Jump to content

DDS and Combofix stall


paynor

Recommended Posts

Hello,

On old laptop with Win7 SP1 32 bit), all MS windows update secu patches applied, AVGFree AV, recently started having problems with occasional freezes of about 10 seconds duration (on whatever application was running, MS Word, browser....). High level of CPU activity for the duration of the freeze. No obvious malware, nothing strange in process monitor. AVGFree does not report any problem, and completes a complete scan with no problems.

Ran MWBytes with latest definitions, found 2 items, hiding in non system-critical files:
- Trojan.ransom.gen
- Backdoor.IRCBot.FB
Removed these using MWBytes.

Uninstalled AVG Free, using AppRemover.

Rebooted.

Ran MWBytes antirootkit (mbam 10.07.0.1008, with DB v2013.12.25.03.
Nothing found.

Ran Kasperski antirootkit, tdsskiller.
Found compromised sptd.service. Quarantined (I can reinstall the software).

rebooted.

Tried running Combofix. It stalls just after letting you know that the scan can take over 10 minutes. Does not get to showing scan stages. No clock change. Waited one hour and no change. ALT CNTL DEL disabled (by malware?) when Combofix run. Hard reboot needed to go anywhere. Tdsskiller scan was clean when run a second time.

Tried running DDS, it stalls too with the progress bar at about 3/4 and "Please wait..." No log file generated. ALT CNTL DEL non-responsive.

Hard-rebootted, then I ran ASWMBR. Scan was clean.

 

Ran HijackThis scan. Log file pasted below ASWMBR log.

Laptop has Linux installed as well, Linux bootloader. See ASWMBR scan log (clean) for details.

Win7 still boots, runs and has network access, so far the only tools that refuse to execute correctly are DDS and Combofix.
Suggestions anyone? Thanks!

////// ASWMBR SCAN LOG //////////////////////////

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-25 09:35:53
-----------------------------
09:35:53.678 OS Version: Windows 6.1.7601 Service Pack 1
09:35:53.678 Number of processors: 1 586 0xD06
09:35:53.688 ComputerName: T42-WIN7 UserName: T42-Win7
09:35:54.349 Initialize success
09:51:13.186 AVAST engine defs: 13122500
10:09:31.285 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:09:31.295 Disk 0 Vendor: SAMSUNG_HM160HC LQ100-10 Size: 152627MB BusType: 3
10:09:31.425 Disk 0 MBR read successfully
10:09:31.445 Disk 0 MBR scan
10:09:31.465 Disk 0 unknown MBR code
10:09:31.475 Disk 0 Partition 1 00 17 Hidd HPFS/NTFS 219 MB offset 63
10:09:31.495 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 60466 MB offset 453600
10:09:31.525 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 81000 MB offset 124291440
10:09:31.545 Disk 0 Partition - 00 05 Extended 10936 MB offset 290183101
10:09:31.575 Disk 0 Partition 4 00 82 Linux swap 2034 MB offset 290183103
10:09:31.595 Disk 0 Partition - 00 05 Extended 8902 MB offset 294349104
10:09:31.645 Disk 0 scanning sectors +312581808
10:09:31.676 Disk 0 scanning C:\Windows\system32\drivers
10:09:52.736 Service scanning
10:10:36.819 Modules scanning
10:10:46.824 Disk 0 trace - called modules:
10:10:46.854 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
10:10:46.874 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e624c8]
10:10:46.894 3 CLASSPNP.SYS[8aeab59e] -> nt!IofCallDriver -> [0x860c3608]
10:10:46.914 5 ACPI.sys[8a6273d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x860bf610]
10:10:47.294 AVAST engine scan C:\Windows
10:10:51.911 AVAST engine scan C:\Windows\system32
10:16:38.956 AVAST engine scan C:\Windows\system32\drivers
10:17:14.527 AVAST engine scan C:\Users\T42-Win7
10:23:59.670 AVAST engine scan C:\ProgramData
10:26:10.008 Scan finished successfully
10:49:09.632 Disk 0 MBR has been saved successfully to "C:\Users\T42-Win7\Desktop\MBR.dat"
10:49:09.652 The log file has been saved successfully to "C:\Users\T42-Win7\Desktop\aswMBR.txt"

 

///////////////////////////////////////////////////////////////////////////////////

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:07:49, on 25/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16750)

FIREFOX: 26.0 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Druide\Antidote 8\Programmes32\AgentAntidote.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\GoldenDict\GoldenDict.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
D:\downloads\HijackThis(2).exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Astroburn Toolbar - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files\Astroburn Toolbar\ABToolbar.dll (file missing)
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AgentAntidote32] "C:\Program Files\Druide\Antidote 8\Programmes32\AgentAntidote.exe" /LancementSession
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [One.com] C:\Program Files\OnecomCloudDrive\Dlls\AppLauncher.exe
O4 - HKCU\..\Run: [GoldenDict] "C:\Program Files\GoldenDict\GoldenDict.exe"
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0913b] C:\Users\T42-Win7\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 3b65b9b60f3d9a991f302eeef2ae2aa0-3d18f4ad89fcddc54426870831530db41067c46f --CMPID 0913b
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote 8\Texteurs\Internet Explorer\Antidote.InternetExplorer.K.P109.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote 8\Texteurs\Internet Explorer\Antidote.InternetExplorer.D.P109.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote 8\Texteurs\Internet Explorer\Antidote.InternetExplorer.G.P109.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics






O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CVSNT (CVS) - GNU - C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvsservice.exe
O23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvslock.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: DisplayFusionService - Unknown owner - C:\Program Files\DisplayFusion\DisplayFusionService.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

--
End of file - 9457 bytes

Link to post
Share on other sites

  • Staff

Hello paynor

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Hello Gringo,

 

Thanks for you instructions and offer of help.

I posted the same problem on the AfterDawn forum a few days ago, and am currently following their suggestions. So I will continue with them unless we cannot get any further, to avoid confusion. If possible, please do not close this thread yet, as I may get back to you if no joy from the AfterDawn help. I will post here in a few days time to close the thread if their suggestions have solved the problem.

 

Paynor

Link to post
Share on other sites

Thanks for reopening the thread, we reached a dead end on the other forum without resolving this.

Combofix and DDS still stall after a burst of HD activity, and ALT CTL DEL disabled when Combofix is run. Hard reboot needed to proceed.

Otherwise, there are no apparent functional problems, Windows appears to boot normally, network interface works, no unknown toolbars, no popups etc.

AVG Free is completely uninstalled, apart from a remnant xml Firefox plugin avgigeard.xml, which appears to have an embedded png image (?). This plugin cannot be deleted by JRT (see log below).

Note that the TeamViewer installation is legit, as are the trusted sites in the .dk realm.

 

Here is the output of ADWCleaner and JRT, as requested by Gringo. Following the advice on the other forum, I also ran RogueKiller and SecurityCheck, and I can post the output of these 2 tools if requested.

From here through to resolution, I will only do as requested on this forum.

 

# AdwCleaner v3.016 - Report created 29/12/2013 at 19:25:04
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : T42-Win7 - T42-WIN7
# Running from : C:\Users\T42-Win7\Desktop\tools\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\uTorrentBar
Folder Deleted : C:\Users\T42-Win7\AppData\Local\Conduit
Folder Deleted : C:\Users\T42-Win7\AppData\Local\PackageAware
Folder Deleted : C:\Users\T42-Win7\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\T42-Win7\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\T42-Win7\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\T42-Win7\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
[!] Folder Deleted : C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
File Deleted : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\.autoreg
File Deleted : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\invalidprefs.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEB45705-DCFC-4177-A361-0A354C6E5F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B898549-3D42-4654-8395-D7702E4BC8F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\prefs.js ]

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaulturlsearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14149");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 7);
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "63C3DB4244ACA58CECD4896649BBD9DC");
Line Deleted : user_pref("extensions.BabylonToolbar.id", "552c792100000000000000fff05b7387");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15962");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "na");
Line Deleted : user_pref("extensions.BabylonToolbar.lastActv", "7");
Line Deleted : user_pref("extensions.BabylonToolbar.lastBsearch.babylon.com/home");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 7);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.24.616:29:05");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"74\",\"lastVrsn\":\"74\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "czb");
Line Deleted : user_pref("extensions.BabylonToolbar.sid", "eb976fb385f640a8aaf304b16d9dc761");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrlsearch.babylon.com/?babsrc=TB_def&mntrId=552c792100000000000000fff05b7387&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.617:20:30");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "");
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,avg@igeared:6.103.018.00[...]
Line Deleted : user_pref("extensions.proxytool.referers", "www.google.com,google.com,smallseotools.com,yahoo.com,bing.com,ask.com,currate.com,facebook.com,twitter.com,craigslist.org");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10291 octets] - [29/12/2013 19:22:39]
AdwCleaner[s0].txt - [10366 octets] - [29/12/2013 19:25:04]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10427 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by T42-Win7 on 29/12/2013 at 19:37:06.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\runtask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\runtask_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [File] C:\Users\T42-Win7\AppData\Roaming\mozilla\firefox\profiles\q7kao55z.default\searchplugins\absearch-search.xml
Successfully deleted the following from C:\Users\T42-Win7\AppData\Roaming\mozilla\firefox\profiles\q7kao55z.default\prefs.js

user_pref("browser.startup.homepage");
Emptied folder: C:\Users\T42-Win7\AppData\Roaming\mozilla\firefox\profiles\q7kao55z.default\minidumps [294 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/12/2013 at 19:43:43.62
Computer was rebooted
End of JRT log

Link to post
Share on other sites

  • Staff

Hello paynor

I would like you to try this to see if combofix will run

combofix

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok
copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

Hi Gringo,

Here goes, ComboFix ran OK as admin with that switch. Here is the output:

 

ComboFix 14-01-01.01 - T42-Win7 01/01/2014  21:17:50.1.1 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2047.979 [GMT -5:00]
Running from: c:\users\T42-Win7\Desktop\ComboFix.exe
Command switches used :: /nombr
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ComboFix.exe
c:\combofix.exe\023.dat
c:\combofix.exe\023v.dat
c:\combofix.exe\023w7.dat
c:\combofix.exe\3r
c:\combofix.exe\ActiveDrv.vbs
c:\combofix.exe\AppData.folder.dat
c:\combofix.exe\appinit.bad
c:\combofix.exe\asp.str
c:\combofix.exe\Assoc.cmd
c:\combofix.exe\attr.dat
c:\combofix.exe\ATTRIB.3XE
c:\combofix.exe\autorun_inf.dat
c:\combofix.exe\autorun_infB.dat
c:\combofix.exe\av.cmd
c:\combofix.exe\av.vbs
c:\combofix.exe\AWF.cmd
c:\combofix.exe\badclsid
c:\combofix.exe\BFE.dat
c:\combofix.exe\Boot-Rk.cmd
c:\combofix.exe\Boot.bat
c:\combofix.exe\BootDrv.vbs
c:\combofix.exe\borlander_file.dat
c:\combofix.exe\borlander_folder.dat
c:\combofix.exe\c.bat
c:\combofix.exe\c.mrk
c:\combofix.exe\Cache.folder.dat
c:\combofix.exe\Catch-sub.cmd
c:\combofix.exe\catchme.3XE
c:\combofix.exe\Catchme.tmp
c:\combofix.exe\CCS.bat
c:\combofix.exe\CF-Script.cmd
c:\combofix.exe\CF5951.3XE
c:\combofix.exe\cfdummy
c:\combofix.exe\Cfiles.dat
c:\combofix.exe\Cfolders.dat
c:\combofix.exe\CfReboot.dat
c:\combofix.exe\CHCP.bat
c:\combofix.exe\ClistB.dat
c:\combofix.exe\clsid.c
c:\combofix.exe\clsid.dat
c:\combofix.exe\clsid.hiv
c:\combofix.exe\Combobatch.bat
c:\combofix.exe\ComboFix-Download.3XE
c:\combofix.exe\ConEnv.sed
c:\combofix.exe\Cookies.folder.dat
c:\combofix.exe\Create.cmd
c:\combofix.exe\Creg.dat
c:\combofix.exe\CregC.cmd
c:\combofix.exe\CregC.dat
c:\combofix.exe\CregC_.dat
c:\combofix.exe\CSCRIPT.3XE
c:\combofix.exe\d-del_A.dat
c:\combofix.exe\d-delA.dat
c:\combofix.exe\dd.3XE
c:\combofix.exe\ddsDo.sed
c:\combofix.exe\DelClsid.bat
c:\combofix.exe\DelClsid64.bat
c:\combofix.exe\Desktop.folder.dat
c:\combofix.exe\desktop.ini
c:\combofix.exe\DisclaimED.dat
c:\combofix.exe\dll_whitelist.dat
c:\combofix.exe\dnd.dat
c:\combofix.exe\DPF.str
c:\combofix.exe\Drive.folder.dat
c:\combofix.exe\DriveFile.dat
c:\combofix.exe\Drives.dat
c:\combofix.exe\DrvRun.vbs
c:\combofix.exe\dumphive.3XE
c:\combofix.exe\embedded.sed
c:\combofix.exe\en-GB\ATTRIB.3XE.mui
c:\combofix.exe\en-GB\CF5951.3XE.mui
c:\combofix.exe\en-GB\CMD.3XE.mui
c:\combofix.exe\en-GB\CSCRIPT.3XE.mui
c:\combofix.exe\en-GB\PING.3XE.mui
c:\combofix.exe\en-GB\REGT.3XE.mui
c:\combofix.exe\en-GB\ROUTE.3XE.mui
c:\combofix.exe\en-US\ATTRIB.3XE.mui
c:\combofix.exe\en-US\CF5951.3XE.mui
c:\combofix.exe\en-US\cmd.3XE.mui
c:\combofix.exe\en-US\CSCRIPT.3XE.mui
c:\combofix.exe\en-US\iexplore.exe
c:\combofix.exe\en-US\PING.3XE.mui
c:\combofix.exe\en-US\REGT.3XE.mui
c:\combofix.exe\en-US\ROUTE.3XE.mui
c:\combofix.exe\Env.sed
c:\combofix.exe\ERDNT.e_e
c:\combofix.exe\ERDNTDOS.LOC
c:\combofix.exe\ERDNTWIN.LOC
c:\combofix.exe\ERUNT.3XE
c:\combofix.exe\erunt.dat
c:\combofix.exe\ERUNT.LOC
c:\combofix.exe\Exe.reg
c:\combofix.exe\extract.3XE
c:\combofix.exe\f_system
c:\combofix.exe\Favorites.folder.dat
c:\combofix.exe\FD-SV.cmd
c:\combofix.exe\FdsvOK
c:\combofix.exe\ffdefstr.dll
c:\combofix.exe\ffext.pif
c:\combofix.exe\FileKill.3XE
c:\combofix.exe\files.pif
c:\combofix.exe\Fin.dat
c:\combofix.exe\FIND3M.bat
c:\combofix.exe\FIXLSP.bat
c:\combofix.exe\FIXLSP64.cmd
c:\combofix.exe\FKMGen.cmd
c:\combofix.exe\ForeignWht
c:\combofix.exe\GetHive.cmd
c:\combofix.exe\GOLDUN.DAT
c:\combofix.exe\grep.3XE
c:\combofix.exe\gsar.3XE
c:\combofix.exe\handle.3XE
c:\combofix.exe\hidec.3XE
c:\combofix.exe\history.bat
c:\combofix.exe\History.folder.dat
c:\combofix.exe\iexplore.exe
c:\combofix.exe\image001.gif
c:\combofix.exe\Imefile.dat
c:\combofix.exe\iphlpsvc.vista.dat
c:\combofix.exe\iphlpsvc.w7.dat
c:\combofix.exe\iphlpsvc.w8.dat
c:\combofix.exe\katch.cmd
c:\combofix.exe\katchNT-OS
c:\combofix.exe\KiLLNot
c:\combofix.exe\kmd.dat
c:\combofix.exe\KNetSvcs.vbs
c:\combofix.exe\Lang.bat
c:\combofix.exe\List-B.bat
c:\combofix.exe\List-C.bat
c:\combofix.exe\lnkread.vbs
c:\combofix.exe\LocalAppData.folder.dat
c:\combofix.exe\LocalService.dat
c:\combofix.exe\LocalServiceNetworkRestricted.dat
c:\combofix.exe\LocalSettings.folder.dat
c:\combofix.exe\LocalSystemNetworkRestricted.dat
c:\combofix.exe\mbr.3XE
c:\combofix.exe\mbr.chk
c:\combofix.exe\md5sum.pif
c:\combofix.exe\MDWht.dat
c:\combofix.exe\MoveIt.bat
c:\combofix.exe\MpsSvc.dat
c:\combofix.exe\mtee.3XE
c:\combofix.exe\MUI
c:\combofix.exe\Music.folder.dat
c:\combofix.exe\MWindows.dat
c:\combofix.exe\mynul.dat
c:\combofix.exe\MZChanged.dat
c:\combofix.exe\N_\12950
c:\combofix.exe\N_\15155
c:\combofix.exe\N_\16696
c:\combofix.exe\N_\17703
c:\combofix.exe\N_\20107
c:\combofix.exe\N_\21843
c:\combofix.exe\N_\23470
c:\combofix.exe\N_\24647
c:\combofix.exe\N_\28493
c:\combofix.exe\N_\28582
c:\combofix.exe\N_\28816
c:\combofix.exe\N_\28895
c:\combofix.exe\N_\28936
c:\combofix.exe\N_\29044
c:\combofix.exe\N_\30627
c:\combofix.exe\N_\31833
c:\combofix.exe\N_\32335
c:\combofix.exe\N_\4914
c:\combofix.exe\N_\6638
c:\combofix.exe\N_\7092
c:\combofix.exe\N_\7412
c:\combofix.exe\N_\7938
c:\combofix.exe\N_\7992
c:\combofix.exe\N_\cfdummy00
c:\combofix.exe\N_\CmdLine00
c:\combofix.exe\ncmd.com
c:\combofix.exe\ND_.bat
c:\combofix.exe\ND_64.bat
c:\combofix.exe\ND_NTOS00
c:\combofix.exe\ndis_combofix.dat
c:\combofix.exe\NetHood.folder.dat
c:\combofix.exe\netsvc.bad.dat
c:\combofix.exe\netsvc.dat
c:\combofix.exe\NetworkService.dat
c:\combofix.exe\NirCmd.3XE
c:\combofix.exe\NircmdB.exe
c:\combofix.exe\NirCmdC.3XE
c:\combofix.exe\NIRKMD.3XE
c:\combofix.exe\NlsLanguageDefault
c:\combofix.exe\notifykeys.dat
c:\combofix.exe\notifykeysB.dat
c:\combofix.exe\NT-OS.cmd
c:\combofix.exe\NULL
c:\combofix.exe\OsId.txt
c:\combofix.exe\OSid.vbs
c:\combofix.exe\pausep.3XE
c:\combofix.exe\pend.txt
c:\combofix.exe\Personal.folder.dat
c:\combofix.exe\pev.3XE
c:\combofix.exe\PEV.exe
c:\combofix.exe\pevb.3XE
c:\combofix.exe\Pictures.folder.dat
c:\combofix.exe\PING.3XE
c:\combofix.exe\Policies.dat
c:\combofix.exe\powp.dat
c:\combofix.exe\PreDIR
c:\combofix.exe\Prep.inf
c:\combofix.exe\PrintHood.folder.dat
c:\combofix.exe\Profiles.Folder.dat
c:\combofix.exe\Profiles.Folder.folder.dat
c:\combofix.exe\progfile.dat
c:\combofix.exe\Programs.folder.dat
c:\combofix.exe\Purity.dat
c:\combofix.exe\PV.3XE
c:\combofix.exe\pv.com
c:\combofix.exe\rar_sfx.cmd
c:\combofix.exe\RCLink.dat
c:\combofix.exe\RcVer00
c:\combofix.exe\Recent.folder.dat
c:\combofix.exe\REGDACL.sed
c:\combofix.exe\RegDo.sed
c:\combofix.exe\region.dat
c:\combofix.exe\RegScan.cmd
c:\combofix.exe\RegScan64.cmd
c:\combofix.exe\REGT.3XE
c:\combofix.exe\Resident.txt
c:\combofix.exe\restore_pt.dat
c:\combofix.exe\restore_pt.vbs
c:\combofix.exe\Rkey.cmd
c:\combofix.exe\rmbr.3XE
c:\combofix.exe\rogues.dat
c:\combofix.exe\ROUTE.3XE
c:\combofix.exe\run.sed
c:\combofix.exe\run2.sed
c:\combofix.exe\Rust.str
c:\combofix.exe\s0rt.3XE
c:\combofix.exe\safeboot.dat
c:\combofix.exe\safeboot.def.dat
c:\combofix.exe\sed.3XE
c:\combofix.exe\SendTo.folder.dat
c:\combofix.exe\SetEnvmt.bat
c:\combofix.exe\setpath.3XE
c:\combofix.exe\SetPath.bat
c:\combofix.exe\setpath_N.cmd
c:\combofix.exe\SF.exe
c:\combofix.exe\sfx.cmd
c:\combofix.exe\ShAccess.dat
c:\combofix.exe\SnapShot.cmd
c:\combofix.exe\sqlite3.3XE
c:\combofix.exe\SRestore.cmd
c:\combofix.exe\srizbi.md5
c:\combofix.exe\Start_dat
c:\combofix.exe\StartMenu.folder.dat
c:\combofix.exe\StartUp.folder.dat
c:\combofix.exe\SuppScan.cmd
c:\combofix.exe\svc_wht.dat
c:\combofix.exe\SvcDrv.vbs
c:\combofix.exe\svchost.dat
c:\combofix.exe\swreg.3XE
c:\combofix.exe\swsc.3XE
c:\combofix.exe\swxcacls.3XE
c:\combofix.exe\SysPath.dat
c:\combofix.exe\system_ini.dat
c:\combofix.exe\T42-Win7.user.cf
c:\combofix.exe\tail.3XE
c:\combofix.exe\Temp.dat
c:\combofix.exe\temp00
c:\combofix.exe\Templates.folder.dat
c:\combofix.exe\toolbar.sed
c:\combofix.exe\unhand.dat
c:\combofix.exe\Update-CF.cmd
c:\combofix.exe\v_wht.dat
c:\combofix.exe\VBR.pif
c:\combofix.exe\VerCF.bat
c:\combofix.exe\VikPev00
c:\combofix.exe\Vikpev01
c:\combofix.exe\VInfo
c:\combofix.exe\VInfo2
c:\combofix.exe\VINFO3
c:\combofix.exe\Vipev.dat
c:\combofix.exe\ViPev00
c:\combofix.exe\ViPev01
c:\combofix.exe\Vista.krl
c:\combofix.exe\vistaMcode.dat
c:\combofix.exe\vRun_DLL
c:\combofix.exe\vun.dat
c:\combofix.exe\vundonames.dat
c:\combofix.exe\VwinTemp.dacl
c:\combofix.exe\W7.mac
c:\combofix.exe\w7Mcode.dat
c:\combofix.exe\w7reg.dat
c:\combofix.exe\w8reg.dat
c:\combofix.exe\whiteAll.dat
c:\combofix.exe\whitedir.dat
c:\combofix.exe\whitedirCreated.dat
c:\combofix.exe\Wmi_rem.vbs
c:\combofix.exe\xpmcode.dat
c:\combofix.exe\XPSBoot.reg
c:\combofix.exe\zDomain.dat
c:\combofix.exe\zhsvc.dat
c:\combofix.exe\zip.3XE
c:\combofix.exe\Zlob01
c:\users\T42-Win7\AppData\Local\Temp\_av4_\aswCmnB.dll
c:\users\T42-Win7\AppData\Local\Temp\_av4_\aswCmnOS.dll
c:\users\T42-Win7\AppData\Local\Temp\_av4_\aswCmnS.dll
c:\users\T42-Win7\AppData\Local\Temp\_av4_\aswEngin.dll
c:\users\T42-Win7\AppData\Local\Temp\_av4_\aswScan.dll
c:\users\T42-Win7\AppData\Local\Temp\jrt\CHOICE.DAT
c:\users\T42-Win7\AppData\Local\Temp\jrt\CUT.DAT
c:\users\T42-Win7\AppData\Local\Temp\jrt\erunt\ERDNT.E_E
c:\users\T42-Win7\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
c:\users\T42-Win7\AppData\Local\Temp\jrt\NIRCMD.DAT
c:\users\T42-Win7\AppData\Local\Temp\jrt\SED.DAT
c:\users\T42-Win7\AppData\Local\Temp\jrt\SHORTCUT.DAT
c:\users\T42-Win7\AppData\Local\Temp\jrt\WGET.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsdB30B.tmp\MBR.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsdB30B.tmp\nsC1EA.tmp
c:\users\T42-Win7\AppData\Local\Temp\nsdB30B.tmp\nsExec.dll
c:\users\T42-Win7\AppData\Local\Temp\nsdB30B.tmp\PEV.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsdB30B.tmp\SED.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsdB30B.tmp\sqlite3.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsdB30B.tmp\System.dll
c:\users\T42-Win7\AppData\Local\Temp\nsdB30B.tmp\UserInfo.dll
c:\users\T42-Win7\AppData\Local\Temp\nsjB83.tmp\MBR.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsjB83.tmp\ns16B4.tmp
c:\users\T42-Win7\AppData\Local\Temp\nsjB83.tmp\nsExec.dll
c:\users\T42-Win7\AppData\Local\Temp\nsjB83.tmp\PEV.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsjB83.tmp\SED.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsjB83.tmp\sqlite3.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsjB83.tmp\System.dll
c:\users\T42-Win7\AppData\Local\Temp\nsjB83.tmp\UserInfo.dll
c:\users\T42-Win7\AppData\Local\Temp\nsn6555.tmp\MBR.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsn6555.tmp\ns7682.tmp
c:\users\T42-Win7\AppData\Local\Temp\nsn6555.tmp\nsExec.dll
c:\users\T42-Win7\AppData\Local\Temp\nsn6555.tmp\PEV.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsn6555.tmp\SED.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsn6555.tmp\sqlite3.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsn6555.tmp\System.dll
c:\users\T42-Win7\AppData\Local\Temp\nsn6555.tmp\UserInfo.dll
c:\users\T42-Win7\AppData\Local\Temp\nsu896E.tmp\MBR.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsu896E.tmp\ns99E7.tmp
c:\users\T42-Win7\AppData\Local\Temp\nsu896E.tmp\nsExec.dll
c:\users\T42-Win7\AppData\Local\Temp\nsu896E.tmp\PEV.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsu896E.tmp\SED.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsu896E.tmp\sqlite3.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsu896E.tmp\System.dll
c:\users\T42-Win7\AppData\Local\Temp\nsu896E.tmp\UserInfo.dll
c:\users\T42-Win7\AppData\Local\Temp\nsvA677.tmp\MBR.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsvA677.tmp\nsB902.tmp
c:\users\T42-Win7\AppData\Local\Temp\nsvA677.tmp\nsExec.dll
c:\users\T42-Win7\AppData\Local\Temp\nsvA677.tmp\PEV.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsvA677.tmp\SED.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsvA677.tmp\sqlite3.DAT
c:\users\T42-Win7\AppData\Local\Temp\nsvA677.tmp\System.dll
c:\users\T42-Win7\AppData\Local\Temp\nsvA677.tmp\UserInfo.dll
c:\users\T42-Win7\AppData\Local\Temp\nsz731D.tmp\ExecCmd.dll
c:\users\T42-Win7\AppData\Local\Temp\nsz731D.tmp\nsExec.dll
c:\users\T42-Win7\AppData\Local\Temp\nsz731D.tmp\NSISdl.dll
c:\users\T42-Win7\AppData\Local\Temp\nsz731D.tmp\System.dll
c:\users\T42-Win7\AppData\Local\Temp\nsz731D.tmp\UserInfo.dll
c:\users\T42-Win7\AppData\Local\Temp\RarSFX0\64bitProxy.exe
c:\users\T42-Win7\AppData\Local\Temp\RarSFX0\AppRemover_64.exe
c:\users\T42-Win7\AppData\Local\Temp\RarSFX0\AppRemover_API.dll
c:\users\T42-Win7\AppData\Local\Temp\RarSFX0\appRemoverCore.exe
c:\users\T42-Win7\AppData\Local\Temp\RarSFX0\CitrixMalwareScannerClnt.exe
c:\users\T42-Win7\AppData\Local\Temp\RarSFX0\mfc80u.dll
c:\users\T42-Win7\AppData\Local\Temp\RarSFX0\msvcp80.dll
c:\users\T42-Win7\AppData\Local\Temp\RarSFX0\msvcr80.dll
c:\users\T42-Win7\AppData\Local\Temp\RarSFX0\OesisDiagnose_V3.exe
c:\users\T42-Win7\AppData\Local\Temp\RarSFX2\SecurityCheck\Objlist.exe
c:\users\T42-Win7\AppData\Local\Temp\RarSFX2\SecurityCheck\Other\cmdinfo.exe
c:\users\T42-Win7\AppData\Local\Temp\RarSFX2\SecurityCheck\Other\nircmdc.exe
c:\users\T42-Win7\AppData\Local\Temp\RarSFX2\SecurityCheck\Other\sed.exe
c:\users\T42-Win7\AppData\Local\Temp\RarSFX2\SecurityCheck\Other\swreg.exe
c:\users\T42-Win7\AppData\Local\Temp\RarSFX2\SecurityCheck\runprocesses.exe
c:\users\T42-Win7\AppData\Local\Temp\RarSFX2\SecurityCheck\uninstalllist.exe
c:\users\T42-Win7\AppData\Local\Temp\Temp1_jap-gp338_r-3-00-00.zip\jap gp338 r 3,00,00\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-02 to 2014-01-02  )))))))))))))))))))))))))))))))
.
.
2014-01-02 02:35 . 2014-01-02 02:35    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2014-01-02 02:35 . 2014-01-02 02:35    --------    d-----w-    c:\users\DefaultAppPool\AppData\Local\temp
2014-01-02 02:35 . 2014-01-02 02:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-30 00:46 . 2013-12-30 00:46    26624    ----a-w-    c:\windows\system32\TrueSight.sys
2013-12-30 00:33 . 2013-12-30 00:33    --------    d-----w-    c:\windows\ERUNT
2013-12-30 00:21 . 2013-12-30 00:25    --------    d-----w-    C:\AdwCleaner
2013-12-27 02:45 . 2013-12-27 02:45    --------    d-----w-    c:\program files\ESET
2013-12-27 00:29 . 2013-12-27 00:29    --------    d-----w-    C:\FRST
2013-12-26 23:50 . 2013-12-26 23:43    1937144    ----a-w-    C:\rkill.exe.com
2013-12-26 21:02 . 2013-12-26 21:02    --------    d-----w-    c:\programdata\Sophos
2013-12-26 21:02 . 2013-12-26 21:02    73728    ----a-r-    c:\users\T42-Win7\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-12-26 21:02 . 2013-12-26 21:02    73728    ----a-r-    c:\users\T42-Win7\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-12-26 21:02 . 2013-12-26 21:02    73728    ----a-r-    c:\users\T42-Win7\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-12-26 21:02 . 2013-12-26 21:02    --------    d-----w-    c:\program files\Sophos
2013-12-26 20:05 . 2013-12-29 23:30    104664    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-26 20:05 . 2013-12-29 23:28    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-25 21:43 . 2013-12-16 06:54    7760024    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E727483C-0CC6-4F9D-8EA3-477543A5874A}\mpengine.dll
2013-12-25 00:06 . 2013-12-25 00:06    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-12-24 19:19 . 2013-12-29 23:54    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-15 03:30 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-15 03:30 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-15 03:30 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-15 03:30 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\system32\wscript.exe
2013-12-15 03:30 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\system32\cscript.exe
2013-12-15 03:30 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-15 03:29 . 2013-10-30 01:27    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-12-15 03:29 . 2013-10-04 01:49    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-15 03:29 . 2013-10-04 01:17    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-11 03:54 . 2013-12-12 12:35    --------    d-----w-    c:\program files\Mozilla Thunderbird
2013-12-07 16:42 . 2013-12-07 16:43    --------    d-----w-    c:\program files\Dell Printers
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-30 00:49 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcvousb.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcnmea.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    138264    ----a-w-    c:\windows\system32\drivers\zgdcnet3.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    138264    ----a-w-    c:\windows\system32\drivers\zgdcnet2.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    138264    ----a-w-    c:\windows\system32\drivers\zgdcnet.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcmdm.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcdiag.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcatext.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    17920    ----a-w-    c:\windows\system32\drivers\WSDPrint.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcat.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    16384    ----a-w-    c:\windows\system32\drivers\ws2ifsl.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    9728    ----a-w-    c:\windows\system32\drivers\wfplwf.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    35968    ----a-w-    c:\windows\system32\drivers\winusb.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    19008    ----a-w-    c:\windows\system32\drivers\wimmount.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    14912    ----a-w-    c:\windows\system32\drivers\wmilib.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    11264    ----a-w-    c:\windows\system32\drivers\wmiacpi.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    527064    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    35328    ----a-w-    c:\windows\system32\drivers\watchdog.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    19024    ----a-w-    c:\windows\system32\drivers\wd.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    11520    ----a-w-    c:\windows\system32\drivers\wdcsam.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    63488    ----a-w-    c:\windows\system32\drivers\wanarp.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    21632    ----a-w-    c:\windows\system32\drivers\wacompen.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    16168    ----a-w-    c:\windows\system32\drivers\wacmoumonitor.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    13736    ----a-w-    c:\windows\system32\drivers\wacomvhid.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    11312    ----a-w-    c:\windows\system32\drivers\wacommousefilter.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    14336    ----a-w-    c:\windows\system32\drivers\vwifimp.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    980992    ----a-w-    c:\windows\system32\drivers\VSTDPV3.SYS.bak
2013-12-30 00:49 . 2013-12-30 00:49    48128    ----a-w-    c:\windows\system32\drivers\vwififlt.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    242176    ----a-w-    c:\windows\system32\drivers\VSTICH3.SYS.bak
2013-12-30 00:49 . 2013-12-30 00:49    19968    ----a-w-    c:\windows\system32\drivers\vwifibus.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    661504    ----a-w-    c:\windows\system32\drivers\VSTCNXT3.SYS.bak
2013-12-30 00:49 . 2013-12-30 00:49    78336    ----a-w-    c:\windows\system32\drivers\vpcusb.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    245632    ----a-w-    c:\windows\system32\drivers\volsnap.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    172416    ----a-w-    c:\windows\system32\drivers\vpchbus.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    141904    ----a-w-    c:\windows\system32\drivers\vsmraid.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    297040    ----a-w-    c:\windows\system32\drivers\volmgrx.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    53120    ----a-w-    c:\windows\system32\drivers\volmgr.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    16976    ----a-w-    c:\windows\system32\drivers\viaide.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    111616    ----a-w-    c:\windows\system32\drivers\videoprt.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    52736    ----a-w-    c:\windows\system32\drivers\viac7.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    53328    ----a-w-    c:\windows\system32\drivers\VIAAGP.SYS.bak
2013-12-30 00:49 . 2013-12-30 00:49    26112    ----a-w-    c:\windows\system32\drivers\vgapnp.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    160128    ----a-w-    c:\windows\system32\drivers\vhdmp.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    25088    ----a-w-    c:\windows\system32\drivers\vga.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    94480    ----a-w-    c:\windows\system32\drivers\VBoxUSBMon.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    32832    ----a-w-    c:\windows\system32\drivers\vdrvroot.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    115984    ----a-w-    c:\windows\system32\drivers\VBoxNetFlt.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    104720    ----a-w-    c:\windows\system32\drivers\VBoxNetAdp.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    188176    ----a-w-    c:\windows\system32\drivers\VBoxDrv.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    76288    ----a-w-    c:\windows\system32\drivers\USBSTOR.SYS.bak
2013-12-30 00:49 . 2013-12-30 00:49    28160    ----a-w-    c:\windows\system32\drivers\usbser.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    146816    ----a-w-    c:\windows\system32\drivers\usbvideo.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    36352    ----a-w-    c:\windows\system32\drivers\usbscan.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    26112    ----a-w-    c:\windows\system32\drivers\usbrpm.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    19968    ----a-w-    c:\windows\system32\drivers\usbprint.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    75776    ----a-w-    c:\windows\system32\drivers\usbccgp.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    5888    ----a-w-    c:\windows\system32\drivers\usbd.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    42496    ----a-w-    c:\windows\system32\drivers\usbehci.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    25856    ----a-w-    c:\windows\system32\drivers\USBCAMD2.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    80896    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    43520    ----a-w-    c:\windows\system32\drivers\usbaapl.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    25856    ----a-w-    c:\windows\system32\drivers\USBCAMD.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    15872    ----a-w-    c:\windows\system32\drivers\usb8023x.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    8192    ----a-w-    c:\windows\system32\drivers\umpass.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    57424    ----a-w-    c:\windows\system32\drivers\ULIAGPKX.SYS.bak
2013-12-30 00:49 . 2013-12-30 00:49    55888    ----a-w-    c:\windows\system32\drivers\UAGP35.SYS.bak
2013-12-30 00:49 . 2013-12-30 00:49    39936    ----a-w-    c:\windows\system32\drivers\umbus.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    37772    ----a-w-    c:\windows\system32\drivers\ulink.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    246784    ----a-w-    c:\windows\system32\drivers\udfs.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    108544    ----a-w-    c:\windows\system32\drivers\tunnel.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    49664    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    49400    ----a-w-    c:\windows\system32\drivers\tosrfusb.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    31232    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    16384    ----a-w-    c:\windows\system32\drivers\TPPWR.SYS.bak
2013-12-30 00:49 . 2013-12-30 00:49    61168    ----a-w-    c:\windows\system32\drivers\TosRfSnd.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    79872    ----a-w-    c:\windows\system32\drivers\Tosrfhid.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    69480    ----a-w-    c:\windows\system32\drivers\tosrfcom.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    42472    ----a-w-    c:\windows\system32\drivers\tosrfbnp.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    21608    ----a-w-    c:\windows\system32\drivers\tosrfnds.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    169064    ----a-w-    c:\windows\system32\drivers\tosrfbd.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    46984    ----a-w-    c:\windows\system32\drivers\tosporte.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    9608    ----a-w-    c:\windows\system32\drivers\Toshidpt.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    74752    ----a-w-    c:\windows\system32\drivers\tdx.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    53120    ----a-w-    c:\windows\system32\drivers\termdd.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    25088    ----a-w-    c:\windows\system32\drivers\teamviewervpn.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    24576    ----a-w-    c:\windows\system32\drivers\tdtcp.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    21504    ----a-w-    c:\windows\system32\drivers\tdi.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    18432    ----a-w-    c:\windows\system32\drivers\tdpipe.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys.bak
2013-12-30 00:49 . 2013-12-30 00:49    24576    ----a-w-    c:\windows\system32\drivers\tape.sys.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_OneComOverlayIcon1]
@="{8EB87237-AF50-46D3-B170-435F51B6E158}"
[HKEY_CLASSES_ROOT\CLSID\{8EB87237-AF50-46D3-B170-435F51B6E158}]
2013-09-04 07:24    152576    ----a-w-    c:\program files\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_OneComOverlayIcon2]
@="{50C3B26A-0BAC-48A9-BA48-3E0FBE1E5275}"
[HKEY_CLASSES_ROOT\CLSID\{50C3B26A-0BAC-48A9-BA48-3E0FBE1E5275}]
2013-09-04 07:24    152576    ----a-w-    c:\program files\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_OneComOverlayIcon3]
@="{680C2705-E060-4AED-846C-40F1B1F253BD}"
[HKEY_CLASSES_ROOT\CLSID\{680C2705-E060-4AED-846C-40F1B1F253BD}]
2013-09-04 07:24    152576    ----a-w-    c:\program files\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\T42-Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\T42-Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\T42-Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\T42-Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"GoldenDict"="c:\program files\GoldenDict\GoldenDict.exe" [2010-12-04 2411520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-12-23 2321680]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2011-12-09 726912]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-19 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-19 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-19 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-19 208896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AgentAntidote32"="c:\program files\Druide\Antidote 8\Programmes32\AgentAntidote.exe" [2013-11-12 1144544]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44    500208    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2007-02-07 03:34    25088    ----a-w-    c:\windows\System32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyFace Agent]
2009-07-15 22:02    348160    ----a-w-    c:\program files\MSI\EasyFace Logon\KillAutoAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36    30040    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2009-05-05 20:06    222496    ----a-w-    c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 15:01    319488    ----a-w-    c:\windows\PixArt\PAC7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-12-09 21:01    606208    ----a-w-    c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCX4623_Scan2Pc]
2011-06-24 11:55    1990144    ----a-w-    c:\windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2013-05-28 218112]
R2 DisplayFusionService;DisplayFusionService;c:\program files\DisplayFusion\DisplayFusionService.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [2007-07-05 873472]
R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2011-03-02 53504]
R3 DSO20901;DSO-2090 USB DRIVER 1;c:\windows\system32\Drivers\Dso2090X861.sys [2010-01-26 24376]
R3 DSO20902;DSO-2090 USB DRIVER 2;c:\windows\system32\Drivers\DSO2090X862.SYS [2010-01-26 26160]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-12-25 102784]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-12-25 377856]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-12-25 95616]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [2010-02-09 23304]
R3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys [2011-08-30 15896]
R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [2010-02-09 167304]
R3 MCHPUSB;MCHPUSB;c:\windows\system32\DRIVERS\mchpusb.sys [2007-12-19 53760]
R3 MFE_RR;MFE_RR;c:\users\T42-Win7\AppData\Local\Temp\mfe_rr.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]
R3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2007-03-07 2595840]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 13704]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R4 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R4 DiafaanMessageServer;Diafaan SMS Server;c:\program files\Diafaan SMS Server\DiafaanMessageServer.exe [x]
R4 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-02-07 538096]
R4 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc32.exe [2011-12-09 213888]
R4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 CommSB96;CommSB96; [x]
S2 CommSBEP;CommSBEP; [x]
S2 CVS;CVSNT;c:\program files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvsservice.exe [2003-03-19 45056]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-12-25 76544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 20:48    1210320    ----a-w-    c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 03:25]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-30 12:17]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-30 12:17]
.
.
------- Supplementary Scan -------
.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: certifikat.dk
Trusted Zone: danid.dk
Trusted Zone: nets-danid.dk
Trusted Zone: virk.dk
Trusted Zone: certifikat.dk
Trusted Zone: danid.dk
Trusted Zone: nets-danid.dk
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - c:\program files\Astroburn Toolbar\ABToolbar.dll
HKCU-Run-One.com - c:\program files\OnecomCloudDrive\Dlls\AppLauncher.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-NPSStartup - (no file)
SafeBoot-60516638.sys
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-DLPSP - c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
MSConfigStartUp-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
AddRemove-17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382 - c:\progra~1\DIFX\B4723E9A0713E5B1\dpinst.exe
AddRemove-7-Zip - c:\program files\7-Zip\Uninstall.exe
AddRemove-72A50F48CC5601190B9C4E74D81161693133E7F7 - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-7E15D8A4-746B-4D44-8D59-93785F491A95_is1 - c:\program files\Dansk Standard\Unlock Document License\unins000.exe
AddRemove-Adobe Photoshop 7.0 - c:\program files\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-Artisteer 3 - c:\program files\Artisteer 3\bin\Uninstall.exe
AddRemove-ASF-AVI-RM-WMV Repair_is1 - c:\program files\ASF-AVI-RM-WMV Repair\unins000.exe
AddRemove-Astroburn Lite - c:\program files\Astroburn Lite\uninst.exe
AddRemove-Astroburn Toolbar - c:\program files\Astroburn Toolbar\uninst.exe
AddRemove-Audacity_is1 - c:\program files\Audacity\unins000.exe
AddRemove-AutoGK - c:\program files\AutoGK\uninst.exe
AddRemove-AviSynth - c:\program files\AviSynth 2.5\Uninstall.exe
AddRemove-AVS Update Manager_is1 - c:\program files\AVS4YOU\AVSUpdateManager\unins000.exe
AddRemove-AVS Video Editor_is1 - c:\program files\AVS4YOU\AVSVideoEditor\unins000.exe
AddRemove-AVS Video Recorder_is1 - c:\program files\AVS4YOU\AVSVideoRecorder\unins000.exe
AddRemove-AVS4YOU Software Navigator_is1 - c:\program files\AVS4YOU\AVSSoftwareNavigator\unins000.exe
AddRemove-AVS4YOU Video Converter 7_is1 - c:\program files\AVS4YOU\AVSVideoConverter\unins000.exe
AddRemove-CDex - c:\program files\CDex\uninstall.exe
AddRemove-DavMail - c:\program files\DavMail\uninst.exe
AddRemove-Dell Photo Printer 720 - c:\program files\Dell Photo Printer 720\Install\x86\Uninst.exe
AddRemove-Diafaan SMS Server - c:\program files\Diafaan SMS Server\Uninstall.exe
AddRemove-Digital Signatur - c:\programdata\{CB8DE68D-D0E2-426F-95C1-7BB8FB33AB2D}\csp.exe
AddRemove-DriverFinder - c:\program files\DriverFinder\uninstall.exe
AddRemove-DSO-2090 USB(Ver7.0.0.2) - c:\progra~1\DSO-20~1\UNWISE.EXE
AddRemove-dumeter3_is1 - c:\program files\DU Meter\unins000.exe
AddRemove-E0AC723A3DE3A04256288CADBBB011B112AED454 - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-Ear Test_is1 - c:\program files\Ear Test\unins000.exe
AddRemove-EaseUS Partition Recovery_is1 - c:\program files\EaseUS\EaseUS Partition Recovery 5.6.1\unins000.exe
AddRemove-EVEREST Ultimate Edition_is1 - c:\program files\Lavalys\EVEREST Ultimate Edition\unins000.exe
AddRemove-F9F51294-C0A2-4715-B7F7-A0BBF642C785_is1 - c:\program files\Home Audiometer\unins000.exe
AddRemove-FFmpeg for Audacity_is1 - c:\program files\Ffmpeg For Audacity\unins000.exe
AddRemove-GIMP-2_is1 - c:\program files\GIMP 2\uninst\unins000.exe
AddRemove-HaaliMkx - c:\program files\Haali\MatroskaSplitter\uninstall.exe
AddRemove-ImgBurn - c:\program files\ImgBurn\uninstall.exe
AddRemove-InfraRecorder - c:\program files\InfraRecorder\uninstall.exe
AddRemove-jEdit_is1 - c:\program files\jEdit\unins000.exe
AddRemove-LAME for Audacity_is1 - c:\program files\Lame For Audacity\unins000.exe
AddRemove-LatencyMon_is1 - c:\program files\LatencyMon\unins000.exe
AddRemove-LinuxLive USB Creator - c:\program files\LinuxLive USB Creator\Uninstall.exe
AddRemove-Lær førstehjælp - c:\progra~1\LAERFO~1\UNWISE.EXE
AddRemove-melabs Programmer Beta_is1 - c:\program files\melabs Programmer Beta\unins000.exe
AddRemove-MicroCode Studio (MCSX)_is1 - c:\program files\Mecanique\MCSX\unins000.exe
AddRemove-Mobile Partner - c:\program files\Mobile Partner\uninst.exe
AddRemove-MPE - c:\program files\MyPhoneExplorer\uninstall.exe
AddRemove-NemID CSP - c:\programdata\{DC46AB00-810C-407A-8BAD-E0186B34072A}\csp.exe
AddRemove-nLite_is1 - c:\program files\nLite\unins000.exe
AddRemove-Nokia PC Suite - c:\programdata\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Nokia_PC_Suite_ALL.exe
AddRemove-pdfFactory - c:\windows\system32\spool\DRIVERS\W32X86\2\fppinst2.exe
AddRemove-PICC 9.81 - c:\program files\HI-TECH Software\PICC\9.81\resources\setup.exe
AddRemove-Realterm - c:\program files\BEL\Realterm\uninst.exe
AddRemove-RealVNC_is1 - c:\program files\RealVNC\VNC4\unins000.exe
AddRemove-SanityCheck_is1 - c:\program files\SanityCheck\unins000.exe
AddRemove-SimEditor (UB01) - c:\program files\Kooner\SimEditor (UB01)\Uninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-Tunnelier - c:\program files\Bitvise Tunnelier\uninst.exe
AddRemove-visualCVS Client Version 4.02c_is1 - c:\program files\SC_TOOLS\visualCVS\unins000.exe
AddRemove-visualCVS Server Version 4.02c_is1 - c:\program files\SC_TOOLS\visualCVS_server\unins000.exe
AddRemove-VobSub - c:\program files\Gabest\VobSub\uninstall.exe
AddRemove-{0018DC60-E4CB-4884-81EC-52CF2BAF54EF}_is1 - c:\program files\MapWindow\unins000.exe
AddRemove-{482A01F8-A9C9-4DB6-84DE-265A2B763F20}_is1 - c:\program files\LogMeTT\unins000.exe
AddRemove-{5B2E111B-0DEC-46C3-A6FA-BB4E4D2F76EB}_is1 - c:\program files\Agrolog2500\unins000.exe
AddRemove-{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D} - c:\programdata\{DC46AB00-810C-407A-8BAD-E0186B34072A}\csp.exe
AddRemove-{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1 - c:\program files\FreeAlarmClock\unins000.exe
AddRemove-{A2E2BBFF-E26E-4889-B8BE-B7208B23E5C6}_is1 - c:\program files\ExpSuite\ITDSync\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
AddRemove-OnecomCloudDrive - c:\program files\OnecomCloudDrive\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bcserver]
"ImagePath"="c:\program files\Traffic Shaper XP Server\bcserver.service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"=hex:51,66,7a,6c,4c,1d,38,12,44,da,fd,
   eb,0f,ed,1d,0d,c5,99,71,fa,a3,6f,a1,59
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
   bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{551A852F-39A6-44A7-9C13-AFBEC9185A9D}"=hex:51,66,7a,6c,4c,1d,38,12,41,86,09,
   51,94,77,c9,01,e3,05,ec,fe,cc,46,1e,89
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:00,6b,b5,98,51,26,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-01  21:39:15
ComboFix-quarantined-files.txt  2014-01-02 02:39
.
Pre-Run: 15,510,372,352 bytes free
Post-Run: 15,618,412,544 bytes free
.
- - End Of File - - D1A409D79207EE2EBDFAC58A665393A5
5FB38429D5D77768867C76DCBDB35194
 

Link to post
Share on other sites

Hard to say yet, because have not yet reinstalled antivirus, in order to allow combofix to run, so have not used the computer much, especially not online!.

Will reinstall AV software and get back to you.

 

Does the switch used on combofix make it skip a scan of the MBR? and something non-standard on the MBR causes the stall?

Link to post
Share on other sites

AV software now reinstalled. The original symptom, the occasional 10 second long freezes with high CPU activity, seems to be gone.

Still concerned that there could be a very well hidden rootkit, though.

So limiting the use the machine to casual browsing

Link to post
Share on other sites

  • Staff

Hello paynor

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • •Internet access

    •Windows Update

    •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo

When you are complete please send me both reports

Gringo

Link to post
Share on other sites

Hello Gringo

 

Thanks for staying with this. MBAR ran with nothing found.

Roguekiller shows a yellow registry key with the value DisableRegistryTools

Here is the log:

 

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : T42-Win7 [Admin rights]
Mode : Scan -- Date : 01/09/2014 17:24:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM160HC ATA Device +++++
--- User ---
[MBR] fea3587ec07de1e327bca659278745cc
[bSP] dec26c570de3a1f3e1f2db83800e8158 : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 63 | Size: 219 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 453600 | Size: 60466 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 124291440 | Size: 81000 Mo
3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 290183101 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01092014_172445.txt >>
RKreport[0]_D_12292013_195219.txt;RKreport[0]_S_12292013_194938.txt

Link to post
Share on other sites

  • Staff

Hello paynor

That looks very good and most likely the disable was caused by one of the security programs

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::NOMBR:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

Hello again

 

Disabled Avast until next reboot to allow ComboFix, then ran Combofix with the script. Here is the log:

 

ComboFix 14-01-08.03 - T42-Win7 11/01/2014  11:37:47.2.1 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2047.1066 [GMT -5:00]
Running from: c:\users\T42-Win7\Desktop\ComboFix.exe
Command switches used :: c:\users\T42-Win7\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-11 to 2014-01-11  )))))))))))))))))))))))))))))))
.
.
2014-01-11 16:53 . 2014-01-11 16:53    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2014-01-11 16:53 . 2014-01-11 16:53    --------    d-----w-    c:\users\DefaultAppPool\AppData\Local\temp
2014-01-11 16:53 . 2014-01-11 16:53    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-04 23:31 . 2014-01-04 23:31    --------    d-----w-    c:\users\T42-Win7\AppData\Roaming\AVAST Software
2014-01-04 22:29 . 2014-01-05 10:29    64168    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-01-04 22:29 . 2014-01-04 22:28    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-04 22:29 . 2014-01-04 22:28    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-04 22:29 . 2014-01-04 22:28    410528    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-01-04 22:29 . 2014-01-04 22:28    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-04 22:29 . 2014-01-04 22:28    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-01-04 22:28 . 2014-01-04 22:28    79720    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-01-04 22:28 . 2014-01-04 22:28    270240    ----a-w-    c:\windows\system32\aswBoot.exe
2014-01-04 22:28 . 2014-01-04 22:28    43152    ----a-w-    c:\windows\avastSS.scr
2014-01-04 22:28 . 2014-01-04 22:28    --------    d-----w-    c:\program files\AVAST Software
2014-01-04 22:26 . 2014-01-04 22:26    --------    d-----w-    c:\programdata\AVAST Software
2013-12-30 00:33 . 2013-12-30 00:33    --------    d-----w-    c:\windows\ERUNT
2013-12-30 00:21 . 2013-12-30 00:25    --------    d-----w-    C:\AdwCleaner
2013-12-27 02:45 . 2013-12-27 02:45    --------    d-----w-    c:\program files\ESET
2013-12-27 00:29 . 2013-12-27 00:29    --------    d-----w-    C:\FRST
2013-12-26 23:50 . 2013-12-26 23:43    1937144    ----a-w-    C:\rkill.exe.com
2013-12-26 21:02 . 2013-12-26 21:02    --------    d-----w-    c:\programdata\Sophos
2013-12-26 21:02 . 2013-12-26 21:02    73728    ----a-r-    c:\users\T42-Win7\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-12-26 21:02 . 2013-12-26 21:02    73728    ----a-r-    c:\users\T42-Win7\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-12-26 21:02 . 2013-12-26 21:02    73728    ----a-r-    c:\users\T42-Win7\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-12-26 21:02 . 2013-12-26 21:02    --------    d-----w-    c:\program files\Sophos
2013-12-26 20:05 . 2014-01-09 21:36    104664    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-26 20:05 . 2014-01-09 21:23    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-25 21:43 . 2013-12-16 06:54    7760024    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E727483C-0CC6-4F9D-8EA3-477543A5874A}\mpengine.dll
2013-12-25 00:06 . 2013-12-25 00:06    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-12-24 19:19 . 2014-01-09 22:15    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-15 03:30 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-15 03:30 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-15 03:30 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-15 03:30 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\system32\wscript.exe
2013-12-15 03:30 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\system32\cscript.exe
2013-12-15 03:30 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-15 03:29 . 2013-10-30 01:27    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-12-15 03:29 . 2013-10-04 01:49    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-15 03:29 . 2013-10-04 01:17    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 22:24 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcvousb.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    138264    ----a-w-    c:\windows\system32\drivers\zgdcnet3.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    138264    ----a-w-    c:\windows\system32\drivers\zgdcnet2.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    138264    ----a-w-    c:\windows\system32\drivers\zgdcnet.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcnmea.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcmdm.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcdiag.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcatext.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    113168    ----a-w-    c:\windows\system32\drivers\zgdcat.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    17920    ----a-w-    c:\windows\system32\drivers\WSDPrint.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    9728    ----a-w-    c:\windows\system32\drivers\wfplwf.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    35968    ----a-w-    c:\windows\system32\drivers\winusb.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    19008    ----a-w-    c:\windows\system32\drivers\wimmount.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    16384    ----a-w-    c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    14912    ----a-w-    c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    11264    ----a-w-    c:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    527064    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    35328    ----a-w-    c:\windows\system32\drivers\watchdog.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    19024    ----a-w-    c:\windows\system32\drivers\wd.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    11520    ----a-w-    c:\windows\system32\drivers\wdcsam.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    63488    ----a-w-    c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    21632    ----a-w-    c:\windows\system32\drivers\wacompen.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    16168    ----a-w-    c:\windows\system32\drivers\wacmoumonitor.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    13736    ----a-w-    c:\windows\system32\drivers\wacomvhid.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    11312    ----a-w-    c:\windows\system32\drivers\wacommousefilter.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    48128    ----a-w-    c:\windows\system32\drivers\vwififlt.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    14336    ----a-w-    c:\windows\system32\drivers\vwifimp.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    980992    ----a-w-    c:\windows\system32\drivers\VSTDPV3.SYS.bak
2014-01-09 22:24 . 2013-12-30 00:49    242176    ----a-w-    c:\windows\system32\drivers\VSTICH3.SYS.bak
2014-01-09 22:24 . 2013-12-30 00:49    19968    ----a-w-    c:\windows\system32\drivers\vwifibus.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    661504    ----a-w-    c:\windows\system32\drivers\VSTCNXT3.SYS.bak
2014-01-09 22:24 . 2013-12-30 00:49    78336    ----a-w-    c:\windows\system32\drivers\vpcusb.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    245632    ----a-w-    c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    172416    ----a-w-    c:\windows\system32\drivers\vpchbus.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    141904    ----a-w-    c:\windows\system32\drivers\vsmraid.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    53120    ----a-w-    c:\windows\system32\drivers\volmgr.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    297040    ----a-w-    c:\windows\system32\drivers\volmgrx.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    16976    ----a-w-    c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    111616    ----a-w-    c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    53328    ----a-w-    c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 22:24 . 2013-12-30 00:49    52736    ----a-w-    c:\windows\system32\drivers\viac7.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    160128    ----a-w-    c:\windows\system32\drivers\vhdmp.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    26112    ----a-w-    c:\windows\system32\drivers\vgapnp.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    94480    ----a-w-    c:\windows\system32\drivers\VBoxUSBMon.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    32832    ----a-w-    c:\windows\system32\drivers\vdrvroot.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    25088    ----a-w-    c:\windows\system32\drivers\vga.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    115984    ----a-w-    c:\windows\system32\drivers\VBoxNetFlt.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    104720    ----a-w-    c:\windows\system32\drivers\VBoxNetAdp.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    188176    ----a-w-    c:\windows\system32\drivers\VBoxDrv.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    76288    ----a-w-    c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 22:24 . 2013-12-30 00:49    28160    ----a-w-    c:\windows\system32\drivers\usbser.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    146816    ----a-w-    c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    36352    ----a-w-    c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    26112    ----a-w-    c:\windows\system32\drivers\usbrpm.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    19968    ----a-w-    c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    5888    ----a-w-    c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    42496    ----a-w-    c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    75776    ----a-w-    c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    25856    ----a-w-    c:\windows\system32\drivers\USBCAMD2.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    80896    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    43520    ----a-w-    c:\windows\system32\drivers\usbaapl.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    25856    ----a-w-    c:\windows\system32\drivers\USBCAMD.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    15872    ----a-w-    c:\windows\system32\drivers\usb8023x.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    8192    ----a-w-    c:\windows\system32\drivers\umpass.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    57424    ----a-w-    c:\windows\system32\drivers\ULIAGPKX.SYS.bak
2014-01-09 22:24 . 2013-12-30 00:49    55888    ----a-w-    c:\windows\system32\drivers\UAGP35.SYS.bak
2014-01-09 22:24 . 2013-12-30 00:49    39936    ----a-w-    c:\windows\system32\drivers\umbus.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    37772    ----a-w-    c:\windows\system32\drivers\ulink.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    246784    ----a-w-    c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    49664    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    49400    ----a-w-    c:\windows\system32\drivers\tosrfusb.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    31232    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    16384    ----a-w-    c:\windows\system32\drivers\TPPWR.SYS.bak
2014-01-09 22:24 . 2013-12-30 00:49    108544    ----a-w-    c:\windows\system32\drivers\tunnel.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    61168    ----a-w-    c:\windows\system32\drivers\TosRfSnd.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    21608    ----a-w-    c:\windows\system32\drivers\tosrfnds.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    79872    ----a-w-    c:\windows\system32\drivers\Tosrfhid.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    69480    ----a-w-    c:\windows\system32\drivers\tosrfcom.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    42472    ----a-w-    c:\windows\system32\drivers\tosrfbnp.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    169064    ----a-w-    c:\windows\system32\drivers\tosrfbd.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    46984    ----a-w-    c:\windows\system32\drivers\tosporte.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    9608    ----a-w-    c:\windows\system32\drivers\Toshidpt.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    74752    ----a-w-    c:\windows\system32\drivers\tdx.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    53120    ----a-w-    c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    25088    ----a-w-    c:\windows\system32\drivers\teamviewervpn.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    24576    ----a-w-    c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    21504    ----a-w-    c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    18432    ----a-w-    c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 22:24 . 2013-12-30 00:49    309264    ----a-w-    c:\windows\system32\drivers\SynTP.sys.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-04 22:28    259464    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_OneComOverlayIcon1]
@="{8EB87237-AF50-46D3-B170-435F51B6E158}"
[HKEY_CLASSES_ROOT\CLSID\{8EB87237-AF50-46D3-B170-435F51B6E158}]
2013-09-04 07:24    152576    ----a-w-    c:\program files\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_OneComOverlayIcon2]
@="{50C3B26A-0BAC-48A9-BA48-3E0FBE1E5275}"
[HKEY_CLASSES_ROOT\CLSID\{50C3B26A-0BAC-48A9-BA48-3E0FBE1E5275}]
2013-09-04 07:24    152576    ----a-w-    c:\program files\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_OneComOverlayIcon3]
@="{680C2705-E060-4AED-846C-40F1B1F253BD}"
[HKEY_CLASSES_ROOT\CLSID\{680C2705-E060-4AED-846C-40F1B1F253BD}]
2013-09-04 07:24    152576    ----a-w-    c:\program files\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\T42-Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\T42-Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\T42-Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\T42-Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"GoldenDict"="c:\program files\GoldenDict\GoldenDict.exe" [2010-12-04 2411520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-12-23 2321680]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2011-12-09 726912]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-19 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-19 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-19 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-19 208896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AgentAntidote32"="c:\program files\Druide\Antidote 8\Programmes32\AgentAntidote.exe" [2013-11-12 1144544]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-04 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44    500208    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2007-02-07 03:34    25088    ----a-w-    c:\windows\System32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyFace Agent]
2009-07-15 22:02    348160    ----a-w-    c:\program files\MSI\EasyFace Logon\KillAutoAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36    30040    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2009-05-05 20:06    222496    ----a-w-    c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 15:01    319488    ----a-w-    c:\windows\PixArt\PAC7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-12-09 21:01    606208    ----a-w-    c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCX4623_Scan2Pc]
2011-06-24 11:55    1990144    ----a-w-    c:\windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2013-05-28 218112]
R2 DisplayFusionService;DisplayFusionService;c:\program files\DisplayFusion\DisplayFusionService.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-05 64168]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [2007-07-05 873472]
R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2011-03-02 53504]
R3 DSO20901;DSO-2090 USB DRIVER 1;c:\windows\system32\Drivers\Dso2090X861.sys [2010-01-26 24376]
R3 DSO20902;DSO-2090 USB DRIVER 2;c:\windows\system32\Drivers\DSO2090X862.SYS [2010-01-26 26160]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-12-25 102784]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-12-25 377856]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-12-25 95616]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [2010-02-09 23304]
R3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys [2011-08-30 15896]
R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [2010-02-09 167304]
R3 MCHPUSB;MCHPUSB;c:\windows\system32\DRIVERS\mchpusb.sys [2007-12-19 53760]
R3 MFE_RR;MFE_RR;c:\users\T42-Win7\AppData\Local\Temp\mfe_rr.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]
R3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2007-03-07 2595840]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 13704]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL32.sys [2012-07-22 22624]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity32.sys [2011-05-04 27192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-04 166912]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2011-09-28 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2011-09-28 61568]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys [2003-01-23 37772]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-11 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
R3 zgdcat;ZTE Datacard AT Port;c:\windows\system32\DRIVERS\zgdcat.sys [2011-08-30 113168]
R3 zgdcdiag;ZTE Datacard Diagnostics Port;c:\windows\system32\DRIVERS\zgdcdiag.sys [2011-08-30 113168]
R3 zgdcmdm;ZTE Datacard Modem;c:\windows\system32\DRIVERS\zgdcmdm.sys [2011-08-30 113168]
R3 zgdcnet;ZTE Datacard Network Adapter;c:\windows\system32\DRIVERS\zgdcnet.sys [2011-08-30 138264]
R3 zgdcnmea;ZTE Datacard NMEA Port;c:\windows\system32\DRIVERS\zgdcnmea.sys [2011-08-30 113168]
R4 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R4 DiafaanMessageServer;Diafaan SMS Server;c:\program files\Diafaan SMS Server\DiafaanMessageServer.exe [x]
R4 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-02-07 538096]
R4 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc32.exe [2011-12-09 213888]
R4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
R4 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2011-07-12 175104]
R4 sc_sysService;sc_sysService;c:\program files\SC_TOOLS\visualCVS_server\exec\windows\service\sc_sysService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
R4 Zain Broadband. RunOuc;Zain Broadband. OUC;c:\program files\Zain Broadband\UpdateDog\ouc.exe [2012-12-25 246112]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-03-29 20592]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-04 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-04 410528]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 TPPWR;TPPWR;c:\windows\system32\drivers\Tppwr.sys [2005-04-19 16384]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2013-07-04 188176]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2013-07-04 94480]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-04 67824]
S2 CommSB96;CommSB96; [x]
S2 CommSBEP;CommSBEP; [x]
S2 CVS;CVSNT;c:\program files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvsservice.exe [2003-03-19 45056]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-02-06 5120]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-11-24 4463400]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-12-25 76544]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-07-04 104720]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2013-07-04 115984]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWICH;VSTHWICH;c:\windows\system32\DRIVERS\VSTICH3.SYS [2009-07-13 242176]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWSP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-07 23:53    1211672    ----a-w-    c:\program files\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 03:25]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-30 12:17]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-30 12:17]
.
.
------- Supplementary Scan -------
.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: certifikat.dk
Trusted Zone: danid.dk
Trusted Zone: nets-danid.dk
Trusted Zone: virk.dk
Trusted Zone: certifikat.dk
Trusted Zone: danid.dk
Trusted Zone: nets-danid.dk
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bcserver]
"ImagePath"="c:\program files\Traffic Shaper XP Server\bcserver.service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"=hex:51,66,7a,6c,4c,1d,38,12,44,da,fd,
   eb,0f,ed,1d,0d,c5,99,71,fa,a3,6f,a1,59
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
   bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{551A852F-39A6-44A7-9C13-AFBEC9185A9D}"=hex:51,66,7a,6c,4c,1d,38,12,41,86,09,
   51,94,77,c9,01,e3,05,ec,fe,cc,46,1e,89
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:00,6b,b5,98,51,26,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3816)
c:\users\T42-Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
.
Completion time: 2014-01-11  11:58:16
ComboFix-quarantined-files.txt  2014-01-11 16:58
ComboFix2.txt  2014-01-02 02:39
.
Pre-Run: 12,612,583,424 bytes free
Post-Run: 12,544,544,768 bytes free
.
- - End Of File - - 47B665BE2BC8E8360ED54F1077459DBF
5FB38429D5D77768867C76DCBDB35194
 

Link to post
Share on other sites

  • Staff

Hello paynor

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.