost.exe [584:4000] 000007fef1d784d8
    Thread C:\Windows\system32\svchost.exe [584:1232] 000007fef1d323a8
    Thread C:\Windows\system32\svchost.exe [584:1476] 000007fef27c0d00
    Thread C:\Windows\system32\svchost.exe [584:424] 000007fef1c69498
    Thread C:\Windows\system32\svchost.exe [584:5356] 000007fefa6d4164
    Thread C:\Windows\system32\svchost.exe [428:1496] 000007fefb858274
    Thread C:\Windows\system32\svchost.exe [428:2204] 000007fefb858274
    Thread C:\Windows\system32\svchost.exe [420:5132] 000007feea64c2d4
    Thread C:\Windows\system32\svchost.exe [420:5696] 000007feea64c2d4
    Thread C:\Windows\system32\svchost.exe [420:3524] 000007feea64c2d4
    Thread C:\Windows\system32\svchost.exe [420:3924] 000007feea64c2d4
    Thread C:\Windows\system32\svchost.exe [420:2964] 000007fefb105124
    Thread C:\Windows\system32\svchost.exe [420:5628] 000007feeb82d3c8
    Thread C:\Windows\system32\svchost.exe [420:1028] 000007feeb82d3c8
    Thread C:\Windows\system32\svchost.exe [420:6072] 000007feeb82d3c8
    Thread C:\Windows\system32\svchost.exe [420:5740] 000007feeb82d3c8
    Thread C:\Windows\system32\svchost.exe [1076:3660] 000007fef28283d8
    Thread C:\Windows\system32\svchost.exe [1076:3652] 000007fef28283d8
    Thread C:\Windows\system32\svchost.exe [1076:3656] 000007fef28283d8
    Thread C:\Windows\system32\svchost.exe [1076:3640] 000007fef28283d8
    Thread C:\Windows\system32\svchost.exe [1076:2532] 000007fef1cf3f1c
    Thread C:\Windows\system32\svchost.exe [1076:2332] 000007fef2a11a38
    Thread C:\Windows\system32\svchost.exe [1076:2536] 000007fef1cc5388
    Thread C:\Windows\system32\svchost.exe [1076:1480] 000007fef1ca7738
    Thread C:\Windows\system32\svchost.exe [1076:1212] 000007fef1c91f90
    Thread C:\Windows\system32\svchost.exe [1076:4144] 000007fef2d55170
    Thread C:\Windows\system32\svchost.exe [1176:1632] 000007fefcc01a70
    Thread C:\Windows\system32\svchost.exe [1176:1636] 000007fefcc01a70
    Thread C:\Windows\system32\svchost.exe [1176:1648] 000007fefcc01a70
    Thread C:\Windows\system32\svchost.exe [1176:1656] 000007fef9a02c70
    Thread C:\Windows\system32\svchost.exe [1176:1700] 000007fef9a0fb40
    Thread C:\Windows\system32\svchost.exe [1176:1708] 000007fef9a21d20
    Thread C:\Windows\system32\svchost.exe [1176:1712] 000007fef9a0f6f0
    Thread C:\Windows\system32\svchost.exe [1176:2024] 000007fef98335c0
    Thread C:\Windows\system32\svchost.exe [1176:3080] 000007fef9835600
    Thread C:\Windows\system32\svchost.exe [1176:3276] 000007fef5652940
    Thread C:\Windows\system32\svchost.exe [1176:3284] 000007fef5632888
    Thread C:\Windows\system32\WLANExt.exe [1244:1340] 000000018000b674
    Thread C:\Windows\system32\WLANExt.exe [1244:1344] 000000018000b690
    Thread C:\Windows\system32\WLANExt.exe [1244:1348] 000000018000b658
    Thread C:\Windows\system32\WLANExt.exe [1244:1356] 0000000180022170
    Thread C:\Windows\system32\WLANExt.exe [1244:1360] 000007fefa4f2f9c
    Thread C:\Windows\System32\spoolsv.exe [1600:1036] 000007fef62710c8
    Thread C:\Windows\System32\spoolsv.exe [1600:2632] 000007fef6236144
    Thread C:\Windows\System32\spoolsv.exe [1600:2636] 000007fef6025fd0
    Thread C:\Windows\System32\spoolsv.exe [1600:2624] 000007fef6013438
    Thread C:\Windows\System32\spoolsv.exe [1600:2628] 000007fef60263ec
    Thread C:\Windows\System32\spoolsv.exe [1600:2600] 000007fef9305e5c
    Thread C:\Windows\System32\spoolsv.exe [1600:2616] 000007fef90e5074
    Thread C:\Windows\System32\spoolsv.exe [1600:3492] 000007fef9152288
    Thread C:\Windows\system32\taskhost.exe [2240:2508] 000007fef9231f38
    Thread C:\Windows\system32\taskhost.exe [2240:2512] 000007fef9313d18
    Thread C:\Windows\system32\taskhost.exe [2240:2516] 000007fef9242740
    Thread C:\Windows\system32\taskhost.exe [2240:2520] 000007fefe7d9274
    Thread C:\Windows\system32\taskhost.exe [2240:2572] 000007fefa921010
    Thread [2716:2744] 0000000074a07587
    Thread [2716:2768] 0000000076f32e25
    Thread [2716:2380] 0000000076f33e45
    Thread C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [3508:3588] 000007fef3d0b140
    Thread C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [3508:3592] 000007fef3d0b140
    Thread C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [3508:3596] 000007fef3d0b140
    Thread C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [3508:3600] 000007fef3d0b140
    Thread C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [3508:3604] 000007fef3d0b140
    Thread C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [3508:3608] 000007fef3d08e3c
    Thread C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [3508:3612] 000007fef3d0b140
    Thread C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [3508:3616] 000007fef3d0b140
    Thread C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [3508:3636] 000007fef3d0b140
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4112:4452] 000007fefeca0168
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4112:4468] 000007fefaad2a7c
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4112:4476] 000007fef0a1d618
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4112:4564] 000007fefb105124
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4112:576] 000007fef09b9730
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4112:2844] 000007fef0a1d618
    Thread C:\Windows\System32\svchost.exe [2268:2472] 000007feeb909688

    ---- EOF - GMER 2.1 ----
    Am running kaspersky as recommended and will post soon.
    Thanks
     
  4. tmongare04

    tmongare04 Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    24
    Here is the log i have just run again,
    12:45:45.0128 3696 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    12:45:45.0690 3696 ============================================================
    12:45:45.0690 3696 Current date / time: 2013/02/15 12:45:45.0690
    12:45:45.0690 3696 SystemInfo:
    12:45:45.0690 3696
    12:45:45.0690 3696 OS Version: 6.1.7601 ServicePack: 1.0
    12:45:45.0690 3696 Product type: Workstation
    12:45:45.0690 3696 ComputerName: TOMMONGARE-HP
    12:45:45.0691 3696 UserName: Tom Mongare
    12:45:45.0691 3696 Windows directory: C:\Windows
    12:45:45.0691 3696 System windows directory: C:\Windows
    12:45:45.0691 3696 Running under WOW64
    12:45:45.0691 3696 Processor architecture: Intel x64
    12:45:45.0691 3696 Number of processors: 4
    12:45:45.0691 3696 Page size: 0x1000
    12:45:45.0691 3696 Boot type: Normal boot
    12:45:45.0691 3696 ============================================================
    12:45:47.0988 3696 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:45:48.0003 3696 ============================================================
    12:45:48.0003 3696 \Device\Harddisk0\DR0:
    12:45:48.0034 3696 MBR partitions:
    12:45:48.0035 3696 Initialize success
    12:45:48.0035 3696 ============================================================
    12:46:20.0137 2876 ============================================================
    12:46:20.0137 2876 Scan started
    12:46:20.0137 2876 Mode: Manual;
    12:46:20.0137 2876 ============================================================
    12:46:20.0158 2876 ================ Scan system memory ========================
    12:46:20.0158 2876 System memory - ok
    12:46:20.0160 2876 ================ Scan services =============================
    12:46:20.0310 2876 1394ohci - ok
    12:46:20.0331 2876 ACPI - ok
    12:46:20.0363 2876 AcpiPmi - ok
    12:46:20.0464 2876 AdobeARMservice - ok
    12:46:20.0534 2876 AdobeFlashPlayerUpdateSvc - ok
    12:46:20.0587 2876 adp94xx - ok
    12:46:20.0598 2876 adpahci - ok
    12:46:20.0616 2876 adpu320 - ok
    12:46:20.0624 2876 AeLookupSvc - ok
    12:46:20.0657 2876 AERTFilters - ok
    12:46:20.0708 2876 AFD - ok
    12:46:20.0720 2876 AgereSoftModem - ok
    12:46:20.0754 2876 agp440 - ok
    12:46:20.0761 2876 ALG - ok
    12:46:20.0796 2876 aliide - ok
    12:46:20.0810 2876 amdide - ok
    12:46:20.0842 2876 AmdK8 - ok
    12:46:20.0848 2876 AmdPPM - ok
    12:46:20.0873 2876 amdsata - ok
    12:46:20.0880 2876 amdsbs - ok
    12:46:20.0888 2876 amdxata - ok
    12:46:20.0921 2876 AppID - ok
    12:46:20.0927 2876 AppIDSvc - ok
    12:46:20.0976 2876 Appinfo - ok
    12:46:21.0016 2876 Apple Mobile Device - ok
    12:46:21.0085 2876 arc - ok
    12:46:21.0120 2876 arcsas - ok
    12:46:21.0323 2876 aswFsBlk - ok
    12:46:21.0507 2876 aswMonFlt - ok
    12:46:21.0646 2876 aswRdr - ok
    12:46:21.0719 2876 aswSnx - ok
    12:46:21.0890 2876 aswSP - ok
    12:46:21.0976 2876 aswTdi - ok
    12:46:22.0019 2876 AsyncMac - ok
    12:46:22.0058 2876 atapi - ok
    12:46:22.0077 2876 AudioEndpointBuilder - ok
    12:46:22.0083 2876 AudioSrv - ok
    12:46:22.0192 2876 avast! Antivirus - ok
    12:46:22.0286 2876 AxInstSV - ok
    12:46:22.0307 2876 b06bdrv - ok
    12:46:22.0345 2876 b57nd60a - ok
    12:46:22.0432 2876 BCM43XX - ok
    12:46:22.0439 2876 BDESVC - ok
    12:46:22.0483 2876 Beep - ok
    12:46:22.0517 2876 BFE - ok
    12:46:22.0561 2876 BITS - ok
    12:46:22.0618 2876 blbdrive - ok
    12:46:22.0695 2876 Bonjour Service - ok
    12:46:22.0775 2876 bowser - ok
    12:46:22.0781 2876 BrFiltLo - ok
    12:46:22.0788 2876 BrFiltUp - ok
    12:46:22.0794 2876 Browser - ok
    12:46:22.0828 2876 BrSerIb - ok
    12:46:22.0833 2876 Brserid - ok
    12:46:22.0839 2876 BrSerWdm - ok
    12:46:22.0843 2876 BrUsbMdm - ok
    12:46:22.0848 2876 BrUsbSer - ok
    12:46:22.0914 2876 BrUsbSIb - ok
    12:46:22.0965 2876 BthAvrcp - ok
    12:46:22.0989 2876 BthEnum - ok
    12:46:22.0996 2876 BTHMODEM - ok
    12:46:23.0003 2876 BthPan - ok
    12:46:23.0009 2876 BTHPORT - ok
    12:46:23.0042 2876 bthserv - ok
    12:46:23.0047 2876 BTHUSB - ok
    12:46:23.0080 2876 cdfs - ok
    12:46:23.0114 2876 cdrom - ok
    12:46:23.0147 2876 CertPropSvc - ok
    12:46:23.0207 2876 circlass - ok
    12:46:23.0214 2876 CLFS - ok
    12:46:23.0220 2876 clr_optimization_v2.0.50727_32 - ok
    12:46:23.0224 2876 clr_optimization_v2.0.50727_64 - ok
    12:46:23.0286 2876 clr_optimization_v4.0.30319_32 - ok
    12:46:23.0331 2876 clr_optimization_v4.0.30319_64 - ok
    12:46:23.0464 2876 clwvd - ok
    12:46:23.0485 2876 CmBatt - ok
    12:46:23.0491 2876 cmdide - ok
    12:46:23.0497 2876 CNG - ok
    12:46:23.0530 2876 Compbatt - ok
    12:46:23.0554 2876 CompositeBus - ok
    12:46:23.0585 2876 COMSysApp - ok
    12:46:23.0666 2876 CpqDfw - ok
    12:46:23.0934 2876 cpuz134 - ok
    12:46:23.0940 2876 crcdisk - ok
    12:46:24.0021 2876 CryptSvc - ok
    12:46:24.0073 2876 DcomLaunch - ok
    12:46:24.0137 2876 defragsvc - ok
    12:46:24.0180 2876 DfsC - ok
    12:46:24.0215 2876 Dhcp - ok
    12:46:24.0222 2876 discache - ok
    12:46:24.0316 2876 Disk - ok
    12:46:24.0321 2876 Dnscache - ok
    12:46:24.0461 2876 dot3svc - ok
    12:46:24.0468 2876 DPS - ok
    12:46:24.0547 2876 drmkaud - ok
    12:46:24.0613 2876 DXGKrnl - ok
    12:46:24.0658 2876 EapHost - ok
    12:46:24.0664 2876 ebdrv - ok
    12:46:24.0671 2876 EFS - ok
    12:46:24.0704 2876 ehRecvr - ok
    12:46:24.0731 2876 ehSched - ok
    12:46:24.0771 2876 elxstor - ok
    12:46:24.0777 2876 ErrDev - ok
    12:46:24.0858 2876 EventSystem - ok
    12:46:24.0922 2876 ewusbnet - ok
    12:46:24.0928 2876 exfat - ok
    12:46:25.0063 2876 ezSharedSvc - ok
    12:46:25.0070 2876 fastfat - ok
    12:46:25.0114 2876 Fax - ok
    12:46:25.0120 2876 fdc - ok
    12:46:25.0127 2876 fdPHost - ok
    12:46:25.0134 2876 FDResPub - ok
    12:46:25.0138 2876 FileInfo - ok
    12:46:25.0142 2876 Filetrace - ok
    12:46:25.0147 2876 flpydisk - ok
    12:46:25.0185 2876 FltMgr - ok
    12:46:25.0215 2876 FontCache - ok
    12:46:25.0221 2876 FontCache3.0.0.0 - ok
    12:46:25.0227 2876 FsDepends - ok
    12:46:25.0232 2876 Fs_Rec - ok
    12:46:25.0301 2876 fvevol - ok
    12:46:25.0339 2876 gagp30kx - ok
    12:46:25.0344 2876 GameConsoleService - ok
    12:46:25.0379 2876 GEARAspiWDM - ok
    12:46:25.0551 2876 gfibto - ok
    12:46:25.0650 2876 ggflt - ok
    12:46:25.0699 2876 ggsemc - ok
    12:46:25.0706 2876 gpsvc - ok
    12:46:25.0786 2876 gupdate - ok
    12:46:25.0876 2876 gupdatem - ok
    12:46:26.0012 2876 gusvc - ok
    12:46:26.0019 2876 hcw85cir - ok
    12:46:26.0119 2876 HdAudAddService - ok
    12:46:26.0145 2876 HDAudBus - ok
    12:46:26.0181 2876 HECIx64 - ok
    12:46:26.0187 2876 HidBatt - ok
    12:46:26.0193 2876 HidBth - ok
    12:46:26.0200 2876 HidIr - ok
    12:46:26.0207 2876 hidserv - ok
    12:46:26.0245 2876 HidUsb - ok
    12:46:26.0250 2876 hkmsvc - ok
    12:46:26.0254 2876 HomeGroupListener - ok
    12:46:26.0259 2876 HomeGroupProvider - ok
    12:46:26.0430 2876 HP Support Assistant Service - ok
    12:46:26.0471 2876 HP Wireless Assistant Service - ok
    12:46:26.0515 2876 HPDrvMntSvc.exe - ok
    12:46:26.0602 2876 hpqwmiex - ok
    12:46:26.0685 2876 HpSAMD - ok
    12:46:26.0922 2876 HPWMISVC - ok
    12:46:26.0997 2876 HTTP - ok
    12:46:27.0052 2876 hwdatacard - ok
    12:46:27.0058 2876 hwpolicy - ok
    12:46:27.0091 2876 i8042prt - ok
    12:46:27.0103 2876 iaStor - ok
    12:46:27.0229 2876 IAStorDataMgrSvc - ok
    12:46:27.0273 2876 iaStorV - ok
    12:46:27.0428 2876 IDriverT - ok
    12:46:27.0435 2876 idsvc - ok
    12:46:27.0477 2876 igfx - ok
    12:46:27.0519 2876 iirsp - ok
    12:46:27.0525 2876 IKEEXT - ok
    12:46:27.0536 2876 IntcAzAudAddService - ok
    12:46:27.0588 2876 IntcDAud - ok
    12:46:27.0593 2876 intelide - ok
    12:46:27.0646 2876 intelppm - ok
    12:46:27.0652 2876 IPBusEnum - ok
    12:46:27.0659 2876 IpFilterDriver - ok
    12:46:27.0662 2876 iphlpsvc - ok
    12:46:27.0667 2876 IPMIDRV - ok
    12:46:27.0672 2876 IPNAT - ok
    12:46:27.0777 2876 iPod Service - ok
    12:46:27.0812 2876 IRENUM - ok
    12:46:27.0849 2876 isapnp - ok
    12:46:27.0855 2876 iScsiPrt - ok
    12:46:27.0889 2876 kbdclass - ok
    12:46:27.0912 2876 kbdhid - ok
    12:46:27.0918 2876 KeyIso - ok
    12:46:27.0924 2876 KSecDD - ok
    12:46:27.0931 2876 KSecPkg - ok
    12:46:27.0978 2876 ksthunk - ok
    12:46:27.0983 2876 KtmRm - ok
    12:46:27.0988 2876 LanmanServer - ok
    12:46:27.0992 2876 LanmanWorkstation - ok
    12:46:28.0034 2876 LightScribeService - ok
    12:46:28.0126 2876 lltdio - ok
    12:46:28.0132 2876 lltdsvc - ok
    12:46:28.0136 2876 lmhosts - ok
    12:46:28.0167 2876 LMS - ok
    12:46:28.0202 2876 LSI_FC - ok
    12:46:28.0208 2876 LSI_SAS - ok
    12:46:28.0213 2876 LSI_SAS2 - ok
    12:46:28.0217 2876 LSI_SCSI - ok
    12:46:28.0222 2876 luafv - ok
    12:46:28.0302 2876 Mcx2Svc - ok
    12:46:28.0308 2876 megasas - ok
    12:46:28.0314 2876 MegaSR - ok
    12:46:28.0506 2876 Microsoft SharePoint Workspace Audit Service - ok
    12:46:28.0529 2876 MMCSS - ok
    12:46:28.0534 2876 Modem - ok
    12:46:28.0556 2876 monitor - ok
    12:46:28.0598 2876 mouclass - ok
    12:46:28.0645 2876 mouhid - ok
    12:46:28.0649 2876 mountmgr - ok
    12:46:28.0725 2876 MozillaMaintenance - ok
    12:46:28.0729 2876 mpio - ok
    12:46:28.0734 2876 mpsdrv - ok
    12:46:28.0738 2876 MpsSvc - ok
    12:46:28.0742 2876 MRxDAV - ok
    12:46:28.0747 2876 mrxsmb - ok
    12:46:28.0751 2876 mrxsmb10 - ok
    12:46:28.0755 2876 mrxsmb20 - ok
    12:46:28.0760 2876 msahci - ok
    12:46:28.0765 2876 msdsm - ok
    12:46:28.0769 2876 MSDTC - ok
    12:46:28.0798 2876 Msfs - ok
    12:46:28.0833 2876 mshidkmdf - ok
    12:46:28.0840 2876 msisadrv - ok
    12:46:28.0901 2876 MSiSCSI - ok
    12:46:28.0906 2876 msiserver - ok
    12:46:28.0944 2876 MSKSSRV - ok
    12:46:28.0987 2876 MSPCLOCK - ok
    12:46:29.0012 2876 MSPQM - ok
    12:46:29.0017 2876 MsRPC - ok
    12:46:29.0024 2876 mssmbios - ok
    12:46:29.0078 2876 MSTEE - ok
    12:46:29.0082 2876 MTConfig - ok
    12:46:29.0117 2876 Mup - ok
    12:46:29.0121 2876 napagent - ok
    12:46:29.0182 2876 NativeWifiP - ok
    12:46:29.0214 2876 NDIS - ok
    12:46:29.0226 2876 NdisCap - ok
    12:46:29.0253 2876 NdisTapi - ok
    12:46:29.0307 2876 Ndisuio - ok
    12:46:29.0314 2876 NdisWan - ok
    12:46:29.0320 2876 NDProxy - ok
    12:46:29.0351 2876 Netaapl - ok
    12:46:29.0391 2876 NetBIOS - ok
    12:46:29.0395 2876 NetBT - ok
    12:46:29.0400 2876 Netlogon - ok
    12:46:29.0438 2876 Netman - ok
    12:46:29.0445 2876 netprofm - ok
    12:46:29.0452 2876 NetTcpPortSharing - ok
    12:46:29.0481 2876 netw5v64 - ok
    12:46:29.0528 2876 nfrd960 - ok
    12:46:29.0557 2876 NlaSvc - ok
    12:46:29.0564 2876 Npfs - ok
    12:46:29.0568 2876 nsi - ok
    12:46:29.0572 2876 nsiproxy - ok
    12:46:29.0578 2876 Ntfs - ok
    12:46:29.0583 2876 Null - ok
    12:46:29.0635 2876 nvraid - ok
    12:46:29.0641 2876 nvstor - ok
    12:46:29.0675 2876 nv_agp - ok
    12:46:29.0682 2876 ohci1394 - ok
    12:46:29.0775 2876 ose64 - ok
    12:46:29.0918 2876 osppsvc - ok
    12:46:29.0971 2876 p2pimsvc - ok
    12:46:29.0978 2876 p2psvc - ok
    12:46:29.0984 2876 Parport - ok
    12:46:29.0987 2876 partmgr - ok
    12:46:29.0991 2876 PcaSvc - ok
    12:46:30.0013 2876 pccsmcfd - ok
    12:46:30.0019 2876 pci - ok
    12:46:30.0024 2876 pciide - ok
    12:46:30.0028 2876 pcmcia - ok
    12:46:30.0034 2876 pcw - ok
    12:46:30.0038 2876 PEAUTH - ok
    12:46:30.0044 2876 PerfHost - ok
    12:46:30.0054 2876 pla - ok
    12:46:30.0059 2876 PlugPlay - ok
    12:46:30.0131 2876 Pml Driver HPZ12 - ok
    12:46:30.0135 2876 PNRPAutoReg - ok
    12:46:30.0140 2876 PNRPsvc - ok
    12:46:30.0144 2876 PolicyAgent - ok
    12:46:30.0162 2876 Power - ok
    12:46:30.0262 2876 PptpMiniport - ok
    12:46:30.0268 2876 Processor - ok
    12:46:30.0307 2876 ProfSvc - ok
    12:46:30.0311 2876 ProtectedStorage - ok
    12:46:30.0404 2876 Psched - ok
    12:46:30.0411 2876 ql2300 - ok
    12:46:30.0415 2876 ql40xx - ok
    12:46:30.0419 2876 QWAVE - ok
    12:46:30.0423 2876 QWAVEdrv - ok
    12:46:30.0428 2876 RasAcd - ok
    12:46:30.0465 2876 RasAgileVpn - ok
    12:46:30.0472 2876 RasAuto - ok
    12:46:30.0518 2876 Rasl2tp - ok
    12:46:30.0522 2876 RasMan - ok
    12:46:30.0553 2876 RasPppoe - ok
    12:46:30.0598 2876 RasSstp - ok
    12:46:30.0604 2876 rdbss - ok
    12:46:30.0611 2876 rdpbus - ok
    12:46:30.0617 2876 RDPCDD - ok
    12:46:30.0711 2876 RDPENCDD - ok
    12:46:30.0720 2876 RDPREFMP - ok
    12:46:30.0909 2876 RdpVideoMiniport - ok
    12:46:30.0915 2876 RDPWD - ok
    12:46:30.0941 2876 rdyboost - ok
    12:46:31.0263 2876 RealNetworks Downloader Resolver Service - ok
    12:46:31.0268 2876 RemoteAccess - ok
    12:46:31.0273 2876 RemoteRegistry - ok
    12:46:31.0278 2876 RFCOMM - ok
    12:46:31.0296 2876 RpcEptMapper - ok
    12:46:31.0301 2876 RpcLocator - ok
    12:46:31.0305 2876 RpcSs - ok
    12:46:31.0352 2876 rspndr - ok
    12:46:31.0616 2876 RSUSBSTOR - ok
    12:46:31.0656 2876 RTL8167 - ok
    12:46:31.0660 2876 RtVOsdService - ok
    12:46:31.0733 2876 S2usbser - ok
    12:46:31.0737 2876 SamSs - ok
    12:46:31.0740 2876 sbp2port - ok
    12:46:31.0744 2876 SCardSvr - ok
    12:46:31.0749 2876 scfilter - ok
    12:46:31.0753 2876 Schedule - ok
    12:46:31.0757 2876 SCPolicySvc - ok
    12:46:31.0781 2876 sdbus - ok
    12:46:31.0788 2876 SDRSVC - ok
    12:46:31.0823 2876 secdrv - ok
    12:46:31.0829 2876 seclogon - ok
    12:46:31.0834 2876 SENS - ok
    12:46:31.0908 2876 SensrSvc - ok
    12:46:31.0914 2876 Serenum - ok
    12:46:31.0919 2876 Serial - ok
    12:46:31.0924 2876 sermouse - ok
    12:46:31.0937 2876 SessionEnv - ok
    12:46:31.0942 2876 sffdisk - ok
    12:46:31.0948 2876 sffp_mmc - ok
    12:46:31.0953 2876 sffp_sd - ok
    12:46:31.0957 2876 sfloppy - ok
    12:46:31.0963 2876 SharedAccess - ok
    12:46:31.0967 2876 ShellHWDetection - ok
    12:46:32.0006 2876 SiSRaid2 - ok
    12:46:32.0011 2876 SiSRaid4 - ok
    12:46:32.0085 2876 Skype C2C Service - ok
    12:46:32.0114 2876 SkypeUpdate - ok
    12:46:32.0136 2876 Smb - ok
    12:46:32.0212 2876 SNMPTRAP - ok
    12:46:32.0269 2876 spldr - ok
    12:46:32.0275 2876 Spooler - ok
    12:46:32.0280 2876 sppsvc - ok
    12:46:32.0284 2876 sppuinotify - ok
    12:46:32.0289 2876 srv - ok
    12:46:32.0293 2876 srv2 - ok
    12:46:32.0334 2876 SrvHsfHDA - ok
    12:46:32.0341 2876 SrvHsfV92 - ok
    12:46:32.0346 2876 SrvHsfWinac - ok
    12:46:32.0350 2876 srvnet - ok
    12:46:32.0401 2876 SSDPSRV - ok
    12:46:32.0407 2876 SstpSvc - ok
    12:46:32.0413 2876 stexstor - ok
    12:46:32.0419 2876 stisvc - ok
    12:46:32.0423 2876 swenum - ok
    12:46:32.0513 2876 swprv - ok
    12:46:32.0553 2876 SynTP - ok
    12:46:32.0558 2876 SysMain - ok
    12:46:32.0564 2876 TabletInputService - ok
    12:46:32.0570 2876 TapiSrv - ok
    12:46:32.0579 2876 TBS - ok
    12:46:32.0584 2876 Tcpip - ok
    12:46:32.0645 2876 TCPIP6 - ok
    12:46:32.0651 2876 tcpipreg - ok
    12:46:32.0658 2876 TDPIPE - ok
    12:46:32.0663 2876 TDTCP - ok
    12:46:32.0673 2876 tdx - ok
    12:46:32.0677 2876 TermDD - ok
    12:46:32.0682 2876 TermService - ok
    12:46:32.0686 2876 Themes - ok
    12:46:32.0690 2876 THREADORDER - ok
    12:46:32.0718 2876 TrkWks - ok
    12:46:32.0723 2876 TrustedInstaller - ok
    12:46:32.0729 2876 tssecsrv - ok
    12:46:32.0792 2876 TsUsbFlt - ok
    12:46:32.0846 2876 tunnel - ok
    12:46:32.0853 2876 uagp35 - ok
    12:46:32.0859 2876 udfs - ok
    12:46:32.0873 2876 UI0Detect - ok
    12:46:32.0896 2876 uliagpkx - ok
    12:46:32.0929 2876 umbus - ok
    12:46:32.0934 2876 UmPass - ok
    12:46:32.0938 2876 UNS - ok
    12:46:32.0945 2876 upnphost - ok
    12:46:33.0009 2876 USBAAPL64 - ok
    12:46:33.0013 2876 usbccgp - ok
    12:46:33.0071 2876 usbcir - ok
    12:46:33.0076 2876 usbehci - ok
    12:46:33.0099 2876 usbhub - ok
    12:46:33.0104 2876 usbohci - ok
    12:46:33.0110 2876 usbprint - ok
    12:46:33.0186 2876 usbscan - ok
    12:46:33.0241 2876 usbser - ok
    12:46:33.0244 2876 USBSTOR - ok
    12:46:33.0249 2876 usbuhci - ok
    12:46:33.0362 2876 usbvideo - ok
    12:46:33.0434 2876 usb_rndisx - ok
    12:46:33.0441 2876 UxSms - ok
    12:46:33.0448 2876 VaultSvc - ok
    12:46:33.0485 2876 vdrvroot - ok
    12:46:33.0512 2876 vds - ok
    12:46:33.0555 2876 vga - ok
    12:46:33.0560 2876 VgaSave - ok
    12:46:33.0566 2876 vhdmp - ok
    12:46:33.0572 2876 viaide - ok
    12:46:33.0576 2876 volmgr - ok
    12:46:33.0606 2876 volmgrx - ok
    12:46:33.0611 2876 volsnap - ok
    12:46:33.0661 2876 vsmraid - ok
    12:46:33.0666 2876 VSS - ok
    12:46:33.0670 2876 vwifibus - ok
    12:46:33.0675 2876 vwififlt - ok
    12:46:33.0708 2876 vwifimp - ok
    12:46:33.0713 2876 W32Time - ok
    12:46:33.0720 2876 WacomPen - ok
    12:46:33.0756 2876 WANARP - ok
    12:46:33.0796 2876 Wanarpv6 - ok
    12:46:33.0830 2876 WatAdminSvc - ok
    12:46:33.0835 2876 wbengine - ok
    12:46:33.0846 2876 WbioSrvc - ok
    12:46:33.0854 2876 wcncsvc - ok
    12:46:33.0860 2876 WcsPlugInService - ok
    12:46:33.0865 2876 Wd - ok
    12:46:34.0076 2876 WDC_SAM - ok
    12:46:34.0081 2876 Wdf01000 - ok
    12:46:34.0087 2876 WdiServiceHost - ok
    12:46:34.0093 2876 WdiSystemHost - ok
    12:46:34.0099 2876 WebClient - ok
    12:46:34.0106 2876 Wecsvc - ok
    12:46:34.0112 2876 wercplsupport - ok
    12:46:34.0201 2876 WerSvc - ok
    12:46:34.0263 2876 WfpLwf - ok
    12:46:34.0267 2876 WIMMount - ok
    12:46:34.0272 2876 WinDefend - ok
    12:46:34.0279 2876 WinHttpAutoProxySvc - ok
    12:46:34.0283 2876 Winmgmt - ok
    12:46:34.0287 2876 WinRM - ok
    12:46:34.0379 2876 WinUsb - ok
    12:46:34.0384 2876 Wlansvc - ok
    12:46:34.0495 2876 wlidsvc - ok
    12:46:34.0542 2876 WmiAcpi - ok
    12:46:34.0550 2876 wmiApSrv - ok
    12:46:34.0615 2876 WMPNetworkSvc - ok
    12:46:34.0619 2876 WPCSvc - ok
    12:46:34.0624 2876 WPDBusEnum - ok
    12:46:34.0628 2876 ws2ifsl - ok
    12:46:34.0633 2876 wscsvc - ok
    12:46:34.0637 2876 WSearch - ok
    12:46:34.0644 2876 wuauserv - ok
    12:46:34.0648 2876 WudfPf - ok
    12:46:34.0682 2876 WUDFRd - ok
    12:46:34.0688 2876 wudfsvc - ok
    12:46:34.0695 2876 WwanSvc - ok
    12:46:34.0746 2876 yukonw7 - ok
    12:46:35.0298 2876 ================ Scan global ===============================
    12:46:35.0301 2876 [Global] - ok
    12:46:35.0304 2876 ================ Scan MBR ==================================
    12:46:35.0375 2876 [ 8659BC190AD676ED07607E6B478C25FA ] \Device\Harddisk0\DR0
    12:46:36.0324 2876 \Device\Harddisk0\DR0 - ok
    12:46:36.0325 2876 ================ Scan VBR ==================================
    12:46:36.0325 2876 ============================================================
    12:46:36.0325 2876 Scan finished
    12:46:36.0325 2876 ============================================================
    12:46:36.0339 1484 Detected object count: 0
    12:46:36.0340 1484 Actual detected object count: 0
    12:46:43.0508 5844 ============================================================
    12:46:43.0508 5844 Scan started
    12:46:43.0508 5844 Mode: Manual;
    12:46:43.0508 5844 ============================================================
    12:46:43.0510 5844 ================ Scan system memory ========================
    12:46:43.0510 5844 System memory - ok
    12:46:43.0511 5844 ================ Scan services =============================
    12:46:43.0529 5844 1394ohci - ok
    12:46:43.0533 5844 ACPI - ok
    12:46:43.0537 5844 AcpiPmi - ok
    12:46:43.0542 5844 AdobeARMservice - ok
    12:46:43.0546 5844 AdobeFlashPlayerUpdateSvc - ok
    12:46:43.0550 5844 adp94xx - ok
    12:46:43.0555 5844 adpahci - ok
    12:46:43.0559 5844 adpu320 - ok
    12:46:43.0565 5844 AeLookupSvc - ok
    12:46:43.0569 5844 AERTFilters - ok
    12:46:43.0574 5844 AFD - ok
    12:46:43.0578 5844 AgereSoftModem - ok
    12:46:43.0582 5844 agp440 - ok
    12:46:43.0586 5844 ALG - ok
    12:46:43.0591 5844 aliide - ok
    12:46:43.0595 5844 amdide - ok
    12:46:43.0599 5844 AmdK8 - ok
    12:46:43.0603 5844 AmdPPM - ok
    12:46:43.0608 5844 amdsata - ok
    12:46:43.0611 5844 amdsbs - ok
    12:46:43.0616 5844 amdxata - ok
    12:46:43.0620 5844 AppID - ok
    12:46:43.0624 5844 AppIDSvc - ok
    12:46:43.0628 5844 Appinfo - ok
    12:46:43.0633 5844 Apple Mobile Device - ok
    12:46:43.0637 5844 arc - ok
    12:46:43.0642 5844 arcsas - ok
    12:46:43.0646 5844 aswFsBlk - ok
    12:46:43.0650 5844 aswMonFlt - ok
    12:46:43.0654 5844 aswRdr - ok
    12:46:43.0659 5844 aswSnx - ok
    12:46:43.0663 5844 aswSP - ok
    12:46:43.0667 5844 aswTdi - ok
    12:46:43.0671 5844 AsyncMac - ok
    12:46:43.0675 5844 atapi - ok
    12:46:43.0680 5844 AudioEndpointBuilder - ok
    12:46:43.0684 5844 AudioSrv - ok
    12:46:43.0688 5844 avast! Antivirus - ok
    12:46:43.0694 5844 AxInstSV - ok
    12:46:43.0699 5844 b06bdrv - ok
    12:46:43.0703 5844 b57nd60a - ok
    12:46:43.0709 5844 BCM43XX - ok
    12:46:43.0713 5844 BDESVC - ok
    12:46:43.0717 5844 Beep - ok
    12:46:43.0721 5844 BFE - ok
    12:46:43.0727 5844 BITS - ok
    12:46:43.0732 5844 blbdrive - ok
    12:46:43.0736 5844 Bonjour Service - ok
    12:46:43.0740 5844 bowser - ok
    12:46:43.0744 5844 BrFiltLo - ok
    12:46:43.0748 5844 BrFiltUp - ok
    12:46:43.0752 5844 Browser - ok
    12:46:43.0756 5844 BrSerIb - ok
    12:46:43.0760 5844 Brserid - ok
    12:46:43.0764 5844 BrSerWdm - ok
    12:46:43.0768 5844 BrUsbMdm - ok
    12:46:43.0773 5844 BrUsbSer - ok
    12:46:43.0777 5844 BrUsbSIb - ok
    12:46:43.0780 5844 BthAvrcp - ok
    12:46:43.0785 5844 BthEnum - ok
    12:46:43.0789 5844 BTHMODEM - ok
    12:46:43.0793 5844 BthPan - ok
    12:46:43.0797 5844 BTHPORT - ok
    12:46:43.0801 5844 bthserv - ok
    12:46:43.0806 5844 BTHUSB - ok
    12:46:43.0810 5844 cdfs - ok
    12:46:43.0814 5844 cdrom - ok
    12:46:43.0818 5844 CertPropSvc - ok
    12:46:43.0823 5844 circlass - ok
    12:46:43.0827 5844 CLFS - ok
    12:46:43.0831 5844 clr_optimization_v2.0.50727_32 - ok
    12:46:43.0835 5844 clr_optimization_v2.0.50727_64 - ok
    12:46:43.0840 5844 clr_optimization_v4.0.30319_32 - ok
    12:46:43.0844 5844 clr_optimization_v4.0.30319_64 - ok
    12:46:43.0849 5844 clwvd - ok
    12:46:43.0853 5844 CmBatt - ok
    12:46:43.0858 5844 cmdide - ok
    12:46:43.0862 5844 CNG - ok
    12:46:43.0866 5844 Compbatt - ok
    12:46:43.0871 5844 CompositeBus - ok
    12:46:43.0875 5844 COMSysApp - ok
    12:46:43.0879 5844 CpqDfw - ok
    12:46:43.0884 5844 cpuz134 - ok
    12:46:43.0888 5844 crcdisk - ok
    12:46:43.0894 5844 CryptSvc - ok
    12:46:43.0900 5844 DcomLaunch - ok
    12:46:43.0904 5844 defragsvc - ok
    12:46:43.0909 5844 DfsC - ok
    12:46:43.0913 5844 Dhcp - ok
    12:46:43.0917 5844 discache - ok
    12:46:43.0921 5844 Disk - ok
    12:46:43.0926 5844 Dnscache - ok
    12:46:43.0930 5844 dot3svc - ok
    12:46:43.0935 5844 DPS - ok
    12:46:43.0938 5844 drmkaud - ok
    12:46:43.0943 5844 DXGKrnl - ok
    12:46:43.0947 5844 EapHost - ok
    12:46:43.0951 5844 ebdrv - ok
    12:46:43.0955 5844 EFS - ok
    12:46:43.0959 5844 ehRecvr - ok
    12:46:43.0963 5844 ehSched - ok
    12:46:43.0967 5844 elxstor - ok
    12:46:43.0971 5844 ErrDev - ok
    12:46:43.0980 5844 EventSystem - ok
    12:46:43.0984 5844 ewusbnet - ok
    12:46:43.0988 5844 exfat - ok
    12:46:43.0994 5844 ezSharedSvc - ok
    12:46:43.0998 5844 fastfat - ok
    12:46:44.0002 5844 Fax - ok
    12:46:44.0006 5844 fdc - ok
    12:46:44.0009 5844 fdPHost - ok
    12:46:44.0013 5844 FDResPub - ok
    12:46:44.0017 5844 FileInfo - ok
    12:46:44.0021 5844 Filetrace - ok
    12:46:44.0025 5844 flpydisk - ok
    12:46:44.0029 5844 FltMgr - ok
    12:46:44.0033 5844 FontCache - ok
    12:46:44.0037 5844 FontCache3.0.0.0 - ok
    12:46:44.0042 5844 FsDepends - ok
    12:46:44.0046 5844 Fs_Rec - ok
    12:46:44.0050 5844 fvevol - ok
    12:46:44.0054 5844 gagp30kx - ok
    12:46:44.0059 5844 GameConsoleService - ok
    12:46:44.0063 5844 GEARAspiWDM - ok
    12:46:44.0067 5844 gfibto - ok
    12:46:44.0071 5844 ggflt - ok
    12:46:44.0076 5844 ggsemc - ok
    12:46:44.0080 5844 gpsvc - ok
    12:46:44.0084 5844 gupdate - ok
    12:46:44.0088 5844 gupdatem - ok
    12:46:44.0092 5844 gusvc - ok
    12:46:44.0097 5844 hcw85cir - ok
    12:46:44.0101 5844 HdAudAddService - ok
    12:46:44.0106 5844 HDAudBus - ok
    12:46:44.0110 5844 HECIx64 - ok
    12:46:44.0114 5844 HidBatt - ok
    12:46:44.0118 5844 HidBth - ok
    12:46:44.0122 5844 HidIr - ok
    12:46:44.0126 5844 hidserv - ok
    12:46:44.0130 5844 HidUsb - ok
    12:46:44.0134 5844 hkmsvc - ok
    12:46:44.0138 5844 HomeGroupListener - ok
    12:46:44.0143 5844 HomeGroupProvider - ok
    12:46:44.0147 5844 HP Support Assistant Service - ok
    12:46:44.0151 5844 HP Wireless Assistant Service - ok
    12:46:44.0156 5844 HPDrvMntSvc.exe - ok
    12:46:44.0160 5844 hpqwmiex - ok
    12:46:44.0165 5844 HpSAMD - ok
    12:46:44.0169 5844 HPWMISVC - ok
    12:46:44.0174 5844 HTTP - ok
    12:46:44.0177 5844 hwdatacard - ok
    12:46:44.0182 5844 hwpolicy - ok
    12:46:44.0188 5844 i8042prt - ok
    12:46:44.0194 5844 iaStor - ok
    12:46:44.0198 5844 IAStorDataMgrSvc - ok
    12:46:44.0203 5844 iaStorV - ok
    12:46:44.0208 5844 IDriverT - ok
    12:46:44.0212 5844 idsvc - ok
    12:46:44.0219 5844 igfx - ok
    12:46:44.0223 5844 iirsp - ok
    12:46:44.0227 5844 IKEEXT - ok
    12:46:44.0233 5844 IntcAzAudAddService - ok
    12:46:44.0237 5844 IntcDAud - ok
    12:46:44.0241 5844 intelide - ok
    12:46:44.0246 5844 intelppm - ok
    12:46:44.0250 5844 IPBusEnum - ok
    12:46:44.0253 5844 IpFilterDriver - ok
    12:46:44.0258 5844 iphlpsvc - ok
    12:46:44.0263 5844 IPMIDRV - ok
    12:46:44.0267 5844 IPNAT - ok
    12:46:44.0271 5844 iPod Service - ok
    12:46:44.0275 5844 IRENUM - ok
    12:46:44.0279 5844 isapnp - ok
    12:46:44.0283 5844 iScsiPrt - ok
    12:46:44.0287 5844 kbdclass - ok
    12:46:44.0292 5844 kbdhid - ok
    12:46:44.0296 5844 KeyIso - ok
    12:46:44.0301 5844 KSecDD - ok
    12:46:44.0305 5844 KSecPkg - ok
    12:46:44.0309 5844 ksthunk - ok
    12:46:44.0313 5844 KtmRm - ok
    12:46:44.0317 5844 LanmanServer - ok
    12:46:44.0321 5844 LanmanWorkstation - ok
    12:46:44.0327 5844 LightScribeService - ok
    12:46:44.0331 5844 lltdio - ok
    12:46:44.0335 5844 lltdsvc - ok
    12:46:44.0340 5844 lmhosts - ok
    12:46:44.0344 5844 LMS - ok
    12:46:44.0350 5844 LSI_FC - ok
    12:46:44.0354 5844 LSI_SAS - ok
    12:46:44.0358 5844 LSI_SAS2 - ok
    12:46:44.0362 5844 LSI_SCSI - ok
    12:46:44.0366 5844 luafv - ok
    12:46:44.0370 5844 Mcx2Svc - ok
    12:46:44.0374 5844 megasas - ok
    12:46:44.0378 5844 MegaSR - ok
    12:46:44.0383 5844 Microsoft SharePoint Workspace Audit Service - ok
    12:46:44.0387 5844 MMCSS - ok
    12:46:44.0391 5844 Modem - ok
    12:46:44.0395 5844 monitor - ok
    12:46:44.0399 5844 mouclass - ok
    12:46:44.0405 5844 mouhid - ok
    12:46:44.0409 5844 mountmgr - ok
    12:46:44.0413 5844 MozillaMaintenance - ok
    12:46:44.0418 5844 mpio - ok
    12:46:44.0423 5844 mpsdrv - ok
    12:46:44.0426 5844 MpsSvc - ok
    12:46:44.0430 5844 MRxDAV - ok
    12:46:44.0434 5844 mrxsmb - ok
    12:46:44.0439 5844 mrxsmb10 - ok
    12:46:44.0443 5844 mrxsmb20 - ok
    12:46:44.0447 5844 msahci - ok
    12:46:44.0451 5844 msdsm - ok
    12:46:44.0456 5844 MSDTC - ok
    12:46:44.0463 5844 Msfs - ok
    12:46:44.0467 5844 mshidkmdf - ok
    12:46:44.0471 5844 msisadrv - ok
    12:46:44.0475 5844 MSiSCSI - ok
    12:46:44.0479 5844 msiserver - ok
    12:46:44.0483 5844 MSKSSRV - ok
    12:46:44.0488 5844 MSPCLOCK - ok
    12:46:44.0492 5844 MSPQM - ok
    12:46:44.0496 5844 MsRPC - ok
    12:46:44.0502 5844 mssmbios - ok
    12:46:44.0506 5844 MSTEE - ok
    12:46:44.0509 5844 MTConfig - ok
    12:46:44.0513 5844 Mup - ok
    12:46:44.0517 5844 napagent - ok
    12:46:44.0522 5844 NativeWifiP - ok
    12:46:44.0526 5844 NDIS - ok
    12:46:44.0530 5844 NdisCap - ok
    12:46:44.0534 5844 NdisTapi - ok
    12:46:44.0540 5844 Ndisuio - ok
    12:46:44.0543 5844 NdisWan - ok
    12:46:44.0547 5844 NDProxy - ok
    12:46:44.0551 5844 Netaapl - ok
    12:46:44.0556 5844 NetBIOS - ok
    12:46:44.0559 5844 NetBT - ok
    12:46:44.0563 5844 Netlogon - ok
    12:46:44.0567 5844 Netman - ok
    12:46:44.0571 5844 netprofm - ok
    12:46:44.0575 5844 NetTcpPortSharing - ok
    12:46:44.0580 5844 netw5v64 - ok
    12:46:44.0584 5844 nfrd960 - ok
    12:46:44.0588 5844 NlaSvc - ok
    12:46:44.0592 5844 Npfs - ok
    12:46:44.0596 5844 nsi - ok
    12:46:44.0600 5844 nsiproxy - ok
    12:46:44.0606 5844 Ntfs - ok
    12:46:44.0610 5844 Null - ok
    12:46:44.0614 5844 nvraid - ok
    12:46:44.0618 5844 nvstor - ok
    12:46:44.0622 5844 nv_agp - ok
    12:46:44.0626 5844 ohci1394 - ok
    12:46:44.0631 5844 ose64 - ok
    12:46:44.0635 5844 osppsvc - ok
    12:46:44.0642 5844 p2pimsvc - ok
    12:46:44.0646 5844 p2psvc - ok
    12:46:44.0650 5844 Parport - ok
    12:46:44.0654 5844 partmgr - ok
    12:46:44.0659 5844 PcaSvc - ok
    12:46:44.0662 5844 pccsmcfd - ok
    12:46:44.0666 5844 pci - ok
    12:46:44.0670 5844 pciide - ok
    12:46:44.0675 5844 pcmcia - ok
    12:46:44.0679 5844 pcw - ok
    12:46:44.0683 5844 PEAUTH - ok
    12:46:44.0690 5844 PerfHost - ok
    12:46:44.0699 5844 pla - ok
    12:46:44.0704 5844 PlugPlay - ok
    12:46:44.0708 5844 Pml Driver HPZ12 - ok
    12:46:44.0712 5844 PNRPAutoReg - ok
    12:46:44.0716 5844 PNRPsvc - ok
    12:46:44.0719 5844 PolicyAgent - ok
    12:46:44.0725 5844 Power - ok
    12:46:44.0729 5844 PptpMiniport - ok
    12:46:44.0733 5844 Processor - ok
    12:46:44.0737 5844 ProfSvc - ok
    12:46:44.0741 5844 ProtectedStorage - ok
    12:46:44.0746 5844 Psched - ok
    12:46:44.0749 5844 ql2300 - ok
    12:46:44.0753 5844 ql40xx - ok
    12:46:44.0759 5844 QWAVE - ok
    12:46:44.0762 5844 QWAVEdrv - ok
    12:46:44.0766 5844 RasAcd - ok
    12:46:44.0770 5844 RasAgileVpn - ok
    12:46:44.0775 5844 RasAuto - ok
    12:46:44.0780 5844 Rasl2tp - ok
    12:46:44.0784 5844 RasMan - ok
    12:46:44.0788 5844 RasPppoe - ok
    12:46:44.0792 5844 RasSstp - ok
    12:46:44.0796 5844 rdbss - ok
    12:46:44.0800 5844 rdpbus - ok
    12:46:44.0806 5844 RDPCDD - ok
    12:46:44.0811 5844 RDPENCDD - ok
    12:46:44.0816 5844 RDPREFMP - ok
    12:46:44.0823 5844 RdpVideoMiniport - ok
    12:46:44.0827 5844 RDPWD - ok
    12:46:44.0831 5844 rdyboost - ok
    12:46:44.0836 5844 RealNetworks Downloader Resolver Service - ok
    12:46:44.0840 5844 RemoteAccess - ok
    12:46:44.0844 5844 RemoteRegistry - ok
    12:46:44.0848 5844 RFCOMM - ok
    12:46:44.0852 5844 RpcEptMapper - ok
    12:46:44.0856 5844 RpcLocator - ok
    12:46:44.0859 5844 RpcSs - ok
    12:46:44.0863 5844 rspndr - ok
    12:46:44.0867 5844 RSUSBSTOR - ok
    12:46:44.0872 5844 RTL8167 - ok
    12:46:44.0876 5844 RtVOsdService - ok
    12:46:44.0879 5844 S2usbser - ok
    12:46:44.0883 5844 SamSs - ok
    12:46:44.0887 5844 sbp2port - ok
    12:46:44.0891 5844 SCardSvr - ok
    12:46:44.0895 5844 scfilter - ok
    12:46:44.0901 5844 Schedule - ok
    12:46:44.0905 5844 SCPolicySvc - ok
    12:46:44.0911 5844 sdbus - ok
    12:46:44.0915 5844 SDRSVC - ok
    12:46:44.0919 5844 secdrv - ok
    12:46:44.0924 5844 seclogon - ok
    12:46:44.0928 5844 SENS - ok
    12:46:44.0932 5844 SensrSvc - ok
    12:46:44.0936 5844 Serenum - ok
    12:46:44.0940 5844 Serial - ok
    12:46:44.0944 5844 sermouse - ok
    12:46:44.0954 5844 SessionEnv - ok
    12:46:44.0958 5844 sffdisk - ok
    12:46:44.0962 5844 sffp_mmc - ok
    12:46:44.0966 5844 sffp_sd - ok
    12:46:44.0970 5844 sfloppy - ok
    12:46:44.0974 5844 SharedAccess - ok
    12:46:44.0977 5844 ShellHWDetection - ok
    12:46:44.0981 5844 SiSRaid2 - ok
    12:46:44.0985 5844 SiSRaid4 - ok
    12:46:44.0990 5844 Skype C2C Service - ok
    12:46:44.0994 5844 SkypeUpdate - ok
    12:46:44.0998 5844 Smb - ok
    12:46:45.0005 5844 SNMPTRAP - ok
    12:46:45.0010 5844 spldr - ok
    12:46:45.0014 5844 Spooler - ok
    12:46:45.0018 5844 sppsvc - ok
    12:46:45.0023 5844 sppuinotify - ok
    12:46:45.0027 5844 srv - ok
    12:46:45.0031 5844 srv2 - ok
    12:46:45.0034 5844 SrvHsfHDA - ok
    12:46:45.0039 5844 SrvHsfV92 - ok
    12:46:45.0043 5844 SrvHsfWinac - ok
    12:46:45.0047 5844 srvnet - ok
    12:46:45.0051 5844 SSDPSRV - ok
    12:46:45.0055 5844 SstpSvc - ok
    12:46:45.0059 5844 stexstor - ok
    12:46:45.0063 5844 stisvc - ok
    12:46:45.0068 5844 swenum - ok
    12:46:45.0072 5844 swprv - ok
    12:46:45.0079 5844 SynTP - ok
    12:46:45.0083 5844 SysMain - ok
    12:46:45.0087 5844 TabletInputService - ok
    12:46:45.0091 5844 TapiSrv - ok
    12:46:45.0095 5844 TBS - ok
    12:46:45.0099 5844 Tcpip - ok
    12:46:45.0102 5844 TCPIP6 - ok
    12:46:45.0109 5844 tcpipreg - ok
    12:46:45.0115 5844 TDPIPE - ok
    12:46:45.0119 5844 TDTCP - ok
    12:46:45.0123 5844 tdx - ok
    12:46:45.0127 5844 TermDD - ok
    12:46:45.0131 5844 TermService - ok
    12:46:45.0135 5844 Themes - ok
    12:46:45.0140 5844 THREADORDER - ok
    12:46:45.0144 5844 TrkWks - ok
    12:46:45.0148 5844 TrustedInstaller - ok
    12:46:45.0157 5844 tssecsrv - ok
    12:46:45.0161 5844 TsUsbFlt - ok
    12:46:45.0165 5844 tunnel - ok
    12:46:45.0169 5844 uagp35 - ok
    12:46:45.0173 5844 udfs - ok
    12:46:45.0180 5844 UI0Detect - ok
    12:46:45.0184 5844 uliagpkx - ok
    12:46:45.0188 5844 umbus - ok
    12:46:45.0192 5844 UmPass - ok
    12:46:45.0196 5844 UNS - ok
    12:46:45.0201 5844 upnphost - ok
    12:46:45.0206 5844 USBAAPL64 - ok
    12:46:45.0210 5844 usbccgp - ok
    12:46:45.0214 5844 usbcir - ok
    12:46:45.0218 5844 usbehci - ok
    12:46:45.0223 5844 usbhub - ok
    12:46:45.0227 5844 usbohci - ok
    12:46:45.0231 5844 usbprint - ok
    12:46:45.0236 5844 usbscan - ok
    12:46:45.0241 5844 usbser - ok
    12:46:45.0244 5844 USBSTOR - ok
    12:46:45.0250 5844 usbuhci - ok
    12:46:45.0254 5844 usbvideo - ok
    12:46:45.0258 5844 usb_rndisx - ok
    12:46:45.0261 5844 UxSms - ok
    12:46:45.0265 5844 VaultSvc - ok
    12:46:45.0269 5844 vdrvroot - ok
    12:46:45.0273 5844 vds - ok
    12:46:45.0277 5844 vga - ok
    12:46:45.0281 5844 VgaSave - ok
    12:46:45.0285 5844 vhdmp - ok
    12:46:45.0290 5844 viaide - ok
    12:46:45.0294 5844 volmgr - ok
    12:46:45.0297 5844 volmgrx - ok
    12:46:45.0301 5844 volsnap - ok
    12:46:45.0306 5844 vsmraid - ok
    12:46:45.0310 5844 VSS - ok
    12:46:45.0314 5844 vwifibus - ok
    12:46:45.0317 5844 vwififlt - ok
    12:46:45.0323 5844 vwifimp - ok
    12:46:45.0327 5844 W32Time - ok
    12:46:45.0332 5844 WacomPen - ok
    12:46:45.0336 5844 WANARP - ok
    12:46:45.0340 5844 Wanarpv6 - ok
    12:46:45.0344 5844 WatAdminSvc - ok
    12:46:45.0348 5844 wbengine - ok
    12:46:45.0352 5844 WbioSrvc - ok
    12:46:45.0358 5844 wcncsvc - ok
    12:46:45.0363 5844 WcsPlugInService - ok
    12:46:45.0367 5844 Wd - ok
    12:46:45.0375 5844 WDC_SAM - ok
    12:46:45.0378 5844 Wdf01000 - ok
    12:46:45.0382 5844 WdiServiceHost - ok
    12:46:45.0386 5844 WdiSystemHost - ok
    12:46:45.0390 5844 WebClient - ok
    12:46:45.0394 5844 Wecsvc - ok
    12:46:45.0398 5844 wercplsupport - ok
    12:46:45.0402 5844 WerSvc - ok
    12:46:45.0407 5844 WfpLwf - ok
    12:46:45.0411 5844 WIMMount - ok
    12:46:45.0415 5844 WinDefend - ok
    12:46:45.0421 5844 WinHttpAutoProxySvc - ok
    12:46:45.0425 5844 Winmgmt - ok
    12:46:45.0429 5844 WinRM - ok
    12:46:45.0436 5844 WinUsb - ok
    12:46:45.0440 5844 Wlansvc - ok
    12:46:45.0444 5844 wlidsvc - ok
    12:46:45.0448 5844 WmiAcpi - ok
    12:46:45.0454 5844 wmiApSrv - ok
    12:46:45.0458 5844 WMPNetworkSvc - ok
    12:46:45.0462 5844 WPCSvc - ok
    12:46:45.0466 5844 WPDBusEnum - ok
    12:46:45.0470 5844 ws2ifsl - ok
    12:46:45.0474 5844 wscsvc - ok
    12:46:45.0478 5844 WSearch - ok
    12:46:45.0485 5844 wuauserv - ok
    12:46:45.0489 5844 WudfPf - ok
    12:46:45.0493 5844 WUDFRd - ok
    12:46:45.0497 5844 wudfsvc - ok
    12:46:45.0501 5844 WwanSvc - ok
    12:46:45.0508 5844 yukonw7 - ok
    12:46:45.0528 5844 ================ Scan global ===============================
    12:46:45.0530 5844 [Global] - ok
    12:46:45.0532 5844 ================ Scan MBR ==================================
    12:46:45.0587 5844 [ 8659BC190AD676ED07607E6B478C25FA ] \Device\Harddisk0\DR0
    12:46:47.0056 5844 \Device\Harddisk0\DR0 - ok
    12:46:47.0059 5844 ================ Scan VBR ==================================
    12:46:47.0059 5844 ============================================================
    12:46:47.0059 5844 Scan finished
    12:46:47.0059 5844 ============================================================
    12:46:47.0072 5228 Detected object count: 0
    12:46:47.0072 5228 Actual detected object count: 0
    12:46:53.0565 4704 Deinitialize success

    Thanks for your kind help.
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    ok next step

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  6. tmongare04

    tmongare04 Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    24
    Good evening again,
    After runningthe Combofix, the following log was obtained:
    ComboFix 13-02-15.01 - Tom Mongare 15/02/2013 16:07:05.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3894.458 [GMT 0:00]
    Running from: c:\users\Tom Mongare\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\100
    c:\users\Tom Mongare\Documents\~WRL0003.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-15 to 2013-02-15 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-15 16:17 . 2013-02-15 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-15 16:11 . 2013-02-15 16:11 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A92626E-87F7-43C2-B51F-A9ABF5588D6E}\offreg.dll
    2013-02-15 15:18 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A92626E-87F7-43C2-B51F-A9ABF5588D6E}\mpengine.dll
    2013-02-12 21:58 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-12 21:58 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-12 21:53 . 2013-01-09 01:53 763424 ----a-w- c:\program files\Internet Explorer\iexplore.exe
    2013-02-12 19:19 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-12 19:19 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-12 19:19 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-02-12 19:19 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-02-12 19:19 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-12 19:19 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-02-12 19:19 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-02-12 19:19 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-02-12 19:19 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-02-12 19:19 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-02-12 19:18 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-12 19:18 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-10 15:12 . 2013-02-10 15:09 310688 ----a-w- c:\windows\system32\javaws.exe
    2013-02-10 15:10 . 2013-02-10 15:09 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2013-02-10 15:10 . 2013-02-10 15:09 188832 ----a-w- c:\windows\system32\javaw.exe
    2013-02-10 15:10 . 2013-02-10 15:09 188320 ----a-w- c:\windows\system32\java.exe
    2013-02-08 14:23 . 2013-02-08 14:23 -------- d-----w- c:\users\Tom Mongare\AppData\Roaming\LavasoftStatistics
    2013-02-08 14:18 . 2013-02-08 14:18 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
    2013-02-08 14:17 . 2013-02-08 14:17 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
    2013-02-07 22:09 . 2013-02-07 22:10 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-30 15:44 . 2013-01-30 15:44 -------- d-----w- c:\program files\Common Files\DESIGNER
    2013-01-30 15:42 . 2013-01-30 15:42 -------- d-----w- c:\program files\Microsoft Sync Framework
    2013-01-30 15:39 . 2013-01-30 15:39 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
    2013-01-30 15:38 . 2013-01-30 15:38 -------- d-----w- c:\program files\Microsoft Analysis Services
    2013-01-30 15:38 . 2013-01-30 15:38 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
    2013-01-30 15:37 . 2013-01-30 15:44 -------- d-----w- c:\windows\SHELLNEW
    2013-01-30 15:37 . 2013-01-30 15:42 -------- d-----w- c:\program files\Microsoft Office
    2013-01-30 15:37 . 2013-01-30 15:37 -------- d-----r- C:\MSOCache
    2013-01-21 14:10 . 2013-01-21 14:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-12 22:19 . 2012-04-05 11:24 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-12 22:19 . 2011-06-02 11:52 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-12 22:03 . 2011-03-31 11:51 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-02-10 15:09 . 2012-09-13 05:42 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-02-10 15:09 . 2010-07-17 06:33 963488 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-17 01:28 . 2011-03-10 16:11 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-06 20:36 . 2013-01-06 20:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2013-01-06 20:36 . 2013-01-06 20:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-01-04 04:43 . 2013-02-12 19:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-21 09:13 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 09:13 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 09:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 09:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-12 21:37 . 2012-12-12 21:37 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
    2012-12-07 13:20 . 2013-01-09 22:55 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 22:55 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 22:55 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 22:55 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 22:55 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 22:55 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 22:55 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 22:55 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 22:55 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 22:55 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 22:55 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 22:55 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 22:55 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 22:55 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 22:55 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 22:55 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 22:55 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 22:55 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 22:55 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 22:55 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 22:55 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 22:55 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 22:55 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 22:55 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 22:55 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 22:55 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 22:55 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 22:55 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 22:55 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 22:55 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 22:55 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-09 22:55 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-11-30 05:45 . 2013-01-09 22:54 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 22:54 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 22:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-09 22:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 22:54 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 22:54 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:53 . 2013-01-09 22:54 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 22:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 22:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-12-30 21:40 222712 ----a-w- c:\users\Tom Mongare\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-12-30 21:40 222712 ----a-w- c:\users\Tom Mongare\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-12-30 21:40 222712 ----a-w- c:\users\Tom Mongare\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\Tom Mongare\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-11-22 138096]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-18 911160]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
    R3 cpuz134;cpuz134;c:\users\TOMMON~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-04 14448]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-05-18 243744]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-12 349800]
    R3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\S2usbser.sys [2008-07-23 118272]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-20 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-02-08 14456]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
    S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-02 32880]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - kxryiaow
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-30 20:48 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:19]
    .
    2013-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297700339-2509041311-3707083054-1000Core.job
    - c:\users\Tom Mongare\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-22 19:21]
    .
    2013-02-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297700339-2509041311-3707083054-1000UA.job
    - c:\users\Tom Mongare\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-22 19:21]
    .
    2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-21 20:05]
    .
    2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-21 20:05]
    .
    2013-02-12 c:\windows\Tasks\HPCeeScheduleForTom Mongare.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-12-30 21:40 261624 ----a-w- c:\users\Tom Mongare\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-12-30 21:40 261624 ----a-w- c:\users\Tom Mongare\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-12-30 21:40 261624 ----a-w- c:\users\Tom Mongare\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
    Trusted Zone: samsungsetup.com\www
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    FF - ProfilePath - c:\users\Tom Mongare\AppData\Roaming\Mozilla\Firefox\Profiles\lwlobl2l.default\
    FF - ExtSQL: 2012-12-22 20:24; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
    FF - ExtSQL: 2013-02-08 14:17; [email protected]; c:\users\Tom Mongare\AppData\Roaming\Mozilla\Firefox\Profiles\lwlobl2l.default\extensions\[email protected]
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-15 16:20:27
    ComboFix-quarantined-files.txt 2013-02-15 16:20
    .
    Pre-Run: 101,202,231,296 bytes free
    Post-Run: 102,321,479,680 bytes free
    .
    - - End Of File - - 1E154DFEBB0233A90AA8177EBBCF0756
    I do notice still that the computer kind of freezes at times, and when i had scanned earlier Drive F which i partitioned it was indicating to have infections am not sure if the problem has been cured yet. I will enable my antivirus and scan one more time again.
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Nothing showing in any of the logs
    What is F drive
    is it a data drive or storage drive
     
  8. tmongare04

    tmongare04 Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    24
    Hallo,
    As promised i have scanned ''F:\'' drive and it has shown to have 3 different types of spyware:
    Win32:Spyware-gen[Spy]
    Win32:Cdoor-B[Trj]
    Win32:Trojan-gen
    when i try to move them to the chest of the antivirus messages come on saying
    Error:There is not enough space on the disk
    Error:The operation is not supported for this type of archive.
    I await for your technical advice and thanks for being so kind to help.
    Tom
     
  9. tmongare04

    tmongare04 Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    24
    Am sorry F drive is a partition i created on my hard drive and named it ''F''
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    please post the log that avast made when it detected those
    I suspect that it is trying to clean inside the zip files that contain those threats. Avast & most other antiviruses cannot clean inside a zip file only delete the entire zip, although all of them try to disinfect & fail
     
  11. tmongare04

    tmongare04 Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    24
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Sorry, but that doesn't give me any file names etc to see what is being detected, but I am, pretty sure it is an old Kazaa version
     
  13. tmongare04

    tmongare04 Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    24
    Morning,
    Many thanks for the replies. Whenever i scan the computer those are the results which come up, and actually sometimes when i am surfing the internet, it freezes or hungs without responding for some minutes. This suggests there may be some problem i have not really grasped. Any advice?
    Thanks.
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    your best solution in that case is format & reinstall completely & learn your lesson not to use Kazaa & bit comet & other P2P programs that will infect you badly
     
  15. tmongare04

    tmongare04 Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    24
    Do i format only the infected hard drive F or the whole system?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089617

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice