possible virus

Ajalon · Jul 23, 2013

Hi guys,
I have problem with my pc, and I wish someone would be able to help me with this as I really don't want to reformat my pc. I have Bitdefender internet security and virus protection 2013 full version and also SuperAntispyware pro full version. I have posted via email to bitdefender support regarding the issue and they haven't got back to me till now. That is why I have come to you as you might be able to help me as you were so fast before. But I know that this could be a difficult one. The issue I have with my pc, just happened lately, and I have done whatever I could to solve this problem but of no avail. The issue is that every time I start my pc and when I go to internet, the bitdefender starts scanning as it always does and it comes up with bitdefender has blocked multiple viruses on your computer again and again in a small window, and I do a system scan and it says in the bitdefender that it has moved the items to quarantine, and my pc is free from virus, but these viruses after in a short while seem to come back as bitdefender keeps blocking these multiple viruses again and again. It says that the virus name is dropped:Adware Easy Pop A. I have also noticed that if I turn off my bitdefender from protection. The Super antispyware begins to catch many of these so called 'Trojan:agent/Gen-downloader.process', just like the bitdefender, only thing is that the SuperAntiSpyware calls it a different name. Please help, I will appreciate any help at all. I have pasted these logs as requested, below.
View attachment dds.txt View attachment attach.txt View attachment checkup.txt

Kind Regards
Peter

Results of screen317's Security Check version 0.99.69
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AML Free Registry Cleaner 4.23
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox (22.0)
Mozilla Thunderbird (17.0.7)
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Bitdefender Bitdefender 2013 vsserv.exe
Bitdefender Bitdefender 2013 bdagent.exe
Bitdefender Bitdefender 2013 updatesrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Peter Stephens at 20:11:24 on 2013-07-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.13148 [GMT 8:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\Premium\Codec\Codec.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5Guard.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
C:\Users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTuner.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRServer.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Users\Peter Stephens\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Users\Peter Stephens\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe
C:\Users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\STK03N\STK03NM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\UI0Detect.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bitdefender\Bitdefender 2013\downloader.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://search.searchcompletion.com?si=10195&bs=true&q=
mStart Page = about:blank
mSearch Bar = hxxp://search.searchcompletion.com?si=10195&bs=true&q=
uProxyOverride = <local>
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
mWinlogon: Userinit = userinit.exe
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Peter Stephens\AppData\Roaming\Complitly\Complitly.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Akamai NetSession Interface] "C:\Users\Peter Stephens\AppData\Local\Akamai\netsession_win.exe"
uRun: [DVDFab Passkey] "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe"
uRun: [TVPlanet] <no file>
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK03N~1.LNK - C:\Windows\STK03N\STK03NM.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Peter Stephens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: LastPass - <no file>
IE: LastPass Fill Forms - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D55928C0-4325-451B-AE1F-05771C3693C6} - hxxp://ajalon.mine.nu/NetDvrOcx.cab
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{4CCD4760-D8A1-433A-BFD9-EFF42ADBD5C0} : DHCPNameServer = 10.1.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Peter Stephens\AppData\Roaming\Complitly\64\Complitly64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
x64-Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Ashampoo Uninstaller 5 Guard] "C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5Guard.exe" -TRAY
x64-Run: [Ashampoo WinOptimizer Live-Tuner] "C:\Users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTuner.exe" -TRAY
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\s8flc27i.default-1373680305066\
FF - prefs.js: browser.startup.homepage - hxxp://www.dailytelegraph.com.au
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-03 18:23; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2013-07-12 19:49; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-07-12 19:49; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-12 19:49; afurladvisor@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2013-07-13 19:18; {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}; C:\Users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\s8flc27i.default-1373680305066\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
FF - ExtSQL: 2013-07-13 20:23; fdm_ffext@freedownloadmanager.org; C:\Program Files (x86)\Free Download Manager\Firefox\Extension
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-4-26 718840]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-3-29 147232]
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-4-26 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-11-19 103504]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-6-21 46792]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/09/19 10:20:21];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2013-4-25 130320]
R2 ACT2PM;Ashampoo CoreTuner 2 ProcessMonitor Driver;C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [2013-1-5 15160]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;C:\Users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [2013-1-5 12824]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-16 13832]
R2 UI5IFS;Ashampoo Uninstaller 5 FileSystemChanges Driver;C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys [2013-1-5 36776]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-7-15 597776]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2010-10-25 75264]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2013-4-12 84992]
R3 dvdfab;dvdfab;C:\Windows\System32\drivers\dvdfab.sys [2012-9-19 79232]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-4-12 32344]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-10-15 317584]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-10 849992]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-21 42184]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2012-10-25 95744]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2012-11-19 82384]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-10-25 173568]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-11-25 57856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-24 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-9-21 31800]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-1-26 22800]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-5-24 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-24 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
.
=============== Created Last 30 ================
.
2013-07-20 02:54:04 -------- dc----w- C:\Program Files\CCleaner
2013-07-15 11:44:18 597776 ----a-w- C:\Windows\System32\drivers\avckf.sys
2013-07-13 12:38:37 691 ----a-w- C:\Users\Peter Stephens\AppData\Roaming\GetValue.vbs
2013-07-13 12:38:37 35 ----a-w- C:\Users\Peter Stephens\AppData\Roaming\SetValue.bat
2013-07-13 12:38:37 1662 ----a-w- C:\Windows\SysWow64\tmp.reg
2013-07-13 12:23:21 -------- d-----w- C:\ProgramData\Free Download Manager
2013-07-13 12:23:16 -------- d-----w- C:\Users\Peter Stephens\AppData\Roaming\Free Download Manager
2013-07-13 12:23:06 -------- d-----w- C:\Program Files (x86)\Free Download Manager
2013-07-12 07:52:21 -------- d-----w- C:\Windows\System32\MRT
2013-07-12 06:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 06:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-11 10:42:06 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 10:42:05 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 10:42:05 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 10:42:05 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 10:42:04 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 10:41:50 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 10:41:50 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 10:41:50 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 10:41:49 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 10:41:49 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 10:41:49 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 10:41:49 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 10:41:42 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-11 10:41:42 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-11 10:41:38 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-11 10:41:37 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-11 10:41:13 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 10:39:10 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 10:39:09 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-10 14:39:07 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-06 02:53:59 -------- dc----w- C:\bro don parnell
2013-07-05 10:28:58 -------- d-----w- C:\Users\Peter Stephens\AppData\Local\Splashtop
2013-07-05 10:28:52 -------- d-----w- C:\ProgramData\Splashtop
2013-07-02 12:52:17 -------- d-----w- C:\Users\Peter Stephens\AppData\Roaming\Privacy Guardian
2013-07-02 12:50:01 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
2013-07-02 12:50:01 658432 ------w- C:\Windows\SysWow64\MSCOMCT2.OCX
2013-07-02 12:50:01 212992 ------w- C:\Windows\SysWow64\UniBoxVB12.ocx
2013-07-02 12:50:01 1101824 ------w- C:\Windows\SysWow64\UniBox210.ocx
2013-07-02 12:50:00 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2013-07-02 12:49:58 -------- d-----w- C:\Program Files (x86)\PC Tools
2013-07-02 12:47:24 -------- d-----w- C:\ProgramData\PC Tools
2013-07-02 12:47:22 -------- d-----w- C:\Users\Peter Stephens\AppData\Roaming\Product_FR
2013-07-02 12:08:54 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-07-02 12:08:54 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-07-02 12:08:54 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-07-02 12:08:54 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-07-02 12:08:54 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-07-02 12:08:54 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-07-02 12:08:07 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-07-02 12:08:07 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-06-30 12:43:01 -------- d-----w- C:\ProgramData\Hotspot Shield
2013-06-30 07:44:30 40960 ----a-w- C:\Windows\SysWow64\STK03NP.ax
2013-06-30 07:44:30 40872 ----a-w- C:\Windows\SysWow64\drivers\STK03NW1.sys
2013-06-30 07:44:30 108544 ----a-w- C:\Windows\SysWow64\drivers\STK03NW2.sys
2013-06-30 07:44:29 -------- d-----w- C:\Windows\STK03N
2013-06-26 14:37:25 -------- d-----w- C:\Program Files (x86)\Hotspot Shield
2013-06-26 14:37:19 -------- d-----w- C:\Users\Peter Stephens\AppData\Roaming\Hotspot Shield
2013-06-26 13:07:02 -------- d-----w- C:\Users\Peter Stephens\AppData\Local\Skyrim
2013-06-25 13:02:33 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2013-06-25 13:01:18 -------- dc----w- C:\Prey
.
==================== Find3M ====================
.
2013-07-15 13:12:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-15 13:12:36 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-15 13:12:36 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-10 14:38:39 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-10 14:38:39 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-06-21 01:09:46 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys
2013-06-21 01:07:16 46792 ------w- C:\Windows\System32\drivers\hssdrv6.sys
2013-06-20 21:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-06-13 12:02:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 12:02:21 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 12:50:22 280600 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-07 12:50:22 280600 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-02 05:54:00 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-06-02 05:54:00 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2013-05-30 08:37:36 382536 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-05 13:14:00 280600 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-05-04 12:31:44 506368 ----a-w- C:\Windows\SysWow64\msxml.dll
2013-05-03 07:48:06 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-05-01 20:17:04 11530992 ----a-w- C:\Windows\System32\drivers\NETwsw00.sys
2013-04-26 12:20:36 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2012-09-20 00:45:52 10112544 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 20:13:10.76 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 17-Sep-12 20:57:24
System Uptime: 23-Jul-13 18:37:18 (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G74Sx
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 879 GiB total, 587.475 GiB free.
D: is FIXED (NTFS) - 53 GiB total, 26.402 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 271.06 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP271: 13-Jul-13 20:08:18 - Revo Uninstaller Pro's restore point - Free Download Manager 3.9.2
RP272: 15-Jul-13 21:10:05 - Installed Java 7 Update 25
.
==== Installed Programs ======================
.
3Planesoft Screensaver Manager 1.4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Advanced Driver Updater
Air Conflicts: Pacific Carriers
Akamai NetSession Interface
All Free Disc Burner 3.1.9
AML Free Disk Defrag 3.0
AML Free Registry Cleaner 4.23
Ashampoo Burning Studio 10 v.10.0.15
Ashampoo Core Tuner 2 v.2.0.1
Ashampoo MyAutoplay Menu 1.0.5
Ashampoo Slideshow Studio HD 2 v.2.0.5
Ashampoo StartUp Tuner 2.00
Ashampoo UnInstaller 5 v.5.0.2
Ashampoo WinOptimizer 9 v.9.04.31
Assassin's Creed
Assassin's Creed Brotherhood
Assassin's Creed Brotherhood Compatibility Update
Assassin's Creed III
Assassin's Creed Revelations 1.03
ASUS FaceLogon
ASUS Live Update
ASUS Virtual Camera
ATK Package
Battlefield 2(TM)
Battlefield: Bad Company™ 2
Bitdefender Internet Security 2013
BS.Player FREE
C5100n GDI Driver for Windows Vista 64 BIT
Call of Duty Black Ops II
Call of Duty Modern Warfare 3
Call of Duty(R) 4 - Modern Warfare(TM)
CCleaner
Codec
Complitly
CoreAAC
CyberLink PowerDVD 10
D3DX10
Delta Force - Black Hawk Down
Delta Force Black Hawk Down Team Sabre
Delta Force: Xtreme
DriverScan 2012
DTS+AC3 Filter
DTV4PC 1.6.3
DVDFab Passkey 8.1.0.2 (12/07/2013)
EasyBCD 2.1.2
Eufony Free CD Ripper
Extended Asian Language font pack for Adobe Reader XI
FlightGear v1.9.1
Free Audio Converter version 5.0.24.430
Free File Recovery 1.1
Free Studio version 5.2.0
Free YouTube to MP3 Converter version 3.12.2.430
FreeOnlineRadioPlayerRecorder Toolbar
FreeRIP 4.1.2
Fresco Logic USB3.0 Host Controller
FreshDiagnose
FreshView
GOMTV Plug-in
Google Chrome
Google Earth
Google Update Helper
GRID 2
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) Turbo Boost Technology Monitor
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Intel® Watchdog Timer Driver (Intel® WDT)
IPP Run-Time 5.3
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 17 (64-bit)
Java SE Development Kit 7 Update 25 (64-bit)
Junk Mail filter update
KeePass Password Safe 2.17
LastPass (uninstall only)
Little Fighter 2 version 2.0a
Medal of Honor Warfighter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Moffsoft FreeCalc
Movie Maker
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.7 (x86 en-US)
MPEG2 Codec(libmpeg2/mad)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Need for Speed Most Wanted
Need For Speed™ World
NetDvr
NirSoft BlueScreenView
NVIDIA 3D Vision Driver 320.49
NVIDIA Control Panel 320.49
NVIDIA GeForce Experience 1.5
NVIDIA Graphics Driver 320.49
NVIDIA HD Audio Driver 1.3.24.2
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 4.11.9
NVIDIA Update Components
OGA Notifier 1.7.0105.14.0
OpenAL
PatchBeam v1.10
PC Tools Privacy Guardian 5.0
Photo Common
Photo Gallery
Piano Chords 1.4.5
Playback 2.3.0.4
PowerArchiver 2010
PowerArchiver Outlook Plug-in
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RealUpgrade 1.1
RemoteDeviceExplorer 1.2.2
Revo Uninstaller Pro 3.0.5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Click to Call
Skype™ 6.3
Sniper Ghost Warrior 2
Sniper: Ghost Warrior
Socusoft Photo To Video Converter Free Version 8.05
SpeedFan (remove only)
Splashtop Software Updater
Splashtop Streamer
Steam
STK03N
SUPERAntiSpyware
SuperEasy Video Booster v.1.1.3056
SuperEasy Video Converter 2 v.2.1.3063
Synaptics Pointing Device Driver
TeamViewer 6
The Elder Scrolls V Skyrim LE
TrueCrypt
TubeTilla Super Ez version 1.0
Tweaking.com - Windows Repair (All in One)
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.0-rc1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinX Free FLV to MP3 Converter 2.0.7
Yontoo 1.10.02
YTD Toolbar v6.6
YTD Video Downloader 3.9.6
.
==== Event Viewer Messages From Past Week ========
.
23-Jul-13 19:48:14, Error: bowser [8003] - The master browser has received a server announcement from the computer LIVINGROOM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4CCD4760-D8A1-433A-BFD9-EFF42ADBD5C0}. The master browser is stopping or an election is being forced.
23-Jul-13 18:42:04, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
23-Jul-13 18:40:34, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
23-Jul-13 18:40:34, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
23-Jul-13 18:40:34, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
23-Jul-13 18:40:33, Error: Service Control Manager [7000] - The Hotspot Shield Service service failed to start due to the following error: The system cannot find the path specified.
23-Jul-13 18:40:33, Error: Service Control Manager [7000] - The Hotspot Shield Monitoring Service service failed to start due to the following error: The system cannot find the path specified.
23-Jul-13 18:40:25, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The system cannot find the path specified.
21-Jul-13 20:56:54, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
21-Jul-13 20:03:43, Error: Service Control Manager [7023] - The Intel(R) PROSet/Wireless Zero Configuration Service service terminated with the following error: %%-2147196306
20-Jul-13 18:07:57, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
20-Jul-13 18:05:42, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
20-Jul-13 18:05:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
20-Jul-13 18:05:36, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
20-Jul-13 18:05:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
20-Jul-13 18:05:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20-Jul-13 18:05:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
20-Jul-13 18:05:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avc3 discache gzflt SASDIFSV SASKUTIL spldr truecrypt trufos Wanarpv6
20-Jul-13 18:05:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
20-Jul-13 17:53:09, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
18-Jul-13 17:45:48, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Event Log service to connect.
18-Jul-13 17:45:48, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16-Jul-13 20:47:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "3" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
16-Jul-13 18:39:22, Error: bowser [8003] - The master browser has received a server announcement from the computer PETER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4CCD4760-D8A1-433A-BFD9-EFF42ADBD5C0}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

Corrine · Jul 23, 2013

Hi, Peter.

Please note that I edited your post to paste the logs rather than have them attached.

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
- Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
- Now click on Report to open the log file created by TDSSKiller in your root directory C:\
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

Ajalon · Jul 25, 2013

Hi Corrine,
I really appreciate you trying to help here and your quick response, I have done what you had told me below I have run the TDSSKiller and it came up with no malicious objects. The log report is been attached with this reply. My Bitdefender has automatically gone to aggressive mode by default and the on access scanning has disabled itself because of too many of these viruses coming in continuously I guess. Thank you.

Kind regards
PeterView attachment TDSSKiller.2.8.18.0_25.07.2013_19.49.31_log.txt

EDITED TO PASTE LOG:

19:49:31.0054 7748 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
19:49:32.0577 7748 ============================================================
19:49:32.0578 7748 Current date / time: 2013/07/25 19:49:32.0577
19:49:32.0578 7748 SystemInfo:
19:49:32.0578 7748
19:49:32.0578 7748 OS Version: 6.1.7601 ServicePack: 1.0
19:49:32.0578 7748 Product type: Workstation
19:49:32.0578 7748 ComputerName: G74SX64
19:49:32.0578 7748 UserName: Peter Stephens
19:49:32.0578 7748 Windows directory: C:\Windows
19:49:32.0578 7748 System windows directory: C:\Windows
19:49:32.0578 7748 Running under WOW64
19:49:32.0578 7748 Processor architecture: Intel x64
19:49:32.0578 7748 Number of processors: 8
19:49:32.0578 7748 Page size: 0x1000
19:49:32.0578 7748 Boot type: Normal boot
19:49:32.0578 7748 ============================================================
19:49:33.0950 7748 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:49:33.0993 7748 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:49:34.0001 7748 ============================================================
19:49:34.0001 7748 \Device\Harddisk1\DR1:
19:49:34.0001 7748 MBR partitions:
19:49:34.0001 7748 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6DDD0000
19:49:34.0001 7748 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x6DDD0800, BlocksNum 0x6935000
19:49:34.0001 7748 \Device\Harddisk0\DR0:
19:49:34.0002 7748 MBR partitions:
19:49:34.0002 7748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:49:34.0002 7748 ============================================================
19:49:34.0012 7748 C: <-> \Device\Harddisk1\DR1\Partition1
19:49:34.0068 7748 D: <-> \Device\Harddisk1\DR1\Partition2
19:49:34.0094 7748 E: <-> \Device\Harddisk0\DR0\Partition1
19:49:34.0095 7748 ============================================================
19:49:34.0095 7748 Initialize success
19:49:34.0095 7748 ============================================================
19:50:57.0964 1828 ============================================================
19:50:57.0964 1828 Scan started
19:50:57.0964 1828 Mode: Manual;
19:50:57.0964 1828 ============================================================
19:50:58.0563 1828 ================ Scan system memory ========================
19:50:58.0563 1828 System memory - ok
19:50:58.0564 1828 ================ Scan services =============================
19:50:58.0614 1828 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:50:58.0617 1828 !SASCORE - ok
19:50:58.0771 1828 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:50:58.0775 1828 1394ohci - ok
19:50:58.0813 1828 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:50:58.0818 1828 ACPI - ok
19:50:58.0841 1828 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:50:58.0842 1828 AcpiPmi - ok
19:50:58.0931 1828 [ 2D766591E87FFFF237C0C9C16CDDECAB ] ACT2PM C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys
19:50:58.0932 1828 ACT2PM - ok
19:50:58.0990 1828 [ C47D15FC2CA269DD2EC5946953C5BF03 ] ACT2_Service C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
19:50:59.0003 1828 ACT2_Service - ok
19:50:59.0102 1828 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:50:59.0104 1828 AdobeARMservice - ok
19:50:59.0207 1828 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:50:59.0212 1828 AdobeFlashPlayerUpdateSvc - ok
19:50:59.0264 1828 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:50:59.0270 1828 adp94xx - ok
19:50:59.0294 1828 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:50:59.0298 1828 adpahci - ok
19:50:59.0307 1828 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:50:59.0309 1828 adpu320 - ok
19:50:59.0343 1828 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:50:59.0344 1828 AeLookupSvc - ok
19:50:59.0387 1828 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:50:59.0394 1828 AFD - ok
19:50:59.0419 1828 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:50:59.0420 1828 agp440 - ok
19:50:59.0446 1828 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:50:59.0447 1828 ALG - ok
19:50:59.0473 1828 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:50:59.0474 1828 aliide - ok
19:50:59.0490 1828 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:50:59.0490 1828 amdide - ok
19:50:59.0514 1828 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:50:59.0516 1828 AmdK8 - ok
19:50:59.0538 1828 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:50:59.0540 1828 AmdPPM - ok
19:50:59.0586 1828 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:50:59.0588 1828 amdsata - ok
19:50:59.0621 1828 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:50:59.0624 1828 amdsbs - ok
19:50:59.0638 1828 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:50:59.0639 1828 amdxata - ok
19:50:59.0679 1828 [ 1C591C1A0CB8ABE215FF66F9A1D8E955 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
19:50:59.0682 1828 AMPPAL - ok
19:50:59.0692 1828 [ 1C591C1A0CB8ABE215FF66F9A1D8E955 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
19:50:59.0695 1828 AMPPALP - ok
19:50:59.0769 1828 [ E1841818278F2A9D66F834451D608AEA ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
19:50:59.0778 1828 AMPPALR3 - ok
19:50:59.0838 1828 [ 73E3D53EF8B0DB13FDA1FC4BDC64D403 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
19:50:59.0840 1828 AmUStor - ok
19:51:00.0004 1828 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:51:00.0006 1828 AppID - ok
19:51:00.0054 1828 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:51:00.0055 1828 AppIDSvc - ok
19:51:00.0088 1828 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:51:00.0090 1828 Appinfo - ok
19:51:00.0152 1828 [ 2C349460E40EF6B9604D774AAF367730 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
19:51:00.0162 1828 Application Updater - ok
19:51:00.0188 1828 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:51:00.0190 1828 AppMgmt - ok
19:51:00.0216 1828 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:51:00.0217 1828 arc - ok
19:51:00.0233 1828 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:51:00.0234 1828 arcsas - ok
19:51:00.0288 1828 [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:51:00.0290 1828 ASLDRService - ok
19:51:00.0316 1828 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:51:00.0317 1828 ASMMAP64 - ok
19:51:00.0359 1828 ASPI - ok
19:51:00.0428 1828 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:51:00.0430 1828 aspnet_state - ok
19:51:00.0459 1828 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:00.0460 1828 AsyncMac - ok
19:51:00.0471 1828 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:51:00.0472 1828 atapi - ok
19:51:00.0495 1828 [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:51:00.0497 1828 ATKGFNEXSrv - ok
19:51:00.0526 1828 [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO_ C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
19:51:00.0527 1828 ATKWMIACPIIO_ - ok
19:51:00.0569 1828 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:51:00.0578 1828 AudioEndpointBuilder - ok
19:51:00.0599 1828 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:51:00.0603 1828 AudioSrv - ok
19:51:00.0646 1828 [ AAE1DAE483DD57D0E267FCA42FCB5133 ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
19:51:00.0657 1828 avc3 - ok
19:51:00.0868 1828 [ 897BDC71A38EA9DB6409AC24D1D73C9E ] avckf C:\Windows\system32\DRIVERS\avckf.sys
19:51:00.0877 1828 avckf - ok
19:51:00.0913 1828 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:51:00.0915 1828 AxInstSV - ok
19:51:00.0962 1828 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:51:00.0968 1828 b06bdrv - ok
19:51:00.0986 1828 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:51:00.0989 1828 b57nd60a - ok
19:51:01.0106 1828 [ EBD3B67D51F58F45FBDA2BDE853322AA ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
19:51:01.0108 1828 BdDesktopParental - ok
19:51:01.0141 1828 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:51:01.0144 1828 BDESVC - ok
19:51:01.0210 1828 [ 3FAFE12C5D1D4D5F3567E7A0A2F15A7C ] BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
19:51:01.0212 1828 BdfNdisf - ok
19:51:01.0243 1828 [ 4CE4B0098FC315C237FA8867F07886C4 ] bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
19:51:01.0245 1828 bdfwfpf - ok
19:51:01.0270 1828 [ E311541A584A29C0D91DD73730B1DCBE ] BDSandBox C:\Windows\system32\drivers\BDSandBox.sys
19:51:01.0272 1828 BDSandBox - ok
19:51:01.0304 1828 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:51:01.0305 1828 Beep - ok
19:51:01.0356 1828 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:51:01.0366 1828 BFE - ok
19:51:01.0405 1828 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:51:01.0419 1828 BITS - ok
19:51:01.0432 1828 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:51:01.0433 1828 blbdrive - ok
19:51:01.0465 1828 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:51:01.0466 1828 bowser - ok
19:51:01.0486 1828 [ 597FFFAC47605337B1C719B4975238F0 ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
19:51:01.0487 1828 bpenum - ok
19:51:01.0521 1828 [ F66C6AD105EF5A899207F4907366E2E2 ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
19:51:01.0522 1828 bpmp - ok
19:51:01.0551 1828 [ D19B8BC6A7C1B42FEDA6E91B09FA2D00 ] bpusb C:\Windows\system32\Drivers\bpusb.sys
19:51:01.0553 1828 bpusb - ok
19:51:01.0583 1828 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:51:01.0584 1828 BrFiltLo - ok
19:51:01.0588 1828 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:51:01.0588 1828 BrFiltUp - ok
19:51:01.0632 1828 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:51:01.0635 1828 Browser - ok
19:51:01.0647 1828 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:51:01.0652 1828 Brserid - ok
19:51:01.0660 1828 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:51:01.0662 1828 BrSerWdm - ok
19:51:01.0664 1828 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:51:01.0665 1828 BrUsbMdm - ok
19:51:01.0667 1828 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:51:01.0667 1828 BrUsbSer - ok
19:51:01.0670 1828 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:51:01.0671 1828 BTHMODEM - ok
19:51:01.0702 1828 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:51:01.0703 1828 bthserv - ok
19:51:01.0713 1828 [ 618AFD0072F4A672977484BFF6FE4FE2 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
19:51:01.0714 1828 BTHSSecurityMgr - ok
19:51:01.0728 1828 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:51:01.0729 1828 cdfs - ok
19:51:01.0761 1828 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:51:01.0762 1828 cdrom - ok
19:51:01.0792 1828 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:51:01.0793 1828 CertPropSvc - ok
19:51:01.0816 1828 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:51:01.0817 1828 circlass - ok
19:51:01.0831 1828 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:51:01.0834 1828 CLFS - ok
19:51:01.0877 1828 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:51:01.0879 1828 clr_optimization_v2.0.50727_32 - ok
19:51:01.0912 1828 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:51:01.0913 1828 clr_optimization_v2.0.50727_64 - ok
19:51:02.0008 1828 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:51:02.0011 1828 clr_optimization_v4.0.30319_32 - ok
19:51:02.0067 1828 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:51:02.0070 1828 clr_optimization_v4.0.30319_64 - ok
19:51:02.0105 1828 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:51:02.0106 1828 CmBatt - ok
19:51:02.0137 1828 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:51:02.0138 1828 cmdide - ok
19:51:02.0181 1828 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:51:02.0186 1828 CNG - ok
19:51:02.0208 1828 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:51:02.0209 1828 Compbatt - ok
19:51:02.0228 1828 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:51:02.0229 1828 CompositeBus - ok
19:51:02.0244 1828 COMSysApp - ok
19:51:02.0260 1828 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:51:02.0261 1828 crcdisk - ok
19:51:02.0321 1828 [ 2C53AB51F07EF7B58D32C36D8F2F8C16 ] CronService C:\Prey\platform\windows\cronsvc.exe
19:51:02.0323 1828 CronService - ok
19:51:02.0345 1828 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:51:02.0349 1828 CryptSvc - ok
19:51:02.0389 1828 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:51:02.0396 1828 CSC - ok
19:51:02.0413 1828 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:51:02.0418 1828 CscService - ok
19:51:02.0458 1828 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:51:02.0459 1828 dc3d - ok
19:51:02.0514 1828 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:51:02.0521 1828 DcomLaunch - ok
19:51:02.0551 1828 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:51:02.0555 1828 defragsvc - ok
19:51:02.0574 1828 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:51:02.0575 1828 DfsC - ok
19:51:02.0682 1828 [ D51B32BA3897F630D99713B74B40D6A2 ] DfSdkS C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe
19:51:02.0690 1828 DfSdkS - ok
19:51:02.0720 1828 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:51:02.0724 1828 Dhcp - ok
19:51:02.0747 1828 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:51:02.0748 1828 discache - ok
19:51:02.0787 1828 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:51:02.0788 1828 Disk - ok
19:51:02.0823 1828 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:51:02.0824 1828 dmvsc - ok
19:51:02.0846 1828 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:51:02.0849 1828 Dnscache - ok
19:51:02.0879 1828 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:51:02.0883 1828 dot3svc - ok
19:51:02.0898 1828 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:51:02.0901 1828 DPS - ok
19:51:02.0931 1828 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:51:02.0932 1828 drmkaud - ok
19:51:02.0968 1828 [ EEE504899A0CC781F09CF003CA897771 ] dvdfab C:\Windows\system32\drivers\dvdfab.sys
19:51:02.0969 1828 dvdfab - ok
19:51:03.0016 1828 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:51:03.0028 1828 DXGKrnl - ok
19:51:03.0067 1828 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:51:03.0069 1828 EapHost - ok
19:51:03.0152 1828 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:51:03.0173 1828 ebdrv - ok
19:51:03.0212 1828 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:51:03.0213 1828 EFS - ok
19:51:03.0283 1828 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:51:03.0291 1828 ehRecvr - ok
19:51:03.0310 1828 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:51:03.0312 1828 ehSched - ok
19:51:03.0360 1828 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:51:03.0367 1828 elxstor - ok
19:51:03.0379 1828 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:51:03.0380 1828 ErrDev - ok
19:51:03.0418 1828 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:51:03.0424 1828 EventSystem - ok
19:51:03.0493 1828 [ 64D25284A4E9D11CA0722AF3F30FD970 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:51:03.0499 1828 EvtEng - ok
19:51:03.0516 1828 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:51:03.0519 1828 exfat - ok
19:51:03.0539 1828 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:51:03.0542 1828 fastfat - ok
19:51:03.0589 1828 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:51:03.0596 1828 Fax - ok
19:51:03.0630 1828 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:51:03.0631 1828 fdc - ok
19:51:03.0667 1828 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:51:03.0669 1828 fdPHost - ok
19:51:03.0685 1828 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:51:03.0687 1828 FDResPub - ok
19:51:03.0700 1828 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:51:03.0701 1828 FileInfo - ok
19:51:03.0725 1828 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:51:03.0726 1828 Filetrace - ok
19:51:03.0731 1828 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:51:03.0732 1828 flpydisk - ok
19:51:03.0754 1828 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:51:03.0757 1828 FltMgr - ok
19:51:03.0799 1828 [ 5F3982B51A5DF6F7FF5FD3A4CE0BFF5D ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
19:51:03.0803 1828 FLxHCIc - ok
19:51:03.0840 1828 [ 1ACB3F124140A2EAB5A1E36286E37C0D ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
19:51:03.0842 1828 FLxHCIh - ok
19:51:03.0904 1828 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:51:03.0920 1828 FontCache - ok
19:51:03.0964 1828 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:51:03.0965 1828 FontCache3.0.0.0 - ok
19:51:03.0981 1828 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:51:03.0982 1828 FsDepends - ok
19:51:04.0027 1828 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:51:04.0028 1828 fssfltr - ok
19:51:04.0104 1828 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:51:04.0122 1828 fsssvc - ok
19:51:04.0143 1828 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:51:04.0143 1828 Fs_Rec - ok
19:51:04.0178 1828 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:51:04.0182 1828 fvevol - ok
19:51:04.0211 1828 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:51:04.0212 1828 gagp30kx - ok
19:51:04.0255 1828 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:51:04.0263 1828 gpsvc - ok
19:51:04.0314 1828 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:51:04.0317 1828 gupdate - ok
19:51:04.0337 1828 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:51:04.0339 1828 gupdatem - ok
19:51:04.0375 1828 [ DB8A82239139348D6666434128D6F5DC ] gzflt C:\Windows\system32\DRIVERS\gzflt.sys
19:51:04.0378 1828 gzflt - ok
19:51:04.0411 1828 [ 161E84B112E9EF5C6387CC2B28020949 ] HBtnKey C:\Windows\system32\DRIVERS\wstbtndb.sys
19:51:04.0412 1828 HBtnKey - ok
19:51:04.0436 1828 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:51:04.0437 1828 hcw85cir - ok
19:51:04.0472 1828 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:51:04.0474 1828 HdAudAddService - ok
19:51:04.0497 1828 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:51:04.0498 1828 HDAudBus - ok
19:51:04.0502 1828 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:51:04.0502 1828 HidBatt - ok
19:51:04.0506 1828 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:51:04.0507 1828 HidBth - ok
19:51:04.0519 1828 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:51:04.0520 1828 HidIr - ok
19:51:04.0532 1828 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:51:04.0533 1828 hidserv - ok
19:51:04.0558 1828 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:51:04.0559 1828 HidUsb - ok
19:51:04.0592 1828 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:51:04.0594 1828 hkmsvc - ok
19:51:04.0614 1828 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:51:04.0616 1828 HomeGroupListener - ok
19:51:04.0635 1828 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:51:04.0637 1828 HomeGroupProvider - ok
19:51:04.0653 1828 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:51:04.0654 1828 HpSAMD - ok
19:51:04.0714 1828 [ 26B05FFD8FB5E70EB501A610E3425341 ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
19:51:04.0715 1828 HssDRV6 - ok
19:51:04.0795 1828 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:51:04.0807 1828 HTTP - ok
19:51:04.0823 1828 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:51:04.0824 1828 hwpolicy - ok
19:51:04.0843 1828 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:51:04.0844 1828 i8042prt - ok
19:51:04.0885 1828 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:51:04.0888 1828 iaStor - ok
19:51:04.0926 1828 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:51:04.0930 1828 iaStorV - ok
19:51:04.0960 1828 [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT C:\Windows\system32\DRIVERS\ICCWDT.sys
19:51:04.0961 1828 ICCWDT - ok
19:51:05.0004 1828 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:51:05.0017 1828 idsvc - ok
19:51:05.0044 1828 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:51:05.0045 1828 iirsp - ok
19:51:05.0162 1828 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:51:05.0174 1828 IKEEXT - ok
19:51:05.0267 1828 [ E2E6FB83D55DF0BDA9D453EABA3F893B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:51:05.0282 1828 IntcAzAudAddService - ok
19:51:05.0335 1828 [ C6128F2E3DC6156C6F8828F9F1B96010 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:51:05.0346 1828 Intel(R) Capability Licensing Service Interface - ok
19:51:05.0380 1828 [ 729AB4F0608E95EFF8FDEF23596283E2 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
19:51:05.0386 1828 Intel(R) Capability Licensing Service TCP IP Interface - ok
19:51:05.0395 1828 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:51:05.0395 1828 intelide - ok
19:51:05.0430 1828 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:51:05.0431 1828 intelppm - ok
19:51:05.0466 1828 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:51:05.0470 1828 IPBusEnum - ok
19:51:05.0493 1828 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:51:05.0495 1828 IpFilterDriver - ok
19:51:05.0532 1828 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:51:05.0539 1828 iphlpsvc - ok
19:51:05.0544 1828 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:51:05.0545 1828 IPMIDRV - ok
19:51:05.0557 1828 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:51:05.0558 1828 IPNAT - ok
19:51:05.0584 1828 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:51:05.0585 1828 IRENUM - ok
19:51:05.0594 1828 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:51:05.0595 1828 isapnp - ok
19:51:05.0613 1828 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:51:05.0617 1828 iScsiPrt - ok
19:51:05.0638 1828 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:51:05.0639 1828 kbdclass - ok
19:51:05.0679 1828 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:51:05.0679 1828 kbdhid - ok
19:51:05.0691 1828 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:51:05.0693 1828 KeyIso - ok
19:51:05.0723 1828 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:51:05.0725 1828 KSecDD - ok
19:51:05.0753 1828 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:51:05.0755 1828 KSecPkg - ok
19:51:05.0794 1828 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:51:05.0794 1828 ksthunk - ok
19:51:05.0829 1828 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:51:05.0835 1828 KtmRm - ok
19:51:05.0866 1828 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:51:05.0870 1828 LanmanServer - ok
19:51:05.0904 1828 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:51:05.0908 1828 LanmanWorkstation - ok
19:51:06.0011 1828 [ 101CFC3764C27259847188581B185EA6 ] LiveTunerPM C:\Users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys
19:51:06.0012 1828 LiveTunerPM - ok
19:51:06.0052 1828 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:51:06.0053 1828 lltdio - ok
19:51:06.0087 1828 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:51:06.0092 1828 lltdsvc - ok
19:51:06.0105 1828 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:51:06.0107 1828 lmhosts - ok
19:51:06.0175 1828 [ A31FE15F4556AA5BA516E5C408E952CF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:51:06.0181 1828 LMS - ok
19:51:06.0208 1828 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:51:06.0210 1828 LSI_FC - ok
19:51:06.0232 1828 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:51:06.0233 1828 LSI_SAS - ok
19:51:06.0238 1828 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:51:06.0239 1828 LSI_SAS2 - ok
19:51:06.0244 1828 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:51:06.0246 1828 LSI_SCSI - ok
19:51:06.0297 1828 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:51:06.0299 1828 luafv - ok
19:51:06.0323 1828 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
19:51:06.0324 1828 MBfilt - ok
19:51:06.0340 1828 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:51:06.0343 1828 Mcx2Svc - ok
19:51:06.0362 1828 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:51:06.0363 1828 megasas - ok
19:51:06.0391 1828 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:51:06.0394 1828 MegaSR - ok
19:51:06.0434 1828 [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:51:06.0435 1828 MEIx64 - ok
19:51:06.0460 1828 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:51:06.0462 1828 MMCSS - ok
19:51:06.0474 1828 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:51:06.0475 1828 Modem - ok
19:51:06.0503 1828 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:51:06.0504 1828 monitor - ok
19:51:06.0525 1828 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:51:06.0526 1828 mouclass - ok
19:51:06.0545 1828 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:51:06.0546 1828 mouhid - ok
19:51:06.0573 1828 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:51:06.0574 1828 mountmgr - ok
19:51:06.0631 1828 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:51:06.0633 1828 MozillaMaintenance - ok
19:51:06.0669 1828 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:51:06.0671 1828 mpio - ok
19:51:06.0686 1828 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:51:06.0688 1828 mpsdrv - ok
19:51:06.0728 1828 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:51:06.0737 1828 MpsSvc - ok
19:51:06.0749 1828 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:51:06.0751 1828 MRxDAV - ok
19:51:06.0776 1828 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:51:06.0778 1828 mrxsmb - ok
19:51:06.0800 1828 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:51:06.0803 1828 mrxsmb10 - ok
19:51:06.0818 1828 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:51:06.0820 1828 mrxsmb20 - ok
19:51:06.0841 1828 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:51:06.0842 1828 msahci - ok
19:51:06.0858 1828 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:51:06.0860 1828 msdsm - ok
19:51:06.0875 1828 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:51:06.0878 1828 MSDTC - ok
19:51:06.0898 1828 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:51:06.0899 1828 Msfs - ok
19:51:06.0917 1828 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:51:06.0918 1828 mshidkmdf - ok
19:51:06.0930 1828 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:51:06.0931 1828 msisadrv - ok
19:51:06.0980 1828 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:51:06.0984 1828 MSiSCSI - ok
19:51:06.0991 1828 msiserver - ok
19:51:07.0016 1828 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:51:07.0017 1828 MSKSSRV - ok
19:51:07.0022 1828 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:51:07.0023 1828 MSPCLOCK - ok
19:51:07.0028 1828 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:51:07.0029 1828 MSPQM - ok
19:51:07.0048 1828 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:51:07.0053 1828 MsRPC - ok
19:51:07.0072 1828 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:51:07.0073 1828 mssmbios - ok
19:51:07.0076 1828 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:51:07.0077 1828 MSTEE - ok
19:51:07.0080 1828 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:51:07.0081 1828 MTConfig - ok
19:51:07.0092 1828 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:51:07.0093 1828 Mup - ok
19:51:07.0121 1828 [ E3B58E3011B207C5289D11173B30E298 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:51:07.0124 1828 MyWiFiDHCPDNS - ok
19:51:07.0158 1828 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:51:07.0162 1828 napagent - ok
19:51:07.0193 1828 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:51:07.0195 1828 NativeWifiP - ok
19:51:07.0233 1828 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:51:07.0239 1828 NDIS - ok
19:51:07.0249 1828 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:51:07.0249 1828 NdisCap - ok
19:51:07.0266 1828 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:51:07.0266 1828 NdisTapi - ok
19:51:07.0288 1828 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:51:07.0289 1828 Ndisuio - ok
19:51:07.0299 1828 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:51:07.0301 1828 NdisWan - ok
19:51:07.0317 1828 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:51:07.0318 1828 NDProxy - ok
19:51:07.0333 1828 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:51:07.0334 1828 NetBIOS - ok
19:51:07.0353 1828 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:51:07.0355 1828 NetBT - ok
19:51:07.0363 1828 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:51:07.0364 1828 Netlogon - ok
19:51:07.0394 1828 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:51:07.0398 1828 Netman - ok
19:51:07.0428 1828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:51:07.0431 1828 NetMsmqActivator - ok
19:51:07.0435 1828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:51:07.0436 1828 NetPipeActivator - ok
19:51:07.0454 1828 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:51:07.0458 1828 netprofm - ok
19:51:07.0463 1828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:51:07.0464 1828 NetTcpActivator - ok
19:51:07.0468 1828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:51:07.0470 1828 NetTcpPortSharing - ok
19:51:07.0680 1828 [ 10E64C5D6E427B074C569DA9CB3E5795 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
19:51:07.0732 1828 NETwNs64 - ok
19:51:07.0765 1828 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:51:07.0765 1828 nfrd960 - ok
19:51:07.0796 1828 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:51:07.0804 1828 NlaSvc - ok
19:51:07.0820 1828 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:51:07.0821 1828 Npfs - ok
19:51:07.0847 1828 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:51:07.0850 1828 nsi - ok
19:51:07.0860 1828 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:51:07.0861 1828 nsiproxy - ok
19:51:07.0919 1828 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:51:07.0936 1828 Ntfs - ok
19:51:07.0951 1828 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:51:07.0952 1828 Null - ok
19:51:07.0999 1828 [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:51:08.0003 1828 NVHDA - ok
19:51:08.0226 1828 [ EE6B7B6A54BCAFF516E30B1C15467495 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:51:08.0277 1828 nvlddmkm - ok
19:51:08.0317 1828 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:51:08.0318 1828 nvraid - ok
19:51:08.0331 1828 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:51:08.0334 1828 nvstor - ok
19:51:08.0467 1828 [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:51:08.0481 1828 nvUpdatusService - ok
19:51:08.0504 1828 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:51:08.0506 1828 nv_agp - ok
19:51:08.0587 1828 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:51:08.0589 1828 odserv - ok
19:51:08.0592 1828 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:51:08.0593 1828 ohci1394 - ok
19:51:08.0611 1828 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:51:08.0612 1828 ose - ok
19:51:08.0638 1828 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:51:08.0642 1828 p2pimsvc - ok
19:51:08.0656 1828 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:51:08.0660 1828 p2psvc - ok
19:51:08.0688 1828 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:51:08.0689 1828 Parport - ok
19:51:08.0710 1828 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:51:08.0711 1828 partmgr - ok
19:51:08.0735 1828 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:51:08.0738 1828 PcaSvc - ok
19:51:08.0755 1828 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:51:08.0756 1828 pci - ok
19:51:08.0768 1828 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:51:08.0768 1828 pciide - ok
19:51:08.0787 1828 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:51:08.0789 1828 pcmcia - ok
19:51:08.0808 1828 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
19:51:08.0809 1828 pcouffin - ok
19:51:08.0823 1828 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:51:08.0824 1828 pcw - ok
19:51:08.0848 1828 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:51:08.0853 1828 PEAUTH - ok
19:51:08.0890 1828 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:51:08.0900 1828 PeerDistSvc - ok
19:51:08.0965 1828 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:51:08.0967 1828 PerfHost - ok
19:51:09.0016 1828 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:51:09.0028 1828 pla - ok
19:51:09.0060 1828 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:51:09.0063 1828 PlugPlay - ok
19:51:09.0089 1828 PnkBstrA - ok
19:51:09.0096 1828 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:51:09.0097 1828 PNRPAutoReg - ok
19:51:09.0115 1828 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:51:09.0118 1828 PNRPsvc - ok
19:51:09.0128 1828 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:51:09.0129 1828 Point64 - ok
19:51:09.0146 1828 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:51:09.0149 1828 PolicyAgent - ok
19:51:09.0176 1828 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:51:09.0179 1828 Power - ok
19:51:09.0209 1828 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:51:09.0211 1828 PptpMiniport - ok
19:51:09.0225 1828 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:51:09.0226 1828 Processor - ok
19:51:09.0250 1828 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:51:09.0253 1828 ProfSvc - ok
19:51:09.0268 1828 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:51:09.0269 1828 ProtectedStorage - ok
19:51:09.0279 1828 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:51:09.0281 1828 Psched - ok
19:51:09.0349 1828 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:51:09.0365 1828 ql2300 - ok
19:51:09.0412 1828 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:51:09.0414 1828 ql40xx - ok
19:51:09.0443 1828 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:51:09.0449 1828 QWAVE - ok
19:51:09.0463 1828 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:51:09.0465 1828 QWAVEdrv - ok
19:51:09.0483 1828 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:51:09.0484 1828 RasAcd - ok
19:51:09.0515 1828 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:51:09.0517 1828 RasAgileVpn - ok
19:51:09.0547 1828 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:51:09.0552 1828 RasAuto - ok
19:51:09.0564 1828 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:51:09.0566 1828 Rasl2tp - ok
19:51:09.0585 1828 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:51:09.0590 1828 RasMan - ok
19:51:09.0612 1828 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:51:09.0614 1828 RasPppoe - ok
19:51:09.0625 1828 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:51:09.0627 1828 RasSstp - ok
19:51:09.0657 1828 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:51:09.0661 1828 rdbss - ok
19:51:09.0680 1828 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:51:09.0681 1828 rdpbus - ok
19:51:09.0690 1828 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:51:09.0691 1828 RDPCDD - ok
19:51:09.0719 1828 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:51:09.0721 1828 RDPDR - ok
19:51:09.0739 1828 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:51:09.0740 1828 RDPENCDD - ok
19:51:09.0753 1828 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:51:09.0754 1828 RDPREFMP - ok
19:51:09.0794 1828 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:51:09.0795 1828 RdpVideoMiniport - ok
19:51:09.0824 1828 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:51:09.0828 1828 RDPWD - ok
19:51:09.0875 1828 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:51:09.0878 1828 rdyboost - ok
19:51:09.0925 1828 [ B2D01290C0E0465ACA54C2088E947823 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
19:51:09.0926 1828 RealNetworks Downloader Resolver Service - ok
19:51:09.0996 1828 [ F3AF2B43F35DBB3A0EB9FEEEC7D62217 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:51:09.0999 1828 RegSrvc - ok
19:51:10.0021 1828 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:51:10.0026 1828 RemoteAccess - ok
19:51:10.0066 1828 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:51:10.0071 1828 RemoteRegistry - ok
19:51:10.0118 1828 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
19:51:10.0120 1828 Revoflt - ok
19:51:10.0135 1828 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:51:10.0140 1828 RpcEptMapper - ok
19:51:10.0160 1828 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:51:10.0163 1828 RpcLocator - ok
19:51:10.0188 1828 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:51:10.0199 1828 RpcSs - ok
19:51:10.0243 1828 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:51:10.0246 1828 rspndr - ok
19:51:10.0288 1828 [ F0B1E5B1AF1B47EF90A79E2E1E2BA8B3 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys
19:51:10.0293 1828 RSUSBVSTOR - ok
19:51:10.0344 1828 [ 130DD683DCC902F47A4AC35201D07E2F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:51:10.0357 1828 RTL8167 - ok
19:51:10.0381 1828 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:51:10.0382 1828 s3cap - ok
19:51:10.0397 1828 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:51:10.0398 1828 SamSs - ok
19:51:10.0439 1828 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:51:10.0440 1828 SASDIFSV - ok
19:51:10.0452 1828 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:51:10.0453 1828 SASKUTIL - ok
19:51:10.0482 1828 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:51:10.0484 1828 sbp2port - ok
19:51:10.0514 1828 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:51:10.0520 1828 SCardSvr - ok
19:51:10.0535 1828 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:51:10.0537 1828 scfilter - ok
19:51:10.0572 1828 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:51:10.0586 1828 Schedule - ok
19:51:10.0604 1828 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:51:10.0605 1828 SCPolicySvc - ok
19:51:10.0614 1828 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:51:10.0617 1828 SDRSVC - ok
19:51:10.0650 1828 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:51:10.0651 1828 secdrv - ok
19:51:10.0666 1828 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:51:10.0668 1828 seclogon - ok
19:51:10.0691 1828 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:51:10.0694 1828 SENS - ok
19:51:10.0709 1828 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:51:10.0711 1828 SensrSvc - ok
19:51:10.0735 1828 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:51:10.0736 1828 Serenum - ok
19:51:10.0747 1828 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:51:10.0749 1828 Serial - ok
19:51:10.0779 1828 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:51:10.0779 1828 sermouse - ok
19:51:10.0810 1828 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:51:10.0815 1828 SessionEnv - ok
19:51:10.0822 1828 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:51:10.0823 1828 sffdisk - ok
19:51:10.0830 1828 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:51:10.0831 1828 sffp_mmc - ok
19:51:10.0838 1828 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:51:10.0839 1828 sffp_sd - ok
19:51:10.0845 1828 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:51:10.0845 1828 sfloppy - ok
19:51:10.0878 1828 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:51:10.0882 1828 SharedAccess - ok
19:51:10.0898 1828 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:51:10.0902 1828 ShellHWDetection - ok
19:51:10.0925 1828 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:51:10.0926 1828 SiSRaid2 - ok
19:51:10.0936 1828 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:51:10.0937 1828 SiSRaid4 - ok
19:51:11.0106 1828 [ AE40D1BC6FB02A5625516AD74CA9A309 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:51:11.0124 1828 Skype C2C Service - ok
19:51:11.0164 1828 [ 875B04A71869D34A415CC8B4D4673EC4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:51:11.0165 1828 SkypeUpdate - ok
19:51:11.0184 1828 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:51:11.0187 1828 Smb - ok
19:51:11.0215 1828 [ E81E48E132216DE7BD5A4E7C89054187 ] SmbDrv C:\Windows\system32\DRIVERS\Smb_driver.sys
19:51:11.0216 1828 SmbDrv - ok
19:51:11.0253 1828 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:51:11.0256 1828 SNMPTRAP - ok
19:51:11.0301 1828 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
19:51:11.0303 1828 speedfan - ok
19:51:11.0380 1828 [ 88A4C3A2144E992A78C92545A47CBB2C ] SplashtopRemoteService C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
19:51:11.0390 1828 SplashtopRemoteService - ok
19:51:11.0441 1828 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:51:11.0443 1828 spldr - ok
19:51:11.0469 1828 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:51:11.0479 1828 Spooler - ok
19:51:11.0577 1828 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:51:11.0602 1828 sppsvc - ok
19:51:11.0617 1828 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:51:11.0618 1828 sppuinotify - ok
19:51:11.0640 1828 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:51:11.0642 1828 srv - ok
19:51:11.0662 1828 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:51:11.0664 1828 srv2 - ok
19:51:11.0675 1828 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:51:11.0676 1828 srvnet - ok
19:51:11.0705 1828 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:51:11.0707 1828 SSDPSRV - ok
19:51:11.0720 1828 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:51:11.0721 1828 SstpSvc - ok
19:51:11.0786 1828 [ 6E6B9B863C5B894F3C6A60680C7317A4 ] SSUService C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
19:51:11.0795 1828 SSUService - ok
19:51:11.0851 1828 Steam Client Service - ok
19:51:11.0924 1828 [ 2222073BE0232E70A397B8302293AA9D ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:51:11.0930 1828 Stereo Service - ok
19:51:11.0955 1828 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:51:11.0956 1828 stexstor - ok
19:51:12.0002 1828 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:51:12.0015 1828 stisvc - ok
19:51:12.0033 1828 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:51:12.0035 1828 storflt - ok
19:51:12.0060 1828 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:51:12.0062 1828 storvsc - ok
19:51:12.0086 1828 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:51:12.0087 1828 swenum - ok
19:51:12.0124 1828 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:51:12.0135 1828 swprv - ok
19:51:12.0148 1828 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
19:51:12.0151 1828 Synth3dVsc - ok
19:51:12.0205 1828 [ 5338ADD749AD5A3CEA35787F8654C015 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:51:12.0212 1828 SynTP - ok
19:51:12.0256 1828 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:51:12.0271 1828 SysMain - ok
19:51:12.0284 1828 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:51:12.0286 1828 TabletInputService - ok
19:51:12.0320 1828 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
19:51:12.0320 1828 tap0901 - ok
19:51:12.0370 1828 [ 3A7CABF7DE8F1325BE8F46685469AEC3 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
19:51:12.0372 1828 taphss6 - ok
19:51:12.0407 1828 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:51:12.0411 1828 TapiSrv - ok
19:51:12.0421 1828 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:51:12.0423 1828 TBS - ok
19:51:12.0485 1828 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:51:12.0498 1828 Tcpip - ok
19:51:12.0535 1828 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:51:12.0544 1828 TCPIP6 - ok
19:51:12.0559 1828 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:51:12.0560 1828 tcpipreg - ok
19:51:12.0582 1828 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:51:12.0584 1828 TDPIPE - ok
19:51:12.0615 1828 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:51:12.0617 1828 TDTCP - ok
19:51:12.0642 1828 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:51:12.0645 1828 tdx - ok
19:51:12.0718 1828 [ 0835A6C3C951A440AD03FB3DAB953D16 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
19:51:12.0736 1828 TeamViewer6 - ok
19:51:12.0759 1828 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:51:12.0760 1828 TermDD - ok
19:51:12.0775 1828 [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt C:\Windows\system32\drivers\terminpt.sys
19:51:12.0775 1828 terminpt - ok
19:51:12.0809 1828 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:51:12.0815 1828 TermService - ok
19:51:12.0824 1828 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:51:12.0826 1828 Themes - ok
19:51:12.0848 1828 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:51:12.0849 1828 THREADORDER - ok
19:51:12.0867 1828 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:51:12.0870 1828 TrkWks - ok
19:51:12.0923 1828 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
19:51:12.0927 1828 truecrypt - ok
19:51:12.0981 1828 [ 132C0E39AF0312E6B9611E2E1B344D41 ] trufos C:\Windows\system32\DRIVERS\trufos.sys
19:51:12.0986 1828 trufos - ok
19:51:13.0039 1828 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:51:13.0043 1828 TrustedInstaller - ok
19:51:13.0057 1828 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:51:13.0059 1828 tssecsrv - ok
19:51:13.0091 1828 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:51:13.0092 1828 TsUsbFlt - ok
19:51:13.0110 1828 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:51:13.0111 1828 TsUsbGD - ok
19:51:13.0142 1828 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
19:51:13.0145 1828 tsusbhub - ok
19:51:13.0188 1828 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:51:13.0191 1828 tunnel - ok
19:51:13.0215 1828 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
19:51:13.0216 1828 TurboB - ok
19:51:13.0251 1828 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:51:13.0253 1828 TurboBoost - ok
19:51:13.0266 1828 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:51:13.0268 1828 uagp35 - ok
19:51:13.0285 1828 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:51:13.0290 1828 udfs - ok
19:51:13.0328 1828 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:51:13.0332 1828 UI0Detect - ok
19:51:13.0409 1828 [ 03380494549D80C409E4513C4D834ECA ] UI5IFS C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys
19:51:13.0410 1828 UI5IFS - ok
19:51:13.0437 1828 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:51:13.0439 1828 uliagpkx - ok
19:51:13.0463 1828 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:51:13.0464 1828 umbus - ok
19:51:13.0477 1828 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:51:13.0479 1828 UmPass - ok
19:51:13.0497 1828 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:51:13.0503 1828 UmRdpService - ok
19:51:13.0609 1828 [ E27BD381C1EEA3F68156B3673FC96D56 ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
19:51:13.0612 1828 UPDATESRV - ok
19:51:13.0648 1828 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:51:13.0655 1828 upnphost - ok
19:51:13.0693 1828 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:51:13.0696 1828 usbaudio - ok
19:51:13.0718 1828 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:51:13.0721 1828 usbccgp - ok
19:51:13.0753 1828 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:51:13.0755 1828 usbcir - ok
19:51:13.0773 1828 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:51:13.0774 1828 usbehci - ok
19:51:13.0799 1828 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:51:13.0804 1828 usbhub - ok
19:51:13.0827 1828 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:51:13.0828 1828 usbohci - ok
19:51:13.0855 1828 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:51:13.0856 1828 usbprint - ok
19:51:13.0874 1828 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:51:13.0876 1828 USBSTOR - ok
19:51:13.0894 1828 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:51:13.0896 1828 usbuhci - ok
19:51:13.0923 1828 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:51:13.0927 1828 usbvideo - ok
19:51:13.0952 1828 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:51:13.0956 1828 UxSms - ok
19:51:13.0983 1828 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:51:13.0986 1828 VaultSvc - ok
19:51:14.0014 1828 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:51:14.0015 1828 vdrvroot - ok
19:51:14.0037 1828 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:51:14.0046 1828 vds - ok
19:51:14.0060 1828 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:51:14.0061 1828 vga - ok
19:51:14.0069 1828 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:51:14.0070 1828 VgaSave - ok
19:51:14.0074 1828 VGPU - ok
19:51:14.0095 1828 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:51:14.0097 1828 vhdmp - ok
19:51:14.0110 1828 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:51:14.0111 1828 viaide - ok
19:51:14.0150 1828 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:51:14.0154 1828 vmbus - ok
19:51:14.0174 1828 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:51:14.0175 1828 VMBusHID - ok
19:51:14.0203 1828 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:51:14.0204 1828 volmgr - ok
19:51:14.0224 1828 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:51:14.0229 1828 volmgrx - ok
19:51:14.0240 1828 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:51:14.0244 1828 volsnap - ok
19:51:14.0268 1828 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:51:14.0271 1828 vsmraid - ok
19:51:14.0320 1828 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:51:14.0342 1828 VSS - ok
19:51:14.0660 1828 [ 52FF6ECCAD97404A6D8A8798CAC49243 ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
19:51:14.0683 1828 VSSERV - ok
19:51:14.0703 1828 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:51:14.0704 1828 vwifibus - ok
19:51:14.0734 1828 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:51:14.0735 1828 vwififlt - ok
19:51:14.0765 1828 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:51:14.0766 1828 vwifimp - ok
19:51:14.0809 1828 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:51:14.0819 1828 W32Time - ok
19:51:14.0842 1828 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:51:14.0843 1828 WacomPen - ok
19:51:14.0861 1828 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:51:14.0862 1828 WANARP - ok
19:51:14.0867 1828 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:51:14.0868 1828 Wanarpv6 - ok
19:51:14.0953 1828 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:51:14.0967 1828 WatAdminSvc - ok
19:51:15.0011 1828 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:51:15.0022 1828 wbengine - ok
19:51:15.0052 1828 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:51:15.0055 1828 WbioSrvc - ok
19:51:15.0071 1828 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:51:15.0075 1828 wcncsvc - ok
19:51:15.0088 1828 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:51:15.0090 1828 WcsPlugInService - ok
19:51:15.0119 1828 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:51:15.0120 1828 Wd - ok
19:51:15.0155 1828 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:51:15.0165 1828 Wdf01000 - ok
19:51:15.0191 1828 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:51:15.0194 1828 WdiServiceHost - ok
19:51:15.0197 1828 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:51:15.0200 1828 WdiSystemHost - ok
19:51:15.0230 1828 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:51:15.0234 1828 WebClient - ok
19:51:15.0241 1828 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:51:15.0246 1828 Wecsvc - ok
19:51:15.0250 1828 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:51:15.0253 1828 wercplsupport - ok
19:51:15.0280 1828 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:51:15.0282 1828 WerSvc - ok
19:51:15.0301 1828 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:51:15.0301 1828 WfpLwf - ok
19:51:15.0339 1828 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:51:15.0342 1828 WimFltr - ok
19:51:15.0359 1828 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:51:15.0360 1828 WIMMount - ok
19:51:15.0379 1828 WinDefend - ok
19:51:15.0393 1828 WinHttpAutoProxySvc - ok
19:51:15.0440 1828 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:51:15.0444 1828 Winmgmt - ok
19:51:15.0506 1828 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:51:15.0526 1828 WinRM - ok
19:51:15.0568 1828 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:51:15.0569 1828 WinUsb - ok
19:51:15.0598 1828 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:51:15.0603 1828 Wlansvc - ok
19:51:15.0683 1828 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:51:15.0694 1828 wlidsvc - ok
19:51:15.0697 1828 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:51:15.0697 1828 WmiAcpi - ok
19:51:15.0722 1828 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:51:15.0723 1828 wmiApSrv - ok
19:51:15.0768 1828 WMPNetworkSvc - ok
19:51:15.0851 1828 [ 94D96F43F7FBECDDEB6D7837FF375611 ] WO_LiveService C:\Users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerService.exe
19:51:15.0856 1828 WO_LiveService - ok
19:51:15.0885 1828 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:51:15.0887 1828 WPCSvc - ok
19:51:15.0892 1828 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:51:15.0894 1828 WPDBusEnum - ok
19:51:15.0915 1828 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:51:15.0915 1828 ws2ifsl - ok
19:51:15.0929 1828 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:51:15.0931 1828 wscsvc - ok
19:51:15.0933 1828 WSearch - ok
19:51:16.0001 1828 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:51:16.0014 1828 wuauserv - ok
19:51:16.0030 1828 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:51:16.0031 1828 WudfPf - ok
19:51:16.0065 1828 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:51:16.0066 1828 WUDFRd - ok
19:51:16.0102 1828 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:51:16.0104 1828 wudfsvc - ok
19:51:16.0139 1828 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:51:16.0141 1828 WwanSvc - ok
19:51:16.0195 1828 [ 74713CB32792F9C7632DAA7DA22CA974 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
19:51:16.0204 1828 ZeroConfigService - ok
19:51:16.0291 1828 [ 6F58BD07113A38412A6AE6566A3B36A0 ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
19:51:16.0294 1828 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
19:51:16.0328 1828 ================ Scan global ===============================
19:51:16.0369 1828 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:51:16.0408 1828 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:51:16.0431 1828 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:51:16.0457 1828 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:51:16.0500 1828 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:51:16.0508 1828 [Global] - ok
19:51:16.0509 1828 ================ Scan MBR ==================================
19:51:16.0522 1828 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:51:16.0784 1828 \Device\Harddisk1\DR1 - ok
19:51:16.0789 1828 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:51:16.0795 1828 \Device\Harddisk0\DR0 - ok
19:51:16.0796 1828 ================ Scan VBR ==================================
19:51:16.0829 1828 [ A77089CEE75136428D5252B17B0A8156 ] \Device\Harddisk1\DR1\Partition1
19:51:16.0832 1828 \Device\Harddisk1\DR1\Partition1 - ok
19:51:16.0837 1828 [ ECA1F8913CD4F4C9AE1F0BDDBAA2FED1 ] \Device\Harddisk1\DR1\Partition2
19:51:16.0840 1828 \Device\Harddisk1\DR1\Partition2 - ok
19:51:16.0845 1828 [ 62D8B825FA11DD4AE32B4921F6F30731 ] \Device\Harddisk0\DR0\Partition1
19:51:16.0847 1828 \Device\Harddisk0\DR0\Partition1 - ok
19:51:16.0848 1828 ============================================================
19:51:16.0848 1828 Scan finished
19:51:16.0848 1828 ============================================================
19:51:16.0863 2812 Detected object count: 0
19:51:16.0863 2812 Actual detected object count: 0

Corrine said:
Hi, Peter.

Please note that I edited your post to paste the logs rather than have them attached.

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.

Click the Start Scan button. Do not use the computer during the scan!

If the scan completes with nothing found, click Close to exit.

If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.

Ensure SKIP is selected... DO NOT attempt to FIX anything yet!

Now click on Report to open the log file created by TDSSKiller in your root directory C:\

A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).

Copy and paste the contents of that file in your next reply.

Corrine · Jul 25, 2013

Hi, Peter.

Please copy/paste the logs I request rather than attaching them.

Please follow these instructions carefully.

Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, a log will be produced. Please copy/paste C:\ComboFix.txt in your next reply.

Ajalon · Jul 26, 2013

Corrine said:
Hi, Peter.

Please copy/paste the logs I request rather than attaching them.

Please follow these instructions carefully.

Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.

Double-click ComboFix.exe on your desktop and follow the prompts.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, a log will be produced. Please copy/paste C:\ComboFix.txt in your next reply.

Hi Corrine,
I have done all of what you have said and run the combfix and the log is below.

ComboFix 13-07-25.02 - Peter Stephens 26-Jul-13 12:14:32.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.13377 [GMT 8:00]
Running from: e:\new downloads 13072013\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Complitly
c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
c:\program files (x86)\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files (x86)\Complitly\FireFoxUninstaller.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
c:\program files (x86)\Complitly\System.Data.SQLite.dll
c:\program files (x86)\Complitly\unins000.dat
c:\program files (x86)\Complitly\unins000.exe
c:\programdata\1347958602.bdinstall.bin
c:\programdata\1353287185.bdinstall.bin
c:\programdata\Roaming
c:\users\Peter Stephens\AppData\Roaming\GetValue.vbs
c:\windows\AsPatch10430001.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-06-26 to 2013-07-26 )))))))))))))))))))))))))))))))
.
.
2013-07-26 04:21 . 2013-07-26 04:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-26 04:21 . 2013-07-26 04:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-25 12:38 . 2013-07-25 12:38 -------- dc----w- C:\email 25072013
2013-07-25 11:00 . 2013-07-25 11:00 -------- d-----w- C:\found.000
2013-07-23 13:54 . 2011-09-25 21:22 196608 ------w- c:\windows\SysWow64\CXPICOMCTL.OCX
2013-07-23 13:54 . 2013-07-23 13:54 -------- d-----w- c:\program files (x86)\zebNet® Thunderbird Backup 2012
2013-07-23 13:49 . 2013-07-26 02:32 -------- dc----w- c:\program files\BreakingNews
2013-07-23 13:46 . 2013-07-23 13:49 -------- d-----w- c:\users\Peter Stephens\AppData\Local\Smartbar
2013-07-23 12:51 . 2013-07-23 12:51 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\205110
2013-07-23 12:50 . 2013-07-23 12:59 -------- d-----w- c:\program files (x86)\Backup E-mail
2013-07-20 02:54 . 2013-07-20 02:54 -------- dc----w- c:\program files\CCleaner
2013-07-15 13:19 . 2013-07-15 13:19 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\Oracle
2013-07-15 13:15 . 2013-07-15 13:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-15 13:09 . 2013-07-15 13:09 -------- d-----w- c:\programdata\McAfee
2013-07-15 11:44 . 2013-07-15 11:44 597776 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-07-13 12:38 . 2013-07-13 12:38 35 ----a-w- c:\users\Peter Stephens\AppData\Roaming\SetValue.bat
2013-07-13 12:38 . 2013-07-13 12:38 1662 ----a-w- c:\windows\SysWow64\tmp.reg
2013-07-13 12:37 . 2009-06-02 03:17 75776 ----a-w- c:\windows\SysWow64\WS2Fix.exe
2013-07-13 12:37 . 2008-12-11 17:57 78336 ----a-w- c:\windows\SysWow64\Agent.OMZ.Fix.exe
2013-07-13 12:37 . 2008-11-29 10:58 82944 ----a-w- c:\windows\SysWow64\IEDFix.C.exe
2013-07-13 12:37 . 2008-10-01 07:51 87552 ----a-w- c:\windows\SysWow64\VACFix.exe
2013-07-13 12:37 . 2008-09-20 04:45 80384 ----a-w- c:\windows\SysWow64\o4Patch.exe
2013-07-13 12:37 . 2008-08-18 04:19 82432 ----a-w- c:\windows\SysWow64\404Fix.exe
2013-07-13 12:37 . 2008-05-18 13:40 82944 ----a-w- c:\windows\SysWow64\IEDFix.exe
2013-07-13 12:37 . 2007-09-05 16:22 289144 ----a-w- c:\windows\SysWow64\VCCLSID.exe
2013-07-13 12:37 . 2006-04-27 09:49 288417 ----a-w- c:\windows\SysWow64\SrchSTS.exe
2013-07-13 12:37 . 2004-07-31 10:50 51200 ----a-w- c:\windows\SysWow64\dumphive.exe
2013-07-13 12:37 . 2003-06-05 13:13 53248 ----a-w- c:\windows\SysWow64\Process.exe
2013-07-13 12:23 . 2013-07-13 12:23 -------- d-----w- c:\programdata\Free Download Manager
2013-07-13 12:23 . 2013-07-13 12:23 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\Free Download Manager
2013-07-13 12:23 . 2013-07-13 12:32 -------- d-----w- c:\program files (x86)\Free Download Manager
2013-07-12 07:52 . 2013-07-12 07:54 -------- d-----w- c:\windows\system32\MRT
2013-07-11 10:42 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 10:42 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 10:42 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 10:42 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 10:42 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 10:41 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 10:41 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 10:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 10:41 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-11 10:41 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 10:41 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 10:41 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 10:41 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 10:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-11 10:41 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 10:41 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 10:41 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 10:39 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 10:39 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 14:39 . 2013-07-10 14:38 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-10 14:39 . 2013-07-10 14:38 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-10 14:39 . 2013-07-10 14:38 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-10 14:39 . 2013-07-10 14:38 188840 ----a-w- c:\windows\system32\java.exe
2013-07-06 02:53 . 2013-07-06 03:11 -------- dc----w- C:\bro don parnell
2013-07-05 10:28 . 2013-07-05 10:28 -------- d-----w- c:\users\Peter Stephens\AppData\Local\Splashtop
2013-07-05 10:28 . 2013-07-05 10:28 -------- d-----w- c:\programdata\Splashtop
2013-07-02 12:52 . 2013-07-02 12:52 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\Privacy Guardian
2013-07-02 12:50 . 2008-09-17 13:17 658432 ------w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-07-02 12:50 . 2008-04-02 07:54 1101824 ------w- c:\windows\SysWow64\UniBox210.ocx
2013-07-02 12:50 . 2008-04-02 07:53 212992 ------w- c:\windows\SysWow64\UniBoxVB12.ocx
2013-07-02 12:50 . 2008-04-02 07:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2013-07-02 12:50 . 2013-07-02 12:50 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2013-07-02 12:49 . 2013-07-02 12:49 -------- d-----w- c:\program files (x86)\PC Tools
2013-07-02 12:47 . 2013-07-02 12:47 -------- d-----w- c:\programdata\PC Tools
2013-07-02 12:47 . 2013-07-02 12:47 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\Product_FR
2013-07-02 12:09 . 2013-07-02 12:09 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-07-02 12:08 . 2013-06-21 10:23 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-07-02 12:08 . 2013-06-21 10:23 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-07-02 12:08 . 2013-06-21 10:23 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-07-02 12:08 . 2013-06-21 10:23 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-07-02 12:08 . 2013-06-21 10:23 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-07-02 12:08 . 2013-06-21 10:23 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-07-02 12:08 . 2013-06-21 12:06 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-07-02 12:08 . 2013-06-21 12:06 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-30 12:43 . 2013-06-30 12:43 -------- d-----w- c:\programdata\Hotspot Shield
2013-06-30 07:44 . 2009-12-18 02:51 108544 ----a-w- c:\windows\SysWow64\drivers\STK03NW2.sys
2013-06-30 07:44 . 2009-12-18 02:51 40872 ----a-w- c:\windows\SysWow64\drivers\STK03NW1.sys
2013-06-30 07:44 . 2009-12-18 02:23 40960 ----a-w- c:\windows\SysWow64\STK03NP.ax
2013-06-30 07:44 . 2013-07-13 08:23 -------- d-----w- c:\windows\STK03N
2013-06-28 11:04 . 2013-07-13 08:23 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-06-26 14:38 . 2013-07-13 08:23 -------- d-----w- c:\users\fbwuser
2013-06-26 14:37 . 2013-06-30 12:44 -------- d-----w- c:\program files (x86)\Hotspot Shield
2013-06-26 14:37 . 2013-06-30 12:44 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\Hotspot Shield
2013-06-26 13:07 . 2013-06-26 13:07 -------- d-----w- c:\users\Peter Stephens\AppData\Local\Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-26 03:29 . 2013-06-25 13:02 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2013-07-15 13:12 . 2012-09-18 10:58 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-15 13:12 . 2012-09-18 10:58 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-15 13:12 . 2012-09-18 10:58 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-10 14:38 . 2012-09-18 07:46 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 14:38 . 2012-09-18 07:46 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-23 16:57 . 2012-09-18 05:59 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 01:09 . 2013-06-21 01:09 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-06-21 01:07 . 2013-06-21 01:07 46792 ------w- c:\windows\system32\drivers\hssdrv6.sys
2013-06-20 21:16 . 2013-06-20 21:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-06-13 12:02 . 2012-09-18 10:58 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 12:02 . 2012-09-18 10:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-07 12:50 . 2012-09-20 09:43 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-07 12:50 . 2012-09-20 06:54 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-04 12:19 . 2012-07-17 06:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-02 05:54 . 2013-01-03 04:58 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-06-02 05:54 . 2012-09-19 02:04 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-05-30 08:37 . 2013-05-30 08:37 382536 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-05-13 05:51 . 2013-06-13 10:39 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-13 10:39 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-13 10:39 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-13 10:39 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-13 10:39 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-13 10:39 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-13 10:39 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-13 10:39 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 10:39 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-13 10:39 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-11 04:23 . 2013-05-02 10:29 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-05-10 05:49 . 2013-06-13 10:40 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-13 10:40 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-13 10:41 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-05 13:14 . 2012-09-20 06:54 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-04 12:31 . 2013-05-04 12:31 506368 ----a-w- c:\windows\SysWow64\msxml.dll
2013-05-03 07:48 . 2012-09-20 06:53 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-05-01 20:17 . 2013-05-01 20:17 11530992 ----a-w- c:\windows\system32\drivers\NETwsw00.sys
2012-09-20 00:45 . 2012-09-20 00:45 10112544 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E}]
2013-06-03 08:17 373904 -c--a-w- c:\program files\BreakingNews\ScriptHost.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-30 10:55 280736 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2012-11-28 08:42 1230216 ----a-w- c:\program files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll" [2012-11-28 1230216]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-25 12:09 222712 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-25 12:09 222712 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-25 12:09 222712 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-16 5622512]
"Akamai NetSession Interface"="c:\users\Peter Stephens\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"DVDFab Passkey"="c:\program files (x86)\DVDFab Passkey\DVDFabPasskey.exe" [2013-07-12 1406328]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2013-01-16 6860288]
"Browser Infrastructure Helper"="c:\users\Peter Stephens\AppData\Local\Smartbar\Application\Smartbar.exe" [2013-07-09 20992]
"BreakingNews"="c:\program files\BreakingNews\BreakingNews\DesktopContainer.exe" [2013-07-05 573072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2013-04-22 91096]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-12-20 75048]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-10-19 1807360]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-11-28 1123720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-05-18 295512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2013-6-30 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 BackupStack;Computer Backup (MyPC Backup); [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 hshld;Hotspot Shield Service; [x]
R2 HssWd;Hotspot Shield Monitoring Service; [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WO_LiveService;Ashampoo LiveTuner Service;c:\users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerService.exe;c:\users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys;c:\windows\SYSNATIVE\DRIVERS\ASPI32.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BDSandBox;BDSandBox; [x]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/09/19 10:20];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
S2 ACT2_Service;Ashampoo Core Tuner 2 Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [x]
S2 ACT2PM;Ashampoo CoreTuner 2 ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys;c:\users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UI5IFS;Ashampoo Uninstaller 5 FileSystemChanges Driver;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys;c:\windows\SYSNATIVE\drivers\dvdfab.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:55 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 12:02]
.
2013-05-16 c:\windows\Tasks\AdvancedDriverUpdater.job
- c:\program files (x86)\Advanced Driver Updater\adu.exe [2013-04-12 07:02]
.
2013-04-12 c:\windows\Tasks\AdvancedDriverUpdater_UPDATES.job
- c:\program files (x86)\Advanced Driver Updater\adu.exe [2013-04-12 07:02]
.
2012-10-22 c:\windows\Tasks\CodecUpdaterTask{A529BA33-9791-4C41-B16C-D2181FD4B032}.job
- c:\programdata\Premium\Codec\Codec.exe [2012-10-22 14:50]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24 01:44]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24 01:44]
.
2013-07-19 c:\windows\Tasks\One-Click Optimizer.job
- c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2012-12-15 04:20]
.
2013-07-26 c:\windows\Tasks\PGAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Privacy Guardian\SULauncher.exe [2013-07-02 09:23]
.
2013-07-23 c:\windows\Tasks\PGSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Privacy Guardian\pg.exe [2013-07-02 09:23]
.
2013-07-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f0333ee7-7359-496f-af41-a69f04040154.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-30 10:55 340640 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-25 12:09 261624 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-25 12:09 261624 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-25 12:09 261624 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-07-15 1568512]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-19 13286472]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"Ashampoo Uninstaller 5 Guard"="c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5Guard.exe" [2012-11-15 2345896]
"Ashampoo WinOptimizer Live-Tuner"="c:\users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTuner.exe" [2012-05-14 2883456]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://search.searchcompletion.com?si=10195&bs=true&q=
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=SHZero&co=AU&userid=3530470c-303a-40c7-afec-1dd8c10f3c38&searchtype=ds&q={searchTerms}&installDate=23/07/2013
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Peter Stephens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: LastPass
IE: LastPass Fill Forms
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: mine.nu\ajalon
TCP: DhcpNameServer = 10.1.1.1
DPF: {D55928C0-4325-451B-AE1F-05771C3693C6} - hxxp://ajalon.mine.nu/NetDvrOcx.cab
FF - ProfilePath - c:\users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\s8flc27i.default-1373680305066\
FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=SHZero&co=AU&userid=3530470c-303a-40c7-afec-1dd8c10f3c38&searchtype=hp&installDate=23/07/2013
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=SHZero&co=AU&userid=3530470c-303a-40c7-afec-1dd8c10f3c38&searchtype=ds&installDate=23/07/2013&q=
FF - ExtSQL: 2013-06-03 18:23; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2013-07-12 19:49; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-07-12 19:49; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-12 19:49; afurladvisor@anchorfree.com; c:\program files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2013-07-13 19:18; {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}; c:\users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\s8flc27i.default-1373680305066\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
FF - ExtSQL: 2013-07-13 20:23; fdm_ffext@freedownloadmanager.org; c:\program files (x86)\Free Download Manager\Firefox\Extension
FF - ExtSQL: 2013-07-23 21:49; {3530470c-303a-40c7-afec-1dd8c10f3c38}; c:\users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\s8flc27i.default-1373680305066\extensions\{3530470c-303a-40c7-afec-1dd8c10f3c38}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
Wow6432Node-HKCU-Run-TVPlanet - (no file)
Wow6432Node-HKCU-Run-RadioPlanet - (no file)
Wow6432Node-HKCU-Run-DriverMax - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-FreeOnlineRadioPlayerRecorder Toolbar - c:\program files (x86)\FreeOnlineRadioPlayerRecorder\uninstall.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-07-26 12:25:08
ComboFix-quarantined-files.txt 2013-07-26 04:25
.
Pre-Run: 629,981,806,592 bytes free
Post-Run: 629,929,201,664 bytes free
.
- - End Of File - - 5BB2983B1428844C46EB1631CB3E1DF7
A36C5E4F47E84449FF07ED3517B43A31

kind regards
Peter

Corrine · Jul 26, 2013

Hi, Peter.

I would like you to run two more tools. After the second tool, if not prompted to restart, please do so. Along with the logs, please let me know if BitDefender and SuperAntispyware are still alerting.

1. Please download AdwCleaner by Xplode to your Desktop.

Double-click AdwCleaner.exe to run the tool.
Click Delete.
Everything that was found will be deleted.
Save any open files and approve the reboot. A text file will open after the restart.
Please post the contents of that logfile with your next reply.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

2. Please download Junkware Removal Tool to your desktop.

Disable your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Ajalon · Jul 26, 2013

Corrine said:
Hi, Peter.

I would like you to run two more tools. After the second tool, if not prompted to restart, please do so. Along with the logs, please let me know if BitDefender and SuperAntispyware are still alerting.

1. Please download AdwCleaner by Xplode to your Desktop.

Double-click AdwCleaner.exe to run the tool.

Click Delete.

Everything that was found will be deleted.

Save any open files and approve the reboot. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

2. Please download Junkware Removal Tool to your desktop.

Disable your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Hi Corrine,
I have done what you had said and the logs are below. After activating those two tools and rebooting and after about 30 seconds later the same old alerts were appearing as before. Thank you for really helping me out in this Corrine.

Kind regards
Peter

# AdwCleaner v2.306 - Logfile created 07/27/2013 at 10:41:53
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Peter Stephens - G74SX64
# Boot Mode : Normal
# Running from : E:\new downloads 13072013\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\END
File Deleted : C:\Users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\s8flc27i.default-1373680305066\searchplugins\Web Search.xml
File Deleted : C:\Users\Public\Desktop\Search The Web.url
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\FreeRIP
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\FreeRIP
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Peter Stephens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Folder Deleted : C:\Users\Peter Stephens\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Peter Stephens\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Peter Stephens\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Peter Stephens\AppData\Roaming\Complitly
Folder Deleted : C:\Users\Peter Stephens\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Peter Stephens\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Peter Stephens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP
Folder Deleted : C:\Users\Peter Stephens\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKU\S-1-5-21-723892928-3225397094-1034544360-1008\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://www.searchcompletion.com?si=10195&home=true --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://www.searchcompletion.com?si=10195&home=true --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://www.searchcompletion.com?si=10195&home=true --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=SHZero&co=AU&userid=3530470c-303a-40c7-afec-1dd8c10f3c38&searchtype=ds&q={searchTerms}&installDate=23/07/2013 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.searchcompletion.com?si=10195&bs=true&q= --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.searchcompletion.com?si=10195&bs=true&q= --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=SHZero&co=AU&userid=3530470c-303a-40c7-afec-1dd8c10f3c38&searchtype=ds&q={searchTerms}&installDate=23/07/2013 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://www.searchcompletion.com?si=10195&home=true --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://www.searchcompletion.com?si=10195&home=true --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.searchcompletion.com?si=10195&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.searchcompletion.com?si=10195&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.searchcompletion.com?si=10195&bs=true&q= --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.searchcompletion.com?si=10195&bs=true&q=%s --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=SHZero&co=AU&userid=3530470c-303a-40c7-afec-1dd8c10f3c38&searchtype=ds&q={searchTerms}&installDate=23/07/2013 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.searchcompletion.com?si=10195&bs=true&q=%s --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=SHZero&co=AU&userid=3530470c-303a-40c7-afec-1dd8c10f3c38&searchtype=ds&q={searchTerms}&installDate=23/07/2013 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://www.searchcompletion.com?si=10195&home=true --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.searchcompletion.com?si=10195&bs=true&q= --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\s8flc27i.default-1373680305066\prefs.js

Deleted : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=SHZero&co=AU&use[...]
Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22913565);
Deleted : user_pref("extensions.helperbar.SmartbarDisabled", true);
Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Deleted : user_pref("extensions.helperbar.Visibility", true);
Deleted : user_pref("extensions.helperbar.countryiso", "au");
Deleted : user_pref("extensions.helperbar.downloadprovider", "shzero");
Deleted : user_pref("extensions.helperbar.installationid", "3530470c-303a-40c7-afec-1dd8c10f3c38");
Deleted : user_pref("extensions.helperbar.installdate", "23/07/2013");
Deleted : user_pref("extensions.helperbar.publisher", "shoppinghelper");
Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=SHZero&co=AU&userid=353[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Peter Stephens\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2893] : homepage = "hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=SHZero&co=AU&userid=3530470c-303a-[...]
Deleted [l.3125] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=SHZero&co=AU[...]

*************************

AdwCleaner[S1].txt - [15354 octets] - [27/07/2013 10:41:53]

########## EOF - C:\AdwCleaner[S1].txt - [15415 octets] ##########

2nd log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 7 Ultimate x64
Ran by Peter Stephens on 27-Jul-13 at 11:00:46.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack
Successfully stopped: [Service] hshld
Successfully deleted: [Service] hshld
Successfully stopped: [Service] hsstrayservice
Successfully deleted: [Service] hsstrayservice
Successfully stopped: [Service] hsswd
Successfully deleted: [Service] hsswd

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F999A48B-1950-4D81-9971-79018F807B4B}

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\ProgramData\splashtop"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Peter Stephens\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Users\Peter Stephens\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Peter Stephens\appdata\local\splashtop"
Successfully deleted: [Folder] "C:\Users\Peter Stephens\appdata\locallow\freeonlineradioplayerrecorder"
Successfully deleted: [Folder] "C:\Users\Peter Stephens\appdata\locallow\ytd"
Failed to delete: [Folder] "C:\Program Files (x86)\splashtop"
Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted the following from C:\Users\Peter Stephens\AppData\Roaming\mozilla\firefox\profiles\s8flc27i.default-1373680305066\prefs.js

user_pref("extensions.ui.lastCategory", "addons://search/free%20download%20manager%20plugin");
Emptied folder: C:\Users\Peter Stephens\AppData\Roaming\mozilla\firefox\profiles\s8flc27i.default-1373680305066\minidumps [3 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Peter Stephens\appdata\local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27-Jul-13 at 11:08:44.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Corrine · Jul 27, 2013

Hi, Peter.

Thank you for the logs and letting me know that you are still getting alerts. The only place that the Bit Defender finding turns up is in your original post here. The SAS finding is so generic that it isn't helpful. So, let's keep at it, as I am certain those alerts must be very irritating.

1. Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

2. Please download Malwarebytes' Anti-Malware to your desktop from here.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
-- Update Malwarebytes' Anti-Malware and
-- Launch Malwarebytes' Anti-Malware
Click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, check the following settings:
-- On the Scanner tab, check Perform quick scan.
-- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Note: Please restart your computer after scanning with MBAM. If there are no alerts, it won't be necessary to scan with ESET. Just post the MBAM log.

3. Often a different antivirus software will detect things with a different name so let's see if ESET finds something. Don't be alarmed if it picks up the ComboFix qoobox quarantine log.
Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.

Fingers crossed. :smile9:

Ajalon · Jul 28, 2013

Corrine said:
Hi, Peter.

Thank you for the logs and letting me know that you are still getting alerts. The only place that the Bit Defender finding turns up is in your original post here. The SAS finding is so generic that it isn't helpful. So, let's keep at it, as I am certain those alerts must be very irritating.

1. Download TFC to your desktop

Open the file and close any other windows.

It will close all programs itself when run, make sure to let it run uninterrupted.

Click the Start button to begin the process. The program should not take long to finish its job

Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

2. Please download Malwarebytes' Anti-Malware to your desktop from here.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to
-- Update Malwarebytes' Anti-Malware and
-- Launch Malwarebytes' Anti-Malware

Click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, check the following settings:
-- On the Scanner tab, check Perform quick scan.
-- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:

Click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Note: Please restart your computer after scanning with MBAM. If there are no alerts, it won't be necessary to scan with ESET. Just post the MBAM log.

3. Often a different antivirus software will detect things with a different name so let's see if ESET finds something. Don't be alarmed if it picks up the ComboFix qoobox quarantine log.
Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)

Turn off the real time scanner of any existing antivirus program while performing the online scan

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

Click Scan

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic.

Fingers crossed. :smile9:

Ajalon · Jul 28, 2013

Corrine said:
Hi, Peter.

Thank you for the logs and letting me know that you are still getting alerts. The only place that the Bit Defender finding turns up is in your original post here. The SAS finding is so generic that it isn't helpful. So, let's keep at it, as I am certain those alerts must be very irritating.

1. Download TFC to your desktop

Open the file and close any other windows.

It will close all programs itself when run, make sure to let it run uninterrupted.

Click the Start button to begin the process. The program should not take long to finish its job

Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

2. Please download Malwarebytes' Anti-Malware to your desktop from here.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to
-- Update Malwarebytes' Anti-Malware and
-- Launch Malwarebytes' Anti-Malware

Click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, check the following settings:
-- On the Scanner tab, check Perform quick scan.
-- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:

Click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Note: Please restart your computer after scanning with MBAM. If there are no alerts, it won't be necessary to scan with ESET. Just post the MBAM log.

3. Often a different antivirus software will detect things with a different name so let's see if ESET finds something. Don't be alarmed if it picks up the ComboFix qoobox quarantine log.
Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)

Turn off the real time scanner of any existing antivirus program while performing the online scan

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

Click Scan

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic.

Fingers crossed. :smile9:

Hi Corrine,
I've done the TFC and then the mbam, and the Malwarebytes came up with no infections, and I have posted the log for that below. After reboot, I waited for a while and it took a little longer this time but then it started again as before the multiple alerts kept coming , so as you told me the next step, I did the ESET online scanning and it seems this one is showing that my pc has 71 infections and the log is below too. I thank you so much.
P.S: when I was doing the online scanning with ESET tho I turned off the real time scanning in my bitdefender and superantispyware, I forget about the Malwarebytes and while the ESET was scanning the mbam caught an infection I think and the logs are below.

Kind regards
Peter

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.07.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Peter Stephens :: G74SX64 [administrator]

Protection: Enabled

28-Jul-13 14:38:49
mbam-log-2013-07-28 (14-38-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 265385
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

This is the infection from MBAM only while ESET was scanning

2013/07/28 14:35:15 +0800 G74SX64 Peter Stephens MESSAGE Executing scheduled update: Daily
2013/07/28 14:35:18 +0800 G74SX64 Peter Stephens MESSAGE Starting protection
2013/07/28 14:35:18 +0800 G74SX64 Peter Stephens MESSAGE Protection started successfully
2013/07/28 14:35:18 +0800 G74SX64 Peter Stephens MESSAGE Starting IP protection
2013/07/28 14:35:28 +0800 G74SX64 Peter Stephens MESSAGE IP Protection started successfully
2013/07/28 14:35:40 +0800 G74SX64 Peter Stephens MESSAGE Starting database refresh
2013/07/28 14:35:40 +0800 G74SX64 Peter Stephens MESSAGE Stopping IP protection
2013/07/28 14:35:40 +0800 G74SX64 Peter Stephens MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2013.07.28.01
2013/07/28 14:35:42 +0800 G74SX64 Peter Stephens MESSAGE IP Protection stopped successfully
2013/07/28 14:35:45 +0800 G74SX64 Peter Stephens MESSAGE Database refreshed successfully
2013/07/28 14:35:45 +0800 G74SX64 Peter Stephens MESSAGE Starting IP protection
2013/07/28 14:35:46 +0800 G74SX64 Peter Stephens MESSAGE IP Protection started successfully
2013/07/28 14:49:29 +0800 G74SX64 (null) MESSAGE Starting protection
2013/07/28 14:49:29 +0800 G74SX64 (null) MESSAGE Protection started successfully
2013/07/28 14:49:29 +0800 G74SX64 (null) MESSAGE Starting IP protection
2013/07/28 14:49:31 +0800 G74SX64 (null) MESSAGE IP Protection started successfully
2013/07/28 17:00:57 +0800 G74SX64 Peter Stephens DETECTION E:\new downloads 28012013\SoftonicDownloader_for_directx.exe PUP.Optional.Softonic QUARANTINE
2013/07/28 17:03:58 +0800 G74SX64 Peter Stephens DETECTION e:\new downloads 28012013\softonicdownloader_for_directx.exe PUP.Optional.Softonic QUARANTINE
2013/07/28 17:03:58 +0800 G74SX64 Peter Stephens ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/07/28 17:31:38 +0800 G74SX64 Peter Stephens MESSAGE Stopping IP protection
2013/07/28 17:31:38 +0800 G74SX64 Peter Stephens MESSAGE IP Protection stopped successfully

This is the ESET log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fe336cdd66877946b1c5f59b0f0e0f75
# engine=14557
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-28 11:48:46
# local_time=2013-07-28 07:48:46 (+0800, W. Australia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1308298 126641976 0 0
# scanned=542008
# found=71
# cleaned=0
# scan_time=12808
sh=55614B45D6DD36082FBCE67C6EEAD979EB66E131 ft=1 fh=65c26dff2374ef6f vn="Win32/Packed.Autoit.H application" ac=I fn="C:\Program Files (x86)\DriverGuide\DriverScan\force_driver_install.exe"
sh=D758C63EBE8443A2C3C0CAD5274794D5701A7878 ft=1 fh=82ec0bb96324450f vn="Win32/Packed.Autoit.H application" ac=I fn="C:\Program Files (x86)\DriverGuide\DriverScan\force_driver_install_x64.exe"
sh=3AF404CF509637170F0A9549E40C787E10CF0A72 ft=1 fh=8930c3e0d1a3262f vn="Win32/GenUpdater application" ac=I fn="C:\ProgramData\Premium\Codec\Codec.exe"
sh=0A6E10101490CEEE36675A126B1D174B598B3DD7 ft=1 fh=e1e90acff543cf54 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\ChromeModule.dll"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\cltmng.exe"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\SPHook32.dll"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\ffprotect\application.js"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js"
sh=3AF404CF509637170F0A9549E40C787E10CF0A72 ft=1 fh=8930c3e0d1a3262f vn="Win32/GenUpdater application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Premium\Codec\Codec.exe"
sh=D07E5593B59BE469C361D3D4AF340A8748974D53 ft=1 fh=a82af4c5fef9d8cf vn="multiple threats" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WICHR6V0\SPSetup[1].exe"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\bndeackb.default\extensions\plugin@yontoo.com\content\overlay.js"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\ChromeModule.dll"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\cltmng.exe"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\SPHook32.dll"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\ffprotect\application.js"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js"
sh=3AF404CF509637170F0A9549E40C787E10CF0A72 ft=1 fh=8930c3e0d1a3262f vn="Win32/GenUpdater application" ac=I fn="C:\Users\All Users\Premium\Codec\Codec.exe"
sh=D65E902FBB6DD159DF6B8A84FF31A50BC846C1B3 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Peter Stephens\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\Users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\content\overlay.js"
sh=EEBB02CE4B740B3A6565917A604B3693400264B2 ft=1 fh=38f672b50a552c3a vn="multiple threats" ac=I fn="C:\Users\Peter Stephens\Downloads\SmitfraudFix_v2.423.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\Users\Peter Stephens\Downloads\SmitfraudFix\Process.exe"
sh=904552C6D3D62C2C2897565F3DAD5FF5F92A4500 ft=1 fh=78f1739f17135b7d vn="Win32/Shutdown.NAA application" ac=I fn="C:\Users\Peter Stephens\Downloads\SmitfraudFix\restart.exe"
sh=9763B07FFA2F898885DA54437076157C28CB824F ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Windows\Installer\730d6.msi"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\Windows\System32\Process.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\Windows\SysWOW64\Process.exe"
sh=3AF404CF509637170F0A9549E40C787E10CF0A72 ft=1 fh=8930c3e0d1a3262f vn="Win32/GenUpdater application" ac=I fn="D:\Users\All Users\Premium\Codec\Codec.exe"
sh=A59A4FA533718DC4D68922DB38468DBF18D48D23 ft=1 fh=899f3e2a5ca1d3d6 vn="multiple threats" ac=I fn="E:\asus laptop drive D\downloads\BestVideoDownloaderSetup-Silent.exe"
sh=DCC9FDF83A08A75A25967ED68BBF45DAE64C3B9E ft=1 fh=dd59be2b083fa8f0 vn="Win32/OpenCandy application" ac=I fn="E:\asus laptop drive H\new downloads\AxCrypt-1.7.2931.0-Setup.exe"
sh=A59A4FA533718DC4D68922DB38468DBF18D48D23 ft=1 fh=899f3e2a5ca1d3d6 vn="multiple threats" ac=I fn="E:\asus laptop drive H\new downloads\BestVideoDownloaderSetup-Silent.exe"
sh=EF77C1325FCA76E9DA9D7DE2A14E3B0A0E604C05 ft=1 fh=fd3bf3b0720b0ca3 vn="a variant of Win32/CNETInstaller.A application" ac=I fn="E:\asus laptop drive H\new downloads\cbsidlm-cbsi3_2_5_41-RealPlayer-10073040.exe"
sh=D4894660B77D2A0B41EB76B756A3D15BBF2BA2D1 ft=1 fh=a86ae1f95896c136 vn="Win32/Packed.Autoit.H application" ac=I fn="E:\asus laptop drive H\new downloads\DriverScan_Setup_1.exe"
sh=217547DCE858F68DAF5112F868AED64A0BD3736B ft=1 fh=555647625e1b4126 vn="a variant of Win32/InstallBrain.H application" ac=I fn="E:\asus laptop drive H\new downloads\eTypeSetup.exe.dap"
sh=11A00B6F415FD4A4C1FA2A4F05809A2534B19544 ft=1 fh=ea8b8ebff6e5599e vn="a variant of Win32/Bundled.Toolbar.Ask.A application" ac=I fn="E:\asus laptop drive H\peters documents\My Completed Downloads\aTube_Catcher_Installer.exe"
sh=9C7AF53C82BC986BE2473C0B50C3BC3225D324CA ft=1 fh=644f514ef0ffc79c vn="a variant of Win32/BSDownloader application" ac=I fn="E:\downloads\Afreecodec_downloader_For_Eufony_Free_CD_Ripper.exe"
sh=7F5796BD6CD8470F9CFB1EF8B76C3933B85EB4D2 ft=1 fh=5d48e4c3c4c75295 vn="a variant of Win32/BSDownloader application" ac=I fn="E:\downloads\Afreecodec_downloader_For_FreeRIP.exe"
sh=A782320544FE2EA479680D358ABC41CDC3583456 ft=1 fh=b6edc56a0b69f644 vn="a variant of Win32/Adware.Nieguide.AD application" ac=I fn="E:\downloads\badakencoder_3.0.0.14.exe"
sh=ED7D7021B85F1113163ACE3BD786DD9E1DD9FF8B ft=1 fh=6e298554a877c30c vn="a variant of Win32/BSDownloader application" ac=I fn="E:\downloads\Brothersoft_downloader_For_Animal_Chess.exe"
sh=D366627B609FFF4DAD032805E204F56F84BA67D0 ft=1 fh=26716298ead2f4f9 vn="Win32/OpenCandy application" ac=I fn="E:\downloads\FreeAudioConverter(1).exe"
sh=CE7405BC9B7D73517FA8F2CFD9BAED2BBB58F9CA ft=1 fh=55375d5c63b67047 vn="Win32/OpenCandy application" ac=I fn="E:\downloads\FreeAudioConverter.exe"
sh=DA03D7E2AA1FE14948D85052A0FF681E0B3C015F ft=1 fh=6dd0627438a1753c vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="E:\downloads\freeripmp3-setup.exe"
sh=E2577F335921BD41DCA331C9484FDA8FDE4E8FEA ft=1 fh=09fe4cbc3ef13a3a vn="multiple threats" ac=I fn="E:\downloads\MetacafeRemovalTool.exe"
sh=4184376B16C06B4314587CA817499FD16CDA39B5 ft=1 fh=f03881700660064d vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\downloads\SoftonicDownloader_for_abc-amber-text-converter.exe"
sh=B74243569B15A08D0C579E190380AF4889F5C7FB ft=1 fh=1efb16240eaf4326 vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\downloads\SoftonicDownloader_for_flightgear.exe"
sh=110B1A8EA6A3C5501F7C622AE08A474ED45247C4 ft=1 fh=e8fc18a73ae93347 vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\downloads\SoftonicDownloader_for_orbiter.exe"
sh=79CE0F7A91FF8ECF235668A5816734FAE521EE5D ft=1 fh=7d288439ea7d212b vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\downloads\SoftonicDownloader_for_vlc-media-player-nightly.exe"
sh=979BC1272F1E40A44E9ED31D4DEA225BD742657B ft=1 fh=f70f1ebbb1b7859a vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\downloads\SoftonicDownloader_for_x-plane.exe"
sh=F3E499FE2AEAC3C16BE75D53F8C4BCDD7917A8E6 ft=1 fh=3eb633822d9ca983 vn="Win32/InstallMate application" ac=I fn="E:\downloads\VaudiX.exe"
sh=13C8AD18369E96563F4BC35DF2434A0C6789183A ft=1 fh=43d93b51d192a44e vn="Win32/InstallCore.BL application" ac=I fn="E:\downloads\Win7Themes_Downloader.exe"
sh=58C506D93FA108D2279F0801E3F1CD5C7AB36981 ft=1 fh=3c9d3175fad0644b vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="E:\downloads\YTDSetup.exe"
sh=4D60B3A4B1DB9B2524B1C44E8C90D84539E91631 ft=1 fh=7daa5d91dc5c644e vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\new downloads 13072013\SoftonicDownloader_for_trojan-remover.exe"
sh=46152E8B96EC309AECCD04299883E3205C07C5D8 ft=1 fh=996a4477da497580 vn="Win32/OpenCandy application" ac=I fn="E:\new downloads 28012013\bsplayer264.1073.exe"
sh=9A76769B0126D3A178AA86C473F4F2C5F61026CD ft=1 fh=8f053d67efaefc45 vn="Win32/OpenCandy application" ac=I fn="E:\new downloads 28012013\bsplayer265.1074.exe"
sh=BDB9ADCC6484A7C83FC1BA9C12F8501E1B469F87 ft=1 fh=61b8c62aa949cace vn="probably a variant of Win32/CNETInstaller.A application" ac=I fn="E:\new downloads 28012013\cbsidlm-cbsi109-Download_App-BP-75864009.exe"
sh=DF5019B4B4924376CA516089B75F414DD48453DA ft=1 fh=12e7a6e367cdf50a vn="Win32/DownloadAdmin.G application" ac=I fn="E:\new downloads 28012013\cbsidlm-tr1_12-Free_Calculator-ORG-10584035.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application" ac=I fn="E:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361(1).exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application" ac=I fn="E:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361.exe"
sh=28E67E6EA921565911E9B9F4BF90CAD8A0AC299C ft=1 fh=feb46369975befe0 vn="a variant of Win32/DownloadSponsor.A application" ac=I fn="E:\new downloads 28012013\ChromeSetup-Beta24.0.1312.35.exe.exe"
sh=3BAD958AFF83639C6F0DEB7A267CBEA2FB2DE5D3 ft=1 fh=31688d33f6a5f2ac vn="Win32/InstallMonetizer.AF application" ac=I fn="E:\new downloads 28012013\FLV_to_AVI_WMV_MPEG_Free_Converter_setup.exe"
sh=79ABA7277F4AE7FA9E301AE0AC5A96BFE0D84952 ft=1 fh=31688d33e4645ae1 vn="Win32/InstallMonetizer.AF application" ac=I fn="E:\new downloads 28012013\FLV_to_MP3_Free_Converter_setup.exe"
sh=06DE00BE71145BB1CE4B82B9CE2FDB42448F49B1 ft=1 fh=3d118bb36a8762d4 vn="Win32/OpenCandy application" ac=I fn="E:\new downloads 28012013\FreeAudioConverter.exe"
sh=3C643A7D85CB3A32419F89E7ADDA4259CAA04381 ft=1 fh=ec511b9d97c77884 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="E:\new downloads 28012013\freeripmp3-setup.exe"
sh=74652BB55B35EAF701B7776753E34D36835EEC6E ft=1 fh=6b672c3a89b6e08f vn="Win32/OpenCandy application" ac=I fn="E:\new downloads 28012013\FreeYouTubeToMP3Converter.exe"
sh=214261C280970C9BDF60A9D558D7191F895822B4 ft=1 fh=667488c410edc435 vn="Win32/Toolbar.SearchSuite application" ac=I fn="E:\new downloads 28012013\jZSetup-r169-n-bf.exe"
sh=30A08D4920D67CCC06675859BF1CF07631911975 ft=1 fh=09524b5cc39351ea vn="Win32/OpenCandy application" ac=I fn="E:\new downloads 28012013\TubetillaSuperEz.exe"
sh=13C8AD18369E96563F4BC35DF2434A0C6789183A ft=1 fh=43d93b51d192a44e vn="Win32/InstallCore.BL application" ac=I fn="E:\new downloads 28012013\Win7Themes_Downloader.exe"

Corrine · Jul 28, 2013

Hi, Peter.

Much of what ESET found is in System Restore, which we will take care of later. There were a number of files picked up, likely due to the way they were packed, others because they included PUPs (potentially unwanted programs). A large majority are old downloaded files, which if ever needed it would be best to download a fresh copy. There are also a lot of very old files, such as S!Ri's SmitFraudFix, safe but certainly no longer needed.

1. Please start by uninstalling DriverScan 2012, detected as "Win32/Packed.Autoit.H application". After uninstalling, if the DriverGuide folder located at C:\Program Files (x86)\DriverGuide hasn't been removed, please delete it.

2. Next, we'll see how many of the detected files ComboFix can remove and whether this takes care of the alerts by BitDefender and SAS. Please note that it is a long list, so be sure to copy everything within the code box.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/size]

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code:

Folder::
C:\ProgramData\Premium
C:\Users\All Users\Premium
C:\Users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com
C:\Users\Peter Stephens\Downloads\SmitfraudFix

File::
C:\Users\Peter Stephens\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab
C:\Users\Peter Stephens\Downloads\SmitfraudFix_v2.423.exe
C:\Windows\Installer\730d6.msi
C:\Windows\System32\Process.exe
C:\Windows\SysWOW64\Process.exe
D:\Users\All Users\Premium\Codec\Codec.exe
E:\asus laptop drive D\downloads\BestVideoDownloaderSetup-Silent.exe
E:\asus laptop drive H\new downloads\AxCrypt-1.7.2931.0-Setup.exe
E:\asus laptop drive H\new downloads\BestVideoDownloaderSetup-Silent.exe
E:\asus laptop drive H\new downloads\cbsidlm-cbsi3_2_5_41-RealPlayer-10073040.exe
E:\asus laptop drive H\new downloads\DriverScan_Setup_1.exe
E:\asus laptop drive H\new downloads\eTypeSetup.exe.dap
E:\asus laptop drive H\peters documents\My Completed Downloads\aTube_Catcher_Installer.exe
E:\downloads\Afreecodec_downloader_For_Eufony_Free_CD_Ripper.exe
E:\downloads\Afreecodec_downloader_For_FreeRIP.exe
E:\downloads\badakencoder_3.0.0.14.exe
E:\downloads\Brothersoft_downloader_For_Animal_Chess.exe
E:\downloads\FreeAudioConverter(1).exe
E:\downloads\FreeAudioConverter.exe
E:\downloads\freeripmp3-setup.exe
E:\downloads\MetacafeRemovalTool.exe
E:\downloads\SoftonicDownloader_for_abc-amber-text-converter.exe
E:\downloads\SoftonicDownloader_for_flightgear.exe
E:\downloads\SoftonicDownloader_for_orbiter.exe
E:\downloads\SoftonicDownloader_for_vlc-media-player-nightly.exe
E:\downloads\SoftonicDownloader_for_x-plane.exe
E:\downloads\VaudiX.exe
E:\downloads\Win7Themes_Downloader.exe
E:\downloads\YTDSetup.exe
E:\new downloads 13072013\SoftonicDownloader_for_trojan-remover.exe
E:\new downloads 28012013\bsplayer264.1073.exe
E:\new downloads 28012013\bsplayer265.1074.exe
E:\new downloads 28012013\cbsidlm-cbsi109-Download_App-BP-75864009.exe
E:\new downloads 28012013\cbsidlm-tr1_12-Free_Calculator-ORG-10584035.exe
E:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361(1).exe
E:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361.exe
E:\new downloads 28012013\ChromeSetup-Beta24.0.1312.35.exe.exe
E:\new downloads 28012013\FLV_to_AVI_WMV_MPEG_Free_Converter_setup.exe
E:\new downloads 28012013\FLV_to_MP3_Free_Converter_setup.exe
E:\new downloads 28012013\FreeAudioConverter.exe
E:\new downloads 28012013\freeripmp3-setup.exe
E:\new downloads 28012013\FreeYouTubeToMP3Converter.exe
E:\new downloads 28012013\jZSetup-r169-n-bf.exe
E:\new downloads 28012013\TubetillaSuperEz.exe
E:\new downloads 28012013\Win7Themes_Downloader.exe

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

As before, please let me know if the alerts are continuing.

Ajalon · Jul 29, 2013

Corrine said:
Hi, Peter.

Much of what ESET found is in System Restore, which we will take care of later. There were a number of files picked up, likely due to the way they were packed, others because they included PUPs (potentially unwanted programs). A large majority are old downloaded files, which if ever needed it would be best to download a fresh copy. There are also a lot of very old files, such as S!Ri's SmitFraudFix, safe but certainly no longer needed.

1. Please start by uninstalling DriverScan 2012, detected as "Win32/Packed.Autoit.H application". After uninstalling, if the DriverGuide folder located at C:\Program Files (x86)\DriverGuide hasn't been removed, please delete it.

2. Next, we'll see how many of the detected files ComboFix can remove and whether this takes care of the alerts by BitDefender and SAS. Please note that it is a long list, so be sure to copy everything within the code box.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/size]

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code:

Folder:: C:\ProgramData\Premium C:\Users\All Users\Premium C:\Users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com C:\Users\Peter Stephens\Downloads\SmitfraudFix File:: C:\Users\Peter Stephens\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab C:\Users\Peter Stephens\Downloads\SmitfraudFix_v2.423.exe C:\Windows\Installer\730d6.msi C:\Windows\System32\Process.exe C:\Windows\SysWOW64\Process.exe D:\Users\All Users\Premium\Codec\Codec.exe E:\asus laptop drive D\downloads\BestVideoDownloaderSetup-Silent.exe E:\asus laptop drive H\new downloads\AxCrypt-1.7.2931.0-Setup.exe E:\asus laptop drive H\new downloads\BestVideoDownloaderSetup-Silent.exe E:\asus laptop drive H\new downloads\cbsidlm-cbsi3_2_5_41-RealPlayer-10073040.exe E:\asus laptop drive H\new downloads\DriverScan_Setup_1.exe E:\asus laptop drive H\new downloads\eTypeSetup.exe.dap E:\asus laptop drive H\peters documents\My Completed Downloads\aTube_Catcher_Installer.exe E:\downloads\Afreecodec_downloader_For_Eufony_Free_CD_Ripper.exe E:\downloads\Afreecodec_downloader_For_FreeRIP.exe E:\downloads\badakencoder_3.0.0.14.exe E:\downloads\Brothersoft_downloader_For_Animal_Chess.exe E:\downloads\FreeAudioConverter(1).exe E:\downloads\FreeAudioConverter.exe E:\downloads\freeripmp3-setup.exe E:\downloads\MetacafeRemovalTool.exe E:\downloads\SoftonicDownloader_for_abc-amber-text-converter.exe E:\downloads\SoftonicDownloader_for_flightgear.exe E:\downloads\SoftonicDownloader_for_orbiter.exe E:\downloads\SoftonicDownloader_for_vlc-media-player-nightly.exe E:\downloads\SoftonicDownloader_for_x-plane.exe E:\downloads\VaudiX.exe E:\downloads\Win7Themes_Downloader.exe E:\downloads\YTDSetup.exe E:\new downloads 13072013\SoftonicDownloader_for_trojan-remover.exe E:\new downloads 28012013\bsplayer264.1073.exe E:\new downloads 28012013\bsplayer265.1074.exe E:\new downloads 28012013\cbsidlm-cbsi109-Download_App-BP-75864009.exe E:\new downloads 28012013\cbsidlm-tr1_12-Free_Calculator-ORG-10584035.exe E:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361(1).exe E:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361.exe E:\new downloads 28012013\ChromeSetup-Beta24.0.1312.35.exe.exe E:\new downloads 28012013\FLV_to_AVI_WMV_MPEG_Free_Converter_setup.exe E:\new downloads 28012013\FLV_to_MP3_Free_Converter_setup.exe E:\new downloads 28012013\FreeAudioConverter.exe E:\new downloads 28012013\freeripmp3-setup.exe E:\new downloads 28012013\FreeYouTubeToMP3Converter.exe E:\new downloads 28012013\jZSetup-r169-n-bf.exe E:\new downloads 28012013\TubetillaSuperEz.exe E:\new downloads 28012013\Win7Themes_Downloader.exe

Save this as CFScript.txt and place it on your desktop.

Close any open browsers.

Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

As before, please let me know if the alerts are continuing.

Hi Corrine,
I have done all of the above and after the combfix I rebooted my pc and I've noticed for one hour there were no alerts from bitdefender and when I just did a manual bitdefender usual update for definitions the alerts for virus started again as before. The combofix log is below.

Kind regards
Peter

ComboFix 13-07-27.01 - Peter Stephens 29-Jul-13 19:44:21.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.13101 [GMT 8:00]
Running from: e:\new downloads 13072013\ComboFix.exe
Command switches used :: c:\users\Peter Stephens\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
FILE ::
"c:\users\Peter Stephens\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab"
"c:\users\Peter Stephens\Downloads\SmitfraudFix_v2.423.exe"
"c:\windows\Installer\730d6.msi"
"c:\windows\System32\Process.exe"
"c:\windows\SysWOW64\Process.exe"
"d:\users\All Users\Premium\Codec\Codec.exe"
"e:\asus laptop drive d\downloads\BestVideoDownloaderSetup-Silent.exe"
"e:\asus laptop drive h\new downloads\AxCrypt-1.7.2931.0-Setup.exe"
"e:\asus laptop drive h\new downloads\BestVideoDownloaderSetup-Silent.exe"
"e:\asus laptop drive h\new downloads\cbsidlm-cbsi3_2_5_41-RealPlayer-10073040.exe"
"e:\asus laptop drive h\new downloads\DriverScan_Setup_1.exe"
"e:\asus laptop drive h\new downloads\eTypeSetup.exe.dap"
"e:\asus laptop drive h\peters documents\My Completed Downloads\aTube_Catcher_Installer.exe"
"e:\downloads\Afreecodec_downloader_For_Eufony_Free_CD_Ripper.exe"
"e:\downloads\Afreecodec_downloader_For_FreeRIP.exe"
"e:\downloads\badakencoder_3.0.0.14.exe"
"e:\downloads\Brothersoft_downloader_For_Animal_Chess.exe"
"e:\downloads\FreeAudioConverter(1).exe"
"e:\downloads\FreeAudioConverter.exe"
"e:\downloads\freeripmp3-setup.exe"
"e:\downloads\MetacafeRemovalTool.exe"
"e:\downloads\SoftonicDownloader_for_abc-amber-text-converter.exe"
"e:\downloads\SoftonicDownloader_for_flightgear.exe"
"e:\downloads\SoftonicDownloader_for_orbiter.exe"
"e:\downloads\SoftonicDownloader_for_vlc-media-player-nightly.exe"
"e:\downloads\SoftonicDownloader_for_x-plane.exe"
"e:\downloads\VaudiX.exe"
"e:\downloads\Win7Themes_Downloader.exe"
"e:\downloads\YTDSetup.exe"
"e:\new downloads 13072013\SoftonicDownloader_for_trojan-remover.exe"
"e:\new downloads 28012013\bsplayer264.1073.exe"
"e:\new downloads 28012013\bsplayer265.1074.exe"
"e:\new downloads 28012013\cbsidlm-cbsi109-Download_App-BP-75864009.exe"
"e:\new downloads 28012013\cbsidlm-tr1_12-Free_Calculator-ORG-10584035.exe"
"e:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361(1).exe"
"e:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361.exe"
"e:\new downloads 28012013\ChromeSetup-Beta24.0.1312.35.exe.exe"
"e:\new downloads 28012013\FLV_to_AVI_WMV_MPEG_Free_Converter_setup.exe"
"e:\new downloads 28012013\FLV_to_MP3_Free_Converter_setup.exe"
"e:\new downloads 28012013\FreeAudioConverter.exe"
"e:\new downloads 28012013\freeripmp3-setup.exe"
"e:\new downloads 28012013\FreeYouTubeToMP3Converter.exe"
"e:\new downloads 28012013\jZSetup-r169-n-bf.exe"
"e:\new downloads 28012013\TubetillaSuperEz.exe"
"e:\new downloads 28012013\Win7Themes_Downloader.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Premium
c:\programdata\Premium\Codec\Codec.exe
c:\programdata\Premium\Codec\profile.ini
c:\users\All Users\Premium\Codec\Codec.exe
c:\users\All Users\Premium\Codec\profile.ini
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\build.sh
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\chrome.manifest
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\config_build.sh
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\content\about.xul
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\content\firefoxOverlay.xul
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\content\options.xul
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\content\overlay.js
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\content\y2layers.jpg
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\defaults\preferences\y2layers.js
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\install.rdf
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\locale\en-US\about.dtd
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\locale\en-US\prefwindow.dtd
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\locale\en-US\y2layers.dtd
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\locale\en-US\y2layers.properties
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\META-INF\manifest.mf
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\META-INF\zigbert.rsa
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\META-INF\zigbert.sf
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\readme.txt
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\skin\overlay.css
c:\users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\skin\toolbar-button.png
c:\users\Peter Stephens\Downloads\SmitfraudFix
c:\users\Peter Stephens\Downloads\SmitfraudFix\404Fix.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\Agent.OMZ.Fix.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\beep_2K_original.sys
c:\users\Peter Stephens\Downloads\SmitfraudFix\beep_XP_original.sys
c:\users\Peter Stephens\Downloads\SmitfraudFix\dumphive.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\exit.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\GenericRenosFix.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\HostsChk.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\IEDFix.C.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\IEDFix.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\o4Patch.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\Policies.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\Process.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\ProxyDisable.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\Reboot.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\restart.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\SmitfraudFix.cmd
c:\users\Peter Stephens\Downloads\SmitfraudFix\SmiUpdate.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\SrchSTS.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\swreg.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\swsc.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\swxcacls.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\UIFix.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\unzip.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\VACFix.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\VCCLSID.exe
c:\users\Peter Stephens\Downloads\SmitfraudFix\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-29 )))))))))))))))))))))))))))))))
.
.
2013-07-29 11:51 . 2013-07-29 11:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-29 11:51 . 2013-07-29 11:51 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-07-29 11:51 . 2013-07-29 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-28 08:11 . 2013-07-28 08:11 -------- d-----w- c:\program files (x86)\ESET
2013-07-28 06:35 . 2013-07-28 06:35 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\Malwarebytes
2013-07-28 06:34 . 2013-07-28 06:34 -------- d-----w- c:\programdata\Malwarebytes
2013-07-28 06:34 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-28 06:34 . 2013-07-28 06:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-28 05:15 . 2013-07-28 05:15 -------- d-----w- c:\programdata\YTD Video Downloader
2013-07-27 03:14 . 2013-07-27 03:14 -------- d-----w- c:\users\Peter Stephens\AppData\Local\Splashtop
2013-07-27 03:14 . 2013-07-27 03:14 -------- d-----w- c:\programdata\Splashtop
2013-07-27 03:00 . 2013-07-27 03:00 -------- d-----w- c:\windows\ERUNT
2013-07-26 07:46 . 2003-02-02 12:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2013-07-26 07:46 . 2002-03-05 17:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2013-07-26 07:46 . 2013-07-26 07:50 -------- d-----w- c:\program files (x86)\Trojan Remover
2013-07-26 07:46 . 2013-07-26 07:46 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\Simply Super Software
2013-07-26 07:46 . 2013-07-26 07:46 -------- d-----w- c:\programdata\Simply Super Software
2013-07-25 12:38 . 2013-07-25 12:38 -------- dc----w- C:\email 25072013
2013-07-25 11:00 . 2013-07-25 11:00 -------- d-----w- C:\found.000
2013-07-23 13:54 . 2011-09-25 21:22 196608 ------w- c:\windows\SysWow64\CXPICOMCTL.OCX
2013-07-23 13:54 . 2013-07-23 13:54 -------- d-----w- c:\program files (x86)\zebNet® Thunderbird Backup 2012
2013-07-23 13:49 . 2013-07-26 05:54 -------- dc----w- c:\program files\BreakingNews
2013-07-23 12:51 . 2013-07-23 12:51 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\205110
2013-07-23 12:50 . 2013-07-26 05:11 -------- d-----w- c:\program files (x86)\Backup E-mail
2013-07-20 02:54 . 2013-07-20 02:54 -------- dc----w- c:\program files\CCleaner
2013-07-15 13:19 . 2013-07-15 13:19 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\Oracle
2013-07-15 13:15 . 2013-07-15 13:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-15 13:09 . 2013-07-15 13:09 -------- d-----w- c:\programdata\McAfee
2013-07-15 11:44 . 2013-07-15 11:44 597776 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-07-13 12:38 . 2013-07-13 12:38 35 ----a-w- c:\users\Peter Stephens\AppData\Roaming\SetValue.bat
2013-07-13 12:38 . 2013-07-13 12:38 1662 ----a-w- c:\windows\SysWow64\tmp.reg
2013-07-13 12:37 . 2009-06-02 03:17 75776 ----a-w- c:\windows\SysWow64\WS2Fix.exe
2013-07-13 12:37 . 2008-12-11 17:57 78336 ----a-w- c:\windows\SysWow64\Agent.OMZ.Fix.exe
2013-07-13 12:37 . 2008-11-29 10:58 82944 ----a-w- c:\windows\SysWow64\IEDFix.C.exe
2013-07-13 12:37 . 2008-10-01 07:51 87552 ----a-w- c:\windows\SysWow64\VACFix.exe
2013-07-13 12:37 . 2008-09-20 04:45 80384 ----a-w- c:\windows\SysWow64\o4Patch.exe
2013-07-13 12:37 . 2008-08-18 04:19 82432 ----a-w- c:\windows\SysWow64\404Fix.exe
2013-07-13 12:37 . 2008-05-18 13:40 82944 ----a-w- c:\windows\SysWow64\IEDFix.exe
2013-07-13 12:37 . 2007-09-05 16:22 289144 ----a-w- c:\windows\SysWow64\VCCLSID.exe
2013-07-13 12:37 . 2006-04-27 09:49 288417 ----a-w- c:\windows\SysWow64\SrchSTS.exe
2013-07-13 12:37 . 2004-07-31 10:50 51200 ----a-w- c:\windows\SysWow64\dumphive.exe
2013-07-13 12:37 . 2003-06-05 13:13 53248 ----a-w- c:\windows\SysWow64\Process.exe
2013-07-13 12:23 . 2013-07-13 12:23 -------- d-----w- c:\programdata\Free Download Manager
2013-07-13 12:23 . 2013-07-13 12:23 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\Free Download Manager
2013-07-13 12:23 . 2013-07-13 12:32 -------- d-----w- c:\program files (x86)\Free Download Manager
2013-07-12 07:52 . 2013-07-12 07:54 -------- d-----w- c:\windows\system32\MRT
2013-07-11 10:42 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 10:42 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 10:42 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 10:42 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 10:42 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 10:41 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 10:41 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 10:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 10:41 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-11 10:41 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 10:41 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 10:41 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 10:41 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 10:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-11 10:41 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 10:41 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 10:41 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 10:39 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 10:39 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 14:39 . 2013-07-10 14:38 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-10 14:39 . 2013-07-10 14:38 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-10 14:39 . 2013-07-10 14:38 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-10 14:39 . 2013-07-10 14:38 188840 ----a-w- c:\windows\system32\java.exe
2013-07-06 02:53 . 2013-07-06 03:11 -------- dc----w- C:\bro don parnell
2013-07-02 12:52 . 2013-07-02 12:52 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\Privacy Guardian
2013-07-02 12:50 . 2008-09-17 13:17 658432 ------w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-07-02 12:50 . 2008-04-02 07:54 1101824 ------w- c:\windows\SysWow64\UniBox210.ocx
2013-07-02 12:50 . 2008-04-02 07:53 212992 ------w- c:\windows\SysWow64\UniBoxVB12.ocx
2013-07-02 12:50 . 2008-04-02 07:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2013-07-02 12:50 . 2013-07-02 12:50 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2013-07-02 12:49 . 2013-07-02 12:49 -------- d-----w- c:\program files (x86)\PC Tools
2013-07-02 12:47 . 2013-07-02 12:47 -------- d-----w- c:\programdata\PC Tools
2013-07-02 12:47 . 2013-07-02 12:47 -------- d-----w- c:\users\Peter Stephens\AppData\Roaming\Product_FR
2013-07-02 12:09 . 2013-07-02 12:09 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-07-02 12:08 . 2013-06-21 10:23 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-07-02 12:08 . 2013-06-21 10:23 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-07-02 12:08 . 2013-06-21 10:23 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-07-02 12:08 . 2013-06-21 10:23 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-07-02 12:08 . 2013-06-21 10:23 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-07-02 12:08 . 2013-06-21 10:23 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-07-02 12:08 . 2013-06-21 12:06 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-07-02 12:08 . 2013-06-21 12:06 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-30 12:43 . 2013-06-30 12:43 -------- d-----w- c:\programdata\Hotspot Shield
2013-06-30 07:44 . 2009-12-18 02:51 108544 ----a-w- c:\windows\SysWow64\drivers\STK03NW2.sys
2013-06-30 07:44 . 2009-12-18 02:51 40872 ----a-w- c:\windows\SysWow64\drivers\STK03NW1.sys
2013-06-30 07:44 . 2009-12-18 02:23 40960 ----a-w- c:\windows\SysWow64\STK03NP.ax
2013-06-30 07:44 . 2013-07-13 08:23 -------- d-----w- c:\windows\STK03N
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-29 11:42 . 2013-06-25 13:02 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2013-07-27 02:49 . 2012-09-18 10:58 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-27 02:49 . 2012-09-18 10:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 13:12 . 2012-09-18 10:58 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-15 13:12 . 2012-09-18 10:58 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-15 13:12 . 2012-09-18 10:58 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-10 14:38 . 2012-09-18 07:46 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 14:38 . 2012-09-18 07:46 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-23 16:57 . 2012-09-18 05:59 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 01:09 . 2013-06-21 01:09 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-06-21 01:07 . 2013-06-21 01:07 46792 ------w- c:\windows\system32\drivers\hssdrv6.sys
2013-06-20 21:16 . 2013-06-20 21:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-06-07 12:50 . 2012-09-20 09:43 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-07 12:50 . 2012-09-20 06:54 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-04 12:19 . 2012-07-17 06:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-02 05:54 . 2013-01-03 04:58 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-06-02 05:54 . 2012-09-19 02:04 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-05-30 08:37 . 2013-05-30 08:37 382536 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-05-13 05:51 . 2013-06-13 10:39 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-13 10:39 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-13 10:39 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-13 10:39 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-13 10:39 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-13 10:39 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-13 10:39 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-13 10:39 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 10:39 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-13 10:39 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-11 04:23 . 2013-05-02 10:29 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-05-10 05:49 . 2013-06-13 10:40 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-13 10:40 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-13 10:41 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-05 13:14 . 2012-09-20 06:54 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-04 12:31 . 2013-05-04 12:31 506368 ----a-w- c:\windows\SysWow64\msxml.dll
2013-05-03 07:48 . 2012-09-20 06:53 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-05-01 20:17 . 2013-05-01 20:17 11530992 ----a-w- c:\windows\system32\drivers\NETwsw00.sys
2012-09-20 00:45 . 2012-09-20 00:45 10112544 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E}]
2013-06-03 08:17 373904 -c--a-w- c:\program files\BreakingNews\ScriptHost.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-25 12:09 222712 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-25 12:09 222712 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-25 12:09 222712 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-16 5622512]
"Akamai NetSession Interface"="c:\users\Peter Stephens\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"DVDFab Passkey"="c:\program files (x86)\DVDFab Passkey\DVDFabPasskey.exe" [2013-07-12 1406328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2013-04-22 91096]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-12-20 75048]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-10-19 1807360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-05-18 295512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2013-07-26 1655568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2013-6-30 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WO_LiveService;Ashampoo LiveTuner Service;c:\users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerService.exe;c:\users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerService.exe [x]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys;c:\windows\SYSNATIVE\DRIVERS\ASPI32.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BDSandBox;BDSandBox; [x]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/09/19 10:20];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
S2 ACT2_Service;Ashampoo Core Tuner 2 Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [x]
S2 ACT2PM;Ashampoo CoreTuner 2 ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys;c:\users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UI5IFS;Ashampoo Uninstaller 5 FileSystemChanges Driver;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys;c:\windows\SYSNATIVE\drivers\dvdfab.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:55 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 02:49]
.
2013-05-16 c:\windows\Tasks\AdvancedDriverUpdater.job
- c:\program files (x86)\Advanced Driver Updater\adu.exe [2013-04-12 07:02]
.
2013-04-12 c:\windows\Tasks\AdvancedDriverUpdater_UPDATES.job
- c:\program files (x86)\Advanced Driver Updater\adu.exe [2013-04-12 07:02]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24 01:44]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24 01:44]
.
2013-07-19 c:\windows\Tasks\One-Click Optimizer.job
- c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2012-12-15 04:20]
.
2013-07-29 c:\windows\Tasks\PGAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Privacy Guardian\SULauncher.exe [2013-07-02 09:23]
.
2013-07-29 c:\windows\Tasks\PGSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Privacy Guardian\pg.exe [2013-07-02 09:23]
.
2013-07-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f0333ee7-7359-496f-af41-a69f04040154.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-25 12:09 261624 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-25 12:09 261624 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-25 12:09 261624 ----a-w- c:\users\Peter Stephens\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-07-15 1568512]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-19 13286472]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"Ashampoo Uninstaller 5 Guard"="c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5Guard.exe" [2012-11-15 2345896]
"Ashampoo WinOptimizer Live-Tuner"="c:\users\Peter Stephens\Ashampoo WinOptimizer 9\LiveTuner.exe" [2012-05-14 2883456]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Peter Stephens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: LastPass
IE: LastPass Fill Forms
Trusted Zone: mine.nu\ajalon
TCP: DhcpNameServer = 10.1.1.1
DPF: {D55928C0-4325-451B-AE1F-05771C3693C6} - hxxp://ajalon.mine.nu/NetDvrOcx.cab
FF - ProfilePath - c:\users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\s8flc27i.default-1373680305066\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2013-07-12 19:49; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-07-12 19:49; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-12 19:49; afurladvisor@anchorfree.com; c:\program files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2013-07-13 19:18; {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}; c:\users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\s8flc27i.default-1373680305066\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
FF - ExtSQL: 2013-07-13 20:23; fdm_ffext@freedownloadmanager.org; c:\program files (x86)\Free Download Manager\Firefox\Extension
FF - ExtSQL: 2013-07-26 13:48; artur.dubovoy@gmail.com; c:\users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\s8flc27i.default-1373680305066\extensions\artur.dubovoy@gmail.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-FreeOnlineRadioPlayerRecorder Toolbar - c:\program files (x86)\FreeOnlineRadioPlayerRecorder\uninstall.exe
AddRemove-Splashtop Software Updater - c:\program files (x86)\Splashtop\Splashtop Software Updater\uninst.exe
AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files (x86)\FreeRIP\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-07-29 19:55:13
ComboFix-quarantined-files.txt 2013-07-29 11:55
ComboFix2.txt 2013-07-26 04:25
.
Pre-Run: 627,909,050,368 bytes free
Post-Run: 627,891,314,688 bytes free
.
- - End Of File - - E8E89639580D07250248C7ECEEAE0CEE
A36C5E4F47E84449FF07ED3517B43A31

Corrine · Jul 29, 2013

Hi, Peter.

At least we're making progress but without knowing which files BitDefender is objecting to, we need to keep at it. Seeing as how ESET picked up files in System Restore as well as d: and e:, it could also be what BitDefender is objecting to. I'm going to have you use the ComboFix uninstall process to create a new restore point and clear the old restore points, followed by another ESET scan but this time have ESET remove what is found.

1. Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

2. Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
IMPORTANT This time, make sure that the option Remove found threats is checked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.

As before, let me know if BitDefender is still objecting. By the way, have you received a response from BitDefender yet?

Ajalon · Aug 1, 2013

Corrine said:
Hi, Peter.

At least we're making progress but without knowing which files BitDefender is objecting to, we need to keep at it. Seeing as how ESET picked up files in System Restore as well as d: and e:, it could also be what BitDefender is objecting to. I'm going to have you use the ComboFix uninstall process to create a new restore point and clear the old restore points, followed by another ESET scan but this time have ESET remove what is found.

1. Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

2. Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)

Turn off the real time scanner of any existing antivirus program while performing the online scan

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

IMPORTANT This time, make sure that the option Remove found threats is checked and the Scan Archives option is ticked.

Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

Click Scan

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic.

As before, let me know if BitDefender is still objecting. By the way, have you received a response from BitDefender yet?

Hi Corrine,
Sorry I couldn't get back sooner, but I have done what you had told me above and the log from ESET is below. The system is still the same as before I am still getting the same alerts as before
unfortunately .
Kind regards
Peter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fe336cdd66877946b1c5f59b0f0e0f75
# engine=14557
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-28 11:48:46
# local_time=2013-07-28 07:48:46 (+0800, W. Australia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1308298 126641976 0 0
# scanned=542008
# found=71
# cleaned=0
# scan_time=12808
sh=55614B45D6DD36082FBCE67C6EEAD979EB66E131 ft=1 fh=65c26dff2374ef6f vn="Win32/Packed.Autoit.H application" ac=I fn="C:\Program Files (x86)\DriverGuide\DriverScan\force_driver_install.exe"
sh=D758C63EBE8443A2C3C0CAD5274794D5701A7878 ft=1 fh=82ec0bb96324450f vn="Win32/Packed.Autoit.H application" ac=I fn="C:\Program Files (x86)\DriverGuide\DriverScan\force_driver_install_x64.exe"
sh=3AF404CF509637170F0A9549E40C787E10CF0A72 ft=1 fh=8930c3e0d1a3262f vn="Win32/GenUpdater application" ac=I fn="C:\ProgramData\Premium\Codec\Codec.exe"
sh=0A6E10101490CEEE36675A126B1D174B598B3DD7 ft=1 fh=e1e90acff543cf54 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\ChromeModule.dll"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\cltmng.exe"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\SPHook32.dll"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\ffprotect\application.js"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js"
sh=3AF404CF509637170F0A9549E40C787E10CF0A72 ft=1 fh=8930c3e0d1a3262f vn="Win32/GenUpdater application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Premium\Codec\Codec.exe"
sh=D07E5593B59BE469C361D3D4AF340A8748974D53 ft=1 fh=a82af4c5fef9d8cf vn="multiple threats" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WICHR6V0\SPSetup[1].exe"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\bndeackb.default\extensions\plugin@yontoo.com\content\overlay.js"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\ChromeModule.dll"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\cltmng.exe"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\SPHook32.dll"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\ffprotect\application.js"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js"
sh=3AF404CF509637170F0A9549E40C787E10CF0A72 ft=1 fh=8930c3e0d1a3262f vn="Win32/GenUpdater application" ac=I fn="C:\Users\All Users\Premium\Codec\Codec.exe"
sh=D65E902FBB6DD159DF6B8A84FF31A50BC846C1B3 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Peter Stephens\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\Users\Peter Stephens\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\content\overlay.js"
sh=EEBB02CE4B740B3A6565917A604B3693400264B2 ft=1 fh=38f672b50a552c3a vn="multiple threats" ac=I fn="C:\Users\Peter Stephens\Downloads\SmitfraudFix_v2.423.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\Users\Peter Stephens\Downloads\SmitfraudFix\Process.exe"
sh=904552C6D3D62C2C2897565F3DAD5FF5F92A4500 ft=1 fh=78f1739f17135b7d vn="Win32/Shutdown.NAA application" ac=I fn="C:\Users\Peter Stephens\Downloads\SmitfraudFix\restart.exe"
sh=9763B07FFA2F898885DA54437076157C28CB824F ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Windows\Installer\730d6.msi"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\Windows\System32\Process.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\Windows\SysWOW64\Process.exe"
sh=3AF404CF509637170F0A9549E40C787E10CF0A72 ft=1 fh=8930c3e0d1a3262f vn="Win32/GenUpdater application" ac=I fn="D:\Users\All Users\Premium\Codec\Codec.exe"
sh=A59A4FA533718DC4D68922DB38468DBF18D48D23 ft=1 fh=899f3e2a5ca1d3d6 vn="multiple threats" ac=I fn="E:\asus laptop drive D\downloads\BestVideoDownloaderSetup-Silent.exe"
sh=DCC9FDF83A08A75A25967ED68BBF45DAE64C3B9E ft=1 fh=dd59be2b083fa8f0 vn="Win32/OpenCandy application" ac=I fn="E:\asus laptop drive H\new downloads\AxCrypt-1.7.2931.0-Setup.exe"
sh=A59A4FA533718DC4D68922DB38468DBF18D48D23 ft=1 fh=899f3e2a5ca1d3d6 vn="multiple threats" ac=I fn="E:\asus laptop drive H\new downloads\BestVideoDownloaderSetup-Silent.exe"
sh=EF77C1325FCA76E9DA9D7DE2A14E3B0A0E604C05 ft=1 fh=fd3bf3b0720b0ca3 vn="a variant of Win32/CNETInstaller.A application" ac=I fn="E:\asus laptop drive H\new downloads\cbsidlm-cbsi3_2_5_41-RealPlayer-10073040.exe"
sh=D4894660B77D2A0B41EB76B756A3D15BBF2BA2D1 ft=1 fh=a86ae1f95896c136 vn="Win32/Packed.Autoit.H application" ac=I fn="E:\asus laptop drive H\new downloads\DriverScan_Setup_1.exe"
sh=217547DCE858F68DAF5112F868AED64A0BD3736B ft=1 fh=555647625e1b4126 vn="a variant of Win32/InstallBrain.H application" ac=I fn="E:\asus laptop drive H\new downloads\eTypeSetup.exe.dap"
sh=11A00B6F415FD4A4C1FA2A4F05809A2534B19544 ft=1 fh=ea8b8ebff6e5599e vn="a variant of Win32/Bundled.Toolbar.Ask.A application" ac=I fn="E:\asus laptop drive H\peters documents\My Completed Downloads\aTube_Catcher_Installer.exe"
sh=9C7AF53C82BC986BE2473C0B50C3BC3225D324CA ft=1 fh=644f514ef0ffc79c vn="a variant of Win32/BSDownloader application" ac=I fn="E:\downloads\Afreecodec_downloader_For_Eufony_Free_CD_Ripper.exe"
sh=7F5796BD6CD8470F9CFB1EF8B76C3933B85EB4D2 ft=1 fh=5d48e4c3c4c75295 vn="a variant of Win32/BSDownloader application" ac=I fn="E:\downloads\Afreecodec_downloader_For_FreeRIP.exe"
sh=A782320544FE2EA479680D358ABC41CDC3583456 ft=1 fh=b6edc56a0b69f644 vn="a variant of Win32/Adware.Nieguide.AD application" ac=I fn="E:\downloads\badakencoder_3.0.0.14.exe"
sh=ED7D7021B85F1113163ACE3BD786DD9E1DD9FF8B ft=1 fh=6e298554a877c30c vn="a variant of Win32/BSDownloader application" ac=I fn="E:\downloads\Brothersoft_downloader_For_Animal_Chess.exe"
sh=D366627B609FFF4DAD032805E204F56F84BA67D0 ft=1 fh=26716298ead2f4f9 vn="Win32/OpenCandy application" ac=I fn="E:\downloads\FreeAudioConverter(1).exe"
sh=CE7405BC9B7D73517FA8F2CFD9BAED2BBB58F9CA ft=1 fh=55375d5c63b67047 vn="Win32/OpenCandy application" ac=I fn="E:\downloads\FreeAudioConverter.exe"
sh=DA03D7E2AA1FE14948D85052A0FF681E0B3C015F ft=1 fh=6dd0627438a1753c vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="E:\downloads\freeripmp3-setup.exe"
sh=E2577F335921BD41DCA331C9484FDA8FDE4E8FEA ft=1 fh=09fe4cbc3ef13a3a vn="multiple threats" ac=I fn="E:\downloads\MetacafeRemovalTool.exe"
sh=4184376B16C06B4314587CA817499FD16CDA39B5 ft=1 fh=f03881700660064d vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\downloads\SoftonicDownloader_for_abc-amber-text-converter.exe"
sh=B74243569B15A08D0C579E190380AF4889F5C7FB ft=1 fh=1efb16240eaf4326 vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\downloads\SoftonicDownloader_for_flightgear.exe"
sh=110B1A8EA6A3C5501F7C622AE08A474ED45247C4 ft=1 fh=e8fc18a73ae93347 vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\downloads\SoftonicDownloader_for_orbiter.exe"
sh=79CE0F7A91FF8ECF235668A5816734FAE521EE5D ft=1 fh=7d288439ea7d212b vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\downloads\SoftonicDownloader_for_vlc-media-player-nightly.exe"
sh=979BC1272F1E40A44E9ED31D4DEA225BD742657B ft=1 fh=f70f1ebbb1b7859a vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\downloads\SoftonicDownloader_for_x-plane.exe"
sh=F3E499FE2AEAC3C16BE75D53F8C4BCDD7917A8E6 ft=1 fh=3eb633822d9ca983 vn="Win32/InstallMate application" ac=I fn="E:\downloads\VaudiX.exe"
sh=13C8AD18369E96563F4BC35DF2434A0C6789183A ft=1 fh=43d93b51d192a44e vn="Win32/InstallCore.BL application" ac=I fn="E:\downloads\Win7Themes_Downloader.exe"
sh=58C506D93FA108D2279F0801E3F1CD5C7AB36981 ft=1 fh=3c9d3175fad0644b vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="E:\downloads\YTDSetup.exe"
sh=4D60B3A4B1DB9B2524B1C44E8C90D84539E91631 ft=1 fh=7daa5d91dc5c644e vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="E:\new downloads 13072013\SoftonicDownloader_for_trojan-remover.exe"
sh=46152E8B96EC309AECCD04299883E3205C07C5D8 ft=1 fh=996a4477da497580 vn="Win32/OpenCandy application" ac=I fn="E:\new downloads 28012013\bsplayer264.1073.exe"
sh=9A76769B0126D3A178AA86C473F4F2C5F61026CD ft=1 fh=8f053d67efaefc45 vn="Win32/OpenCandy application" ac=I fn="E:\new downloads 28012013\bsplayer265.1074.exe"
sh=BDB9ADCC6484A7C83FC1BA9C12F8501E1B469F87 ft=1 fh=61b8c62aa949cace vn="probably a variant of Win32/CNETInstaller.A application" ac=I fn="E:\new downloads 28012013\cbsidlm-cbsi109-Download_App-BP-75864009.exe"
sh=DF5019B4B4924376CA516089B75F414DD48453DA ft=1 fh=12e7a6e367cdf50a vn="Win32/DownloadAdmin.G application" ac=I fn="E:\new downloads 28012013\cbsidlm-tr1_12-Free_Calculator-ORG-10584035.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application" ac=I fn="E:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361(1).exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application" ac=I fn="E:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361.exe"
sh=28E67E6EA921565911E9B9F4BF90CAD8A0AC299C ft=1 fh=feb46369975befe0 vn="a variant of Win32/DownloadSponsor.A application" ac=I fn="E:\new downloads 28012013\ChromeSetup-Beta24.0.1312.35.exe.exe"
sh=3BAD958AFF83639C6F0DEB7A267CBEA2FB2DE5D3 ft=1 fh=31688d33f6a5f2ac vn="Win32/InstallMonetizer.AF application" ac=I fn="E:\new downloads 28012013\FLV_to_AVI_WMV_MPEG_Free_Converter_setup.exe"
sh=79ABA7277F4AE7FA9E301AE0AC5A96BFE0D84952 ft=1 fh=31688d33e4645ae1 vn="Win32/InstallMonetizer.AF application" ac=I fn="E:\new downloads 28012013\FLV_to_MP3_Free_Converter_setup.exe"
sh=06DE00BE71145BB1CE4B82B9CE2FDB42448F49B1 ft=1 fh=3d118bb36a8762d4 vn="Win32/OpenCandy application" ac=I fn="E:\new downloads 28012013\FreeAudioConverter.exe"
sh=3C643A7D85CB3A32419F89E7ADDA4259CAA04381 ft=1 fh=ec511b9d97c77884 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="E:\new downloads 28012013\freeripmp3-setup.exe"
sh=74652BB55B35EAF701B7776753E34D36835EEC6E ft=1 fh=6b672c3a89b6e08f vn="Win32/OpenCandy application" ac=I fn="E:\new downloads 28012013\FreeYouTubeToMP3Converter.exe"
sh=214261C280970C9BDF60A9D558D7191F895822B4 ft=1 fh=667488c410edc435 vn="Win32/Toolbar.SearchSuite application" ac=I fn="E:\new downloads 28012013\jZSetup-r169-n-bf.exe"
sh=30A08D4920D67CCC06675859BF1CF07631911975 ft=1 fh=09524b5cc39351ea vn="Win32/OpenCandy application" ac=I fn="E:\new downloads 28012013\TubetillaSuperEz.exe"
sh=13C8AD18369E96563F4BC35DF2434A0C6789183A ft=1 fh=43d93b51d192a44e vn="Win32/InstallCore.BL application" ac=I fn="E:\new downloads 28012013\Win7Themes_Downloader.exe"
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fe336cdd66877946b1c5f59b0f0e0f75
# engine=14599
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-31 04:22:03
# local_time=2013-08-01 12:22:03 (+0800, W. Australia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1583895 126917573 0 0
# scanned=553681
# found=62
# cleaned=61
# scan_time=16494
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\Windows\SysWOW64\Process.exe"
sh=0A6E10101490CEEE36675A126B1D174B598B3DD7 ft=1 fh=e1e90acff543cf54 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\ChromeModule.dll"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\cltmng.exe"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\bin\SPHook32.dll"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\ffprotect\application.js"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js"
sh=3AF404CF509637170F0A9549E40C787E10CF0A72 ft=1 fh=8930c3e0d1a3262f vn="Win32/GenUpdater application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Premium\Codec\Codec.exe"
sh=D07E5593B59BE469C361D3D4AF340A8748974D53 ft=1 fh=a82af4c5fef9d8cf vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WICHR6V0\SPSetup[1].exe"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\Mozilla\Firefox\Profiles\bndeackb.default\extensions\plugin@yontoo.com\content\overlay.js"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\ChromeModule.dll"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\cltmng.exe"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\bin\SPHook32.dll"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\ffprotect\application.js"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Peter Stephens\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js"
sh=D65E902FBB6DD159DF6B8A84FF31A50BC846C1B3 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application (deleted - quarantined)" ac=C fn="C:\Users\Peter Stephens\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab"
sh=EEBB02CE4B740B3A6565917A604B3693400264B2 ft=1 fh=38f672b50a552c3a vn="multiple threats (deleted - quarantined)" ac=C fn="C:\Users\Peter Stephens\Downloads\SmitfraudFix_v2.423.exe"
sh=9763B07FFA2F898885DA54437076157C28CB824F ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\730d6.msi"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\Process.exe"
sh=A59A4FA533718DC4D68922DB38468DBF18D48D23 ft=1 fh=899f3e2a5ca1d3d6 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="E:\asus laptop drive D\downloads\BestVideoDownloaderSetup-Silent.exe"
sh=DCC9FDF83A08A75A25967ED68BBF45DAE64C3B9E ft=1 fh=dd59be2b083fa8f0 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="E:\asus laptop drive H\new downloads\AxCrypt-1.7.2931.0-Setup.exe"
sh=A59A4FA533718DC4D68922DB38468DBF18D48D23 ft=1 fh=899f3e2a5ca1d3d6 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="E:\asus laptop drive H\new downloads\BestVideoDownloaderSetup-Silent.exe"
sh=EF77C1325FCA76E9DA9D7DE2A14E3B0A0E604C05 ft=1 fh=fd3bf3b0720b0ca3 vn="a variant of Win32/CNETInstaller.A application (cleaned by deleting - quarantined)" ac=C fn="E:\asus laptop drive H\new downloads\cbsidlm-cbsi3_2_5_41-RealPlayer-10073040.exe"
sh=D4894660B77D2A0B41EB76B756A3D15BBF2BA2D1 ft=1 fh=a86ae1f95896c136 vn="Win32/Packed.Autoit.H application (deleted - quarantined)" ac=C fn="E:\asus laptop drive H\new downloads\DriverScan_Setup_1.exe"
sh=217547DCE858F68DAF5112F868AED64A0BD3736B ft=1 fh=555647625e1b4126 vn="a variant of Win32/InstallBrain.H application (cleaned by deleting - quarantined)" ac=C fn="E:\asus laptop drive H\new downloads\eTypeSetup.exe.dap"
sh=11A00B6F415FD4A4C1FA2A4F05809A2534B19544 ft=1 fh=ea8b8ebff6e5599e vn="a variant of Win32/Bundled.Toolbar.Ask.A application (cleaned by deleting - quarantined)" ac=C fn="E:\asus laptop drive H\peters documents\My Completed Downloads\aTube_Catcher_Installer.exe"
sh=9C7AF53C82BC986BE2473C0B50C3BC3225D324CA ft=1 fh=644f514ef0ffc79c vn="a variant of Win32/BSDownloader application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\Afreecodec_downloader_For_Eufony_Free_CD_Ripper.exe"
sh=7F5796BD6CD8470F9CFB1EF8B76C3933B85EB4D2 ft=1 fh=5d48e4c3c4c75295 vn="a variant of Win32/BSDownloader application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\Afreecodec_downloader_For_FreeRIP.exe"
sh=A782320544FE2EA479680D358ABC41CDC3583456 ft=1 fh=b6edc56a0b69f644 vn="a variant of Win32/Adware.Nieguide.AD application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\badakencoder_3.0.0.14.exe"
sh=ED7D7021B85F1113163ACE3BD786DD9E1DD9FF8B ft=1 fh=6e298554a877c30c vn="a variant of Win32/BSDownloader application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\Brothersoft_downloader_For_Animal_Chess.exe"
sh=D366627B609FFF4DAD032805E204F56F84BA67D0 ft=1 fh=26716298ead2f4f9 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\FreeAudioConverter(1).exe"
sh=CE7405BC9B7D73517FA8F2CFD9BAED2BBB58F9CA ft=1 fh=55375d5c63b67047 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\FreeAudioConverter.exe"
sh=DA03D7E2AA1FE14948D85052A0FF681E0B3C015F ft=1 fh=6dd0627438a1753c vn="a variant of Win32/Bundled.Toolbar.Ask.D application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\freeripmp3-setup.exe"
sh=E2577F335921BD41DCA331C9484FDA8FDE4E8FEA ft=1 fh=09fe4cbc3ef13a3a vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\MetacafeRemovalTool.exe"
sh=4184376B16C06B4314587CA817499FD16CDA39B5 ft=1 fh=f03881700660064d vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\SoftonicDownloader_for_abc-amber-text-converter.exe"
sh=B74243569B15A08D0C579E190380AF4889F5C7FB ft=1 fh=1efb16240eaf4326 vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\SoftonicDownloader_for_flightgear.exe"
sh=110B1A8EA6A3C5501F7C622AE08A474ED45247C4 ft=1 fh=e8fc18a73ae93347 vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\SoftonicDownloader_for_orbiter.exe"
sh=79CE0F7A91FF8ECF235668A5816734FAE521EE5D ft=1 fh=7d288439ea7d212b vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\SoftonicDownloader_for_vlc-media-player-nightly.exe"
sh=979BC1272F1E40A44E9ED31D4DEA225BD742657B ft=1 fh=f70f1ebbb1b7859a vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\SoftonicDownloader_for_x-plane.exe"
sh=F3E499FE2AEAC3C16BE75D53F8C4BCDD7917A8E6 ft=1 fh=3eb633822d9ca983 vn="Win32/InstallMate application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\VaudiX.exe"
sh=13C8AD18369E96563F4BC35DF2434A0C6789183A ft=1 fh=43d93b51d192a44e vn="Win32/InstallCore.BL application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\Win7Themes_Downloader.exe"
sh=58C506D93FA108D2279F0801E3F1CD5C7AB36981 ft=1 fh=3c9d3175fad0644b vn="a variant of Win32/Bundled.Toolbar.Ask.D application (cleaned by deleting - quarantined)" ac=C fn="E:\downloads\YTDSetup.exe"
sh=46152E8B96EC309AECCD04299883E3205C07C5D8 ft=1 fh=996a4477da497580 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\bsplayer264.1073.exe"
sh=9A76769B0126D3A178AA86C473F4F2C5F61026CD ft=1 fh=8f053d67efaefc45 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\bsplayer265.1074.exe"
sh=BDB9ADCC6484A7C83FC1BA9C12F8501E1B469F87 ft=1 fh=61b8c62aa949cace vn="probably a variant of Win32/CNETInstaller.A application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\cbsidlm-cbsi109-Download_App-BP-75864009.exe"
sh=DF5019B4B4924376CA516089B75F414DD48453DA ft=1 fh=12e7a6e367cdf50a vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\cbsidlm-tr1_12-Free_Calculator-ORG-10584035.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361(1).exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\cbsidlm-tr1_13-FLV_to_MP3_Free_Converter-ORG-75099361.exe"
sh=28E67E6EA921565911E9B9F4BF90CAD8A0AC299C ft=1 fh=feb46369975befe0 vn="a variant of Win32/DownloadSponsor.A application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\ChromeSetup-Beta24.0.1312.35.exe.exe"
sh=3BAD958AFF83639C6F0DEB7A267CBEA2FB2DE5D3 ft=1 fh=31688d33f6a5f2ac vn="Win32/InstallMonetizer.AF application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\FLV_to_AVI_WMV_MPEG_Free_Converter_setup.exe"
sh=79ABA7277F4AE7FA9E301AE0AC5A96BFE0D84952 ft=1 fh=31688d33e4645ae1 vn="Win32/InstallMonetizer.AF application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\FLV_to_MP3_Free_Converter_setup.exe"
sh=06DE00BE71145BB1CE4B82B9CE2FDB42448F49B1 ft=1 fh=3d118bb36a8762d4 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\FreeAudioConverter.exe"
sh=3C643A7D85CB3A32419F89E7ADDA4259CAA04381 ft=1 fh=ec511b9d97c77884 vn="a variant of Win32/Bundled.Toolbar.Ask.D application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\freeripmp3-setup.exe"
sh=74652BB55B35EAF701B7776753E34D36835EEC6E ft=1 fh=6b672c3a89b6e08f vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\FreeYouTubeToMP3Converter.exe"
sh=214261C280970C9BDF60A9D558D7191F895822B4 ft=1 fh=667488c410edc435 vn="Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\jZSetup-r169-n-bf.exe"
sh=30A08D4920D67CCC06675859BF1CF07631911975 ft=1 fh=09524b5cc39351ea vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\TubetillaSuperEz.exe"
sh=13C8AD18369E96563F4BC35DF2434A0C6789183A ft=1 fh=43d93b51d192a44e vn="Win32/InstallCore.BL application (cleaned by deleting - quarantined)" ac=C fn="E:\new downloads 28012013\Win7Themes_Downloader.exe"

Corrine · Aug 2, 2013

Hi, Peter.

Let's see if we can figure this out from a BitDefender log.

Please make sure you have updated to the latest definitions and run a deep scan with BitDefender. According to what I located at the BitDefender site, the following instructions are how to retrieve the latest deep system scan log:

- Open Bitdefender and click the "View Logs" link on the lower right; Click the "Antivirus" tab on the left;
- In the "On-demand tasks" list (the one on the bottom) look for the latest (closest to the top) entry that reads "Deep System Scan" under the "Task Name" column and "Scan Finished" under the "Action name";
- Double-click this entry and click the "View Scan Log" button at the bottom of the window that just popped up;
- A browser window will open displaying the scan report;
- If need be, save the file as a .txt file and copy paste it in your next reply.

Ajalon · Aug 4, 2013

Corrine said:
Hi, Peter.

Let's see if we can figure this out from a BitDefender log.

Please make sure you have updated to the latest definitions and run a deep scan with BitDefender. According to what I located at the BitDefender site, the following instructions are how to retrieve the latest deep system scan log:

- Open Bitdefender and click the "View Logs" link on the lower right; Click the "Antivirus" tab on the left;
- In the "On-demand tasks" list (the one on the bottom) look for the latest (closest to the top) entry that reads "Deep System Scan" under the "Task Name" column and "Scan Finished" under the "Action name";
- Double-click this entry and click the "View Scan Log" button at the bottom of the window that just popped up;
- A browser window will open displaying the scan report;
- If need be, save the file as a .txt file and copy paste it in your next reply.

Hi Corrine,
I am so sorry I did not get a chance to reply sooner. What has happened is that last week when I turned on my laptop, I usually have a password to log on
and for some reason my keyboard in my laptop refused to work, and I just could not log on. So what I did was that I formatted my 'c' drive and I am putting all the software's and programs and what not back into this laptop again, long process--- and in the middle of all this I have got terribly sick with flu and all that, maybe the pc virus got upset and got on to me, but recovering slowly. Corrine you have been very patient and I have never come cross anyone who doesn't give up that easily like you. I guess we can close this post? I don't know where you are but if you are in Australia I'd like to invite you for dinner with my wife and family. Thank you very much for all your help and if anything like this happens again I'll talk to you again maybe?

Kind regards

Peter

Corrine · Aug 5, 2013

Hi, Peter.

I am so sorry to hear that darn bug migrated to you from your laptop. Seriously, I hope you are on the road to recovery.

It was a pleasure working with you, Peter. If you run into any issues after formatting your computer, we're here to help!

With formatting your computer, be sure to get all the security updates installed. Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".

Search

Search

possible virus

Ajalon

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Ajalon

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Ajalon

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Ajalon

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Ajalon

Contributor

Ajalon

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Ajalon

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Ajalon

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Ajalon

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

possible virus

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst