kanoodle.com redirect (also, possible google redirect)

[darling]

Right now, I'm having a issue because, in Firefox, when I go to nbcnews.com I occasionally (maybe one out of five times) get redirected to kanoodle.com (with I guess an identifying string of numbers at the end). This also happens sometime if I happen to leave a tab open and nbcnews.com auto-refreshes. It only happens when going to that one site.

I also used to get occasional redirects from Google search results to one or more of the following:
bliss.com
scour.com
gethotresults.com

That hasn't happened in the last couple of weeks, so hopefully I fixed that problem and the two issues are unrelated. (Either that or I just haven't been doing much Googling)

I would greatly appreciate any insight into what is going on.



Log files as follows:


# AdwCleaner v2.009 - Logfile created 11/27/2012 at 20:58:36
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : NAMES - DESKY
# Boot Mode : Normal
# Running from : C:\Users\NAMES\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\NAMES\AppData\Roaming\Mozilla\Firefox\Profiles\3rbk7fra.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1472 octets] - [23/11/2012 21:44:03]
AdwCleaner[R2].txt - [1532 octets] - [23/11/2012 21:44:42]
AdwCleaner[R3].txt - [1254 octets] - [23/11/2012 21:56:17]
AdwCleaner[R4].txt - [1053 octets] - [27/11/2012 20:58:15]
AdwCleaner[S1].txt - [1606 octets] - [23/11/2012 21:44:56]
AdwCleaner[S2].txt - [986 octets] - [27/11/2012 20:58:36]

########## EOF - C:\AdwCleaner[S2].txt - [1045 octets] ##########








Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.24.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
NAMES :: DESKY [administrator]

11/27/2012 9:05:19 PM
mbam-log-2012-11-27 (21-05-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212154
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


=============================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455  BrowserJavaVersion: 10.7.2
Run by NAMES at 21:16:02 on 2012-11-27
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.9175.5975 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Users\NAMES\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyServer = gate.temple.edu:8080
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\NAMES\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\NAMES\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\NAMES\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMS-SH~1.LNK - C:\Program Files (x86)\PS3 Media Server\PMS.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0C5CF442-582E-4357-B116-765DA99CAA8C} - hxxp://prd-bxs1.erp.temple.edu/appxtender/client/IrcViewer.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://*SPAM*.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://*SPAM*.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AD4E091A-30B1-443D-B4FC-90E8EBA972A1} : DHCPNameServer = 192.168.1.1 71.242.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
x64-Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NAMES\AppData\Roaming\Mozilla\Firefox\Profiles\3rbk7fra.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\NAMES\AppData\Roaming\Mozilla\Firefox\Profiles\3rbk7fra.default\extensions\[email protected]\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 FixTDSS;TDSS Fixtool driver;C:\Windows\System32\drivers\FixTDSS.sys [2012-6-4 27256]
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2010-10-7 307888]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\System32\drivers\MDPMGRNT.SYS [2011-2-9 32424]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-30 56208]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 CBDisk;CBDisk;C:\Windows\System32\drivers\CBDisk.sys [2011-2-9 70344]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-9-9 57976]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-7-12 1239952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-15 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-15 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-7-20 205312]
R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-8 149504]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-15 635416]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-15 2320920]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-5-10 115216]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2010-10-15 1705600]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-15 56344]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-10-15 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-10-15 180224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-15 346144]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-9-9 60536]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-11-24 12:30:21   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-11-24 12:18:36   98816   ----a-w-   C:\Windows\sed.exe
2012-11-24 12:18:36   256000   ----a-w-   C:\Windows\PEV.exe
2012-11-24 12:18:36   208896   ----a-w-   C:\Windows\MBR.exe
2012-11-24 02:57:00   --------   d-----w-   C:\Windows\System32\EventProviders
2012-11-22 13:29:24   --------   d-----w-   C:\Program Files\CCleaner
2012-11-22 13:13:59   --------   d-----w-   C:\Users\NAMES\AppData\Local\adaware
2012-11-19 02:35:19   --------   d-----w-   C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-15 08:14:30   9728   ----a-w-   C:\Windows\System32\Wdfres.dll
2012-11-15 08:14:30   785512   ----a-w-   C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 08:14:30   54376   ----a-w-   C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 08:14:30   2560   ----a-w-   C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:03:21   87040   ----a-w-   C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 08:03:21   84992   ----a-w-   C:\Windows\System32\WUDFSvc.dll
2012-11-15 08:03:21   198656   ----a-w-   C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 08:03:20   194048   ----a-w-   C:\Windows\System32\WUDFPlatform.dll
2012-11-15 08:03:19   744448   ----a-w-   C:\Windows\System32\WUDFx.dll
2012-11-15 08:03:19   45056   ----a-w-   C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 08:03:19   229888   ----a-w-   C:\Windows\System32\WUDFHost.exe
2012-11-15 04:58:15   3147264   ----a-w-   C:\Windows\System32\win32k.sys
2012-11-15 04:58:07   95744   ----a-w-   C:\Windows\System32\synceng.dll
2012-11-15 04:58:06   78336   ----a-w-   C:\Windows\SysWow64\synceng.dll
2012-11-02 23:21:34   --------   d-----w-   C:\Users\NAMES\AppData\Local\MPlayer
2012-11-02 23:20:51   --------   d-----w-   C:\ProgramData\PMS
2012-10-30 20:06:30   --------   d-----w-   C:\Users\NAMES\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-10-30 19:58:35   56208   ------w-   C:\Windows\System32\drivers\PxHlpa64.sys
2012-10-30 19:58:35   10224   ------w-   C:\Windows\System32\drivers\cdralw2k.sys
2012-10-30 19:58:35   10224   ------w-   C:\Windows\System32\drivers\cdr4_xp.sys
2012-10-30 19:58:35   --------   d-----w-   C:\Program Files (x86)\Common Files\PX Storage Engine
2012-10-30 19:58:34   --------   d-----w-   C:\Program Files (x86)\Common Files\Sonic Shared
2012-10-30 19:58:30   --------   d-----w-   C:\Program Files (x86)\My Company Name
.
==================== Find3M  ====================
.
2012-10-08 21:58:22   73656   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 21:58:22   696760   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-10-08 11:22:55   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35   599040   ----a-w-   C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21   420864   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-09-30 00:54:26   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-09-14 19:23:40   2048   ----a-w-   C:\Windows\System32\tzres.dll
2012-09-14 18:30:38   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2012-09-04 18:52:33   95208   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 18:52:33   821736   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2012-09-04 18:52:33   746984   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-08-31 18:02:20   1656688   ----a-w-   C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:11:29   5505904   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33   3958128   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33   3902832   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 21:16:52.09 ===============


.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2010 8:04:01 AM
System Uptime: 11/27/2012 9:00:36 PM (0 hours ago)
.
Motherboard: MSI |  | 2A9C
Processor: Intel(R) Core(TM) i7 CPU         870  @ 2.93GHz | CPU 1 | 2934/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 1.166 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.472 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Ad-aware 6 Personal
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe Acrobat 4.0
Adobe AIR
Adobe Audition 3.0
Adobe Audition 3.0 Vista Compatibility
Adobe Audition CS6
Adobe Download Assistant
Adobe Dreamweaver CS5.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe PhotoDeluxe Home Edition 4.0
Adobe Reader X (10.1.4)
Adobe Widget Browser
Alex Buturuga - Muti ID3 Tag Editor 1.3b1
AMD APP SDK Runtime
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Problem Report Wizard
AVG 2012
Bejeweled 2 Deluxe
Bing Bar
Binverse
bl
Blackhawk Striker 2
Bonjour
Build-a-lot 2
Byki
Canon MG5200 series MP Drivers
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
CinemaNow Media Manager
Common
Contents
Corel VideoStudio Pro X4
CyberLink DVD Suite Deluxe
D3DX10
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp Dalet Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceIO
DHTML Editing Component
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Dropbox
DVD Audio Extractor 5.2.1
DVD Menu Pack for HP MediaSmart Video
DVD Shrink 3.2
Escape Rosecliff Island
Exact Audio Copy 0.99pb5
Family Tree Maker 2011
Family Tree Maker 2012
FATE
FileZilla Client 3.5.0
Final Drive Nitro
FoxyTunes for Firefox
Freez FLV to AVI/MPEG/WMV Converter
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
Heroes of Hellas 2 - Olympia
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Information
HP Update
HP Vision Hardware Diagnostics
Hulu Desktop
HydraVision
ICA
iConcertCal
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
IPM_VS_Pro
ISCOM
iTunes
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 29
JavaFX 2.1.1
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
MacDrive 8
Malwarebytes Anti-Malware version 1.65.1.1000
MediaMonkey 3.2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (5.0)
MozyHome
MPEG Video Wizard DVD 5.0.1.101 (05/2011)
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero Update
nero.prerequisites.msi
Norton Online Backup
PageBreeze Free HTML Editor
PDF Complete Special Edition
PeerGuardian 2.0
Penguins!
ph
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
PS3 Media Server
PureHD
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
RideMax for Disneyland 5.1
Roger Nichols Digital FREQUAL-IZER VST RTAS v1.2
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Setup
Share
Share64
Skype Click to Call
Skype™ 6.0
SmartSound Common Data
SmartSound Quicktracks 5
Snagit 10.0.1
Spotify
Trader's Little Helper 2.6.0
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wpaiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnyiper
TurboTax 2011 wpaiper
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VIO
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.2
VSClassic
VSPro
WASTE (remove only)
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Detect
YNAB 4 version 4.1.140
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/27/2012 9:12:34 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
11/27/2012 9:09:39 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
11/27/2012 9:03:33 PM, Error: Service Control Manager [7000]  - The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the file specified.
11/27/2012 9:01:40 PM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
11/27/2012 9:01:18 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/24/2012 7:28:27 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
11/24/2012 7:28:04 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/24/2012 7:21:31 PM, Error: volsnap [35]  - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
11/23/2012 9:59:56 PM, Error: Microsoft-Windows-Service Pack Installer [5]  - There is not enough free disk space to install the Service Pack. Required=2118 MB.
11/23/2012 9:51:47 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.
11/23/2012 9:51:47 PM, Error: Service Control Manager [7000]  - The Intuit Update Service v4 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/23/2012 9:48:31 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
11/23/2012 9:48:01 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/23/2012 9:48:01 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
11/23/2012 10:52:11 PM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
11/23/2012 10:03:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
11/23/2012 10:03:40 PM, Error: Microsoft-Windows-Service Pack Installer [8]  - Service Pack installation failed with error code 0x800f0828.
.
==== End Of File ===========================




ComboFix 12-11-27.01 - NAMES 11/27/2012  21:23:26.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.9175.6677 [GMT -5:00]
Running from: c:\users\NAMES\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NAMES\AppData\Local\Temp\jna5191732413322449778.dll
.
.
(((((((((((((((((((((((((   Files Created from 2012-10-28 to 2012-11-28  )))))))))))))))))))))))))))))))
.
.
2012-11-28 02:34 . 2012-11-28 02:34   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-11-28 02:03 . 2012-11-28 02:03   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2012-11-24 02:57 . 2012-11-24 02:57   --------   d-----w-   c:\windows\system32\EventProviders
2012-11-22 13:29 . 2012-11-24 02:37   --------   d-----w-   c:\program files\CCleaner
2012-11-22 13:13 . 2012-11-22 13:34   --------   d-----w-   c:\users\NAMES\AppData\Local\adaware
2012-11-19 02:35 . 2012-11-19 02:35   --------   d-----w-   c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-15 08:14 . 2012-07-26 04:55   785512   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 08:14 . 2012-07-26 04:55   54376   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 08:14 . 2012-07-26 04:47   2560   ----a-w-   c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:14 . 2012-07-26 02:36   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2012-11-15 08:08 . 2012-10-08 12:19   17811968   ----a-w-   c:\windows\system32\mshtml.dll
2012-11-15 08:08 . 2012-10-08 11:42   10925568   ----a-w-   c:\windows\system32\ieframe.dll
2012-11-15 08:03 . 2012-07-26 03:08   84992   ----a-w-   c:\windows\system32\WUDFSvc.dll
2012-11-15 08:03 . 2012-07-26 02:26   87040   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 08:03 . 2012-07-26 02:26   198656   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 08:03 . 2012-07-26 03:08   194048   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2012-11-15 08:03 . 2012-07-26 03:08   229888   ----a-w-   c:\windows\system32\WUDFHost.exe
2012-11-15 08:03 . 2012-07-26 03:08   744448   ----a-w-   c:\windows\system32\WUDFx.dll
2012-11-15 08:03 . 2012-07-26 03:08   45056   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 04:58 . 2012-10-18 18:18   3147264   ----a-w-   c:\windows\system32\win32k.sys
2012-11-15 04:58 . 2012-09-25 22:39   95744   ----a-w-   c:\windows\system32\synceng.dll
2012-11-02 23:21 . 2012-11-15 08:44   --------   d-----w-   c:\users\NAMES\AppData\Local\MPlayer
2012-11-02 23:20 . 2012-11-02 23:21   --------   d-----w-   c:\programdata\PMS
2012-10-30 20:06 . 2012-10-30 20:06   --------   d-----w-   c:\users\NAMES\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-10-30 19:58 . 2012-10-30 19:58   --------   d-----w-   c:\program files (x86)\Common Files\PX Storage Engine
2012-10-30 19:58 . 2011-11-03 07:01   56208   ------w-   c:\windows\system32\drivers\PxHlpa64.sys
2012-10-30 19:58 . 2011-10-17 07:00   10224   ------w-   c:\windows\system32\drivers\cdralw2k.sys
2012-10-30 19:58 . 2011-10-17 07:00   10224   ------w-   c:\windows\system32\drivers\cdr4_xp.sys
2012-10-30 19:58 . 2012-10-30 19:58   --------   d-----w-   c:\program files (x86)\Common Files\Sonic Shared
2012-10-30 19:58 . 2012-10-30 19:58   --------   d-----w-   c:\program files (x86)\My Company Name
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 08:04 . 2010-12-07 12:04   66395536   ----a-w-   c:\windows\system32\MRT.exe
2012-10-08 21:58 . 2012-04-12 10:30   696760   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 21:58 . 2011-05-21 12:07   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 07:48 . 2012-11-15 08:09   1129472   ----a-w-   c:\windows\SysWow64\wininet.dll
2012-10-08 07:43 . 2012-11-15 08:09   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2012-09-30 00:54 . 2012-09-09 11:51   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-09-25 21:55 . 2012-11-15 04:58   78336   ----a-w-   c:\windows\SysWow64\synceng.dll
2012-09-14 19:23 . 2012-10-10 05:28   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 05:28   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2012-09-04 18:52 . 2012-09-04 18:52   95208   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 18:52 . 2012-08-05 02:37   821736   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 18:52 . 2010-12-07 12:09   746984   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-08-31 18:02 . 2012-10-10 05:29   1656688   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:11 . 2012-10-10 05:29   5505904   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-08-30 17:18 . 2012-10-10 05:29   3958128   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18 . 2012-10-10 05:29   3902832   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08   87440   ----a-w-   c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19   94208   ----a-w-   c:\users\NAMES\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19   94208   ----a-w-   c:\users\NAMES\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19   94208   ----a-w-   c:\users\NAMES\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-05 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-11-24 968592]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 2273792]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-08 98304]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\NAMES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\NAMES\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
PMS - Shortcut.lnk - c:\program files (x86)\PS3 Media Server\PMS.exe [2012-9-1 432785]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-8-4 4987160]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-07 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-06-05 27256]
S0 MDFSYSNT;MacDrive file system driver;

S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2010-10-21 32424]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 70344]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-16 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-07-20 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 149504]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-05-10 115216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-09-12 1705600]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
You only have 1.16 Gb of free space on your computer. Windows requires at least 15% (137 Gb) in order to function properly. I'm surprised that the computer is even running. You need to free up some free space. You can do this by uninstalling programs that you don't want or don't use. You can save some important data such as videos, music, pictures and other important files to DVD's or an external harddrive. I'm afraid to ask you to run anymore scans because of this.

[darling]

Thank you for your reply.

It's easy enough to free space as much space as necessary. I'm working on that as we speak.

[SuperDave]

Thank you for your reply.

It's easy enough to free space as much space as necessary. I'm working on that as we speak.

Please let me know and we'll run some more scans.

[darling]

Alright - I have about 150G free.

Thank you!

[darling]

Still having the problem, except now instead of a simple redirect, it opens up kanoodle.com in a new tab.

Also, for what it's worth, the full redirect url is:
http://context3.kanoodle.com/AF7F5454-06AA-11DF-BB59-79A43FF5047F

[SuperDave]

Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[darling]

Here you go - thanks again!


ComboFix 12-12-10.01 - NAMES 12/11/2012  21:55:56.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.9175.6486 [GMT -5:00]
Running from: c:\users\NAMES\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NAMES\AppData\Local\Temp\jna1564788149694323621.dll
.
.
(((((((((((((((((((((((((   Files Created from 2012-11-12 to 2012-12-12  )))))))))))))))))))))))))))))))
.
.
2012-12-12 03:03 . 2012-12-12 03:03   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-12-07 12:56 . 2012-12-07 12:57   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-07 12:56 . 2012-12-07 12:57   --------   d-----w-   c:\program files\iTunes
2012-12-07 12:56 . 2012-12-07 12:56   --------   d-----w-   c:\program files\iPod
2012-12-07 12:54 . 2012-12-07 12:54   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-07 12:54 . 2012-12-07 12:54   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-07 12:54 . 2012-12-07 12:54   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-07 12:54 . 2012-12-07 12:54   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-07 12:54 . 2012-12-07 12:54   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-07 12:54 . 2012-12-07 12:54   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-07 12:54 . 2012-12-07 12:54   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-07 12:54 . 2012-12-07 12:54   --------   d-----w-   c:\program files (x86)\QuickTime
2012-11-28 02:03 . 2012-11-28 02:03   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2012-11-24 02:57 . 2012-11-24 02:57   --------   d-----w-   c:\windows\system32\EventProviders
2012-11-22 13:29 . 2012-11-24 02:37   --------   d-----w-   c:\program files\CCleaner
2012-11-22 13:13 . 2012-11-22 13:34   --------   d-----w-   c:\users\NAMES\AppData\Local\adaware
2012-11-19 02:35 . 2012-11-19 02:35   --------   d-----w-   c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-15 08:14 . 2012-07-26 04:55   785512   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 08:14 . 2012-07-26 04:55   54376   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 08:14 . 2012-07-26 04:47   2560   ----a-w-   c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:14 . 2012-07-26 02:36   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2012-11-15 08:08 . 2012-10-08 12:19   17811968   ----a-w-   c:\windows\system32\mshtml.dll
2012-11-15 08:08 . 2012-10-08 11:42   10925568   ----a-w-   c:\windows\system32\ieframe.dll
2012-11-15 08:03 . 2012-07-26 03:08   84992   ----a-w-   c:\windows\system32\WUDFSvc.dll
2012-11-15 08:03 . 2012-07-26 02:26   87040   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 08:03 . 2012-07-26 02:26   198656   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 08:03 . 2012-07-26 03:08   194048   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2012-11-15 08:03 . 2012-07-26 03:08   229888   ----a-w-   c:\windows\system32\WUDFHost.exe
2012-11-15 08:03 . 2012-07-26 03:08   744448   ----a-w-   c:\windows\system32\WUDFx.dll
2012-11-15 08:03 . 2012-07-26 03:08   45056   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 04:58 . 2012-10-18 18:18   3147264   ----a-w-   c:\windows\system32\win32k.sys
2012-11-15 04:58 . 2012-09-25 22:39   95744   ----a-w-   c:\windows\system32\synceng.dll
2012-11-15 04:58 . 2012-09-25 21:55   78336   ----a-w-   c:\windows\SysWow64\synceng.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 08:04 . 2010-12-07 12:04   66395536   ----a-w-   c:\windows\system32\MRT.exe
2012-10-25 08:12 . 2012-10-25 08:12   94208   ----a-w-   c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12   69632   ----a-w-   c:\windows\SysWow64\QuickTime.qts
2012-10-16 21:20 . 2012-11-28 11:50   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 11:50   347648   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 11:50   559104   ----a-w-   c:\windows\apppatch\AcLayers.dll
2012-10-08 21:58 . 2012-04-12 10:30   696760   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 21:58 . 2011-05-21 12:07   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2012-09-09 11:51   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-09-28 15:32 . 2012-09-28 15:32   5989776   ----a-w-   c:\windows\system32\usbaaplrc.dll
2012-09-28 15:32 . 2012-09-28 15:32   53760   ----a-w-   c:\windows\system32\drivers\usbaapl64.sys
2012-09-14 19:23 . 2012-10-10 05:28   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 05:28   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08   87440   ----a-w-   c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19   94208   ----a-w-   c:\users\NAMES\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19   94208   ----a-w-   c:\users\NAMES\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19   94208   ----a-w-   c:\users\NAMES\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-05 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-11-24 968592]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 2273792]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-08 98304]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
.
c:\users\NAMES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\NAMES\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
PMS - Shortcut.lnk - c:\program files (x86)\PS3 Media Server\PMS.exe [2012-9-1 432785]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-8-4 4987160]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-07 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-06-05 27256]
S0 MDFSYSNT;MacDrive file system driver;

S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2010-10-21 32424]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 70344]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-16 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-07-20 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 149504]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-05-10 115216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-09-12 1705600]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:58]
.
2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 14:43]
.
2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 14:43]
.
2012-11-24 c:\windows\Tasks\HPCeeScheduleForNAMES.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19   97792   ----a-w-   c:\users\NAMES\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19   97792   ----a-w-   c:\users\NAMES\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19   97792   ----a-w-   c:\users\NAMES\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19   97792   ----a-w-   c:\users\NAMES\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-08-04 19:15   4472600   ----a-w-   c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-08-04 19:15   4472600   ----a-w-   c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 193536]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 146432]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = gate.temple.edu:8080
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
DPF: {0C5CF442-582E-4357-B116-765DA99CAA8C} - hxxp://prd-bxs1.erp.temple.edu/appxtender/client/IrcViewer.cab
FF - ProfilePath - c:\users\NAMES\AppData\Roaming\Mozilla\Firefox\Profiles\3rbk7fra.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-Roger Nichols Digital FREQUAL-IZER VST RTAS_is1 - c:\program files (x86)\Roger Nichols Digital
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1106193431-498947877-2541442536-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1106193431-498947877-2541442536-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1106193431-498947877-2541442536-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\progra~2\AD-AWA~1\AdAware.exe
c:\program files (x86)\Java\jre7\bin\javaw.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-12-11  22:13:31 - machine was rebooted
ComboFix-quarantined-files.txt  2012-12-12 03:13
ComboFix2.txt  2012-11-28 02:44
ComboFix3.txt  2012-11-24 12:39
.
Pre-Run: 153,420,128,256 bytes free
Post-Run: 153,808,396,288 bytes free
.
- - End Of File - - 50458AD382F2DE5656140EC395028478

[SuperDave]

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**************************************************

• Download RogueKiller on the desktop
  
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

***********************************************
Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[darling]

 Results of screen317's Security Check version 0.99.56 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
AVG Anti-Virus Free Edition 2013   
Lavasoft Ad-Aware                 
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Ad-Aware
 Malwarebytes Anti-Malware version 1.65.1.1000 
 JavaFX 2.1.1   
 Java(TM) 6 Update 29 
 Java 7 Update 10 
 Java version out of Date!
 Adobe Flash Player 11.5.502.135 
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Mozilla Firefox (17.0.1)
 Mozilla Thunderbird (5.0). Thunderbird out of Date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 AVG avgwdsvc.exe
 Ad-Aware Antivirus AdAwareService.exe   
 Ad-Aware Antivirus SBAMSvc.exe   
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]



Note:
- FWIW, Java and Adobe both tell me they are up to date. (Thunderbird I never use.)





RogueKiller V8.4.0 [Dec 12 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : NAMES [Admin rights]
Mode : Scan -- Date : 12/13/2012 20:32:52

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (gate.temple.edu:8080) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FAES-60Z2A0 +++++
--- User ---
[MBR] 8197e8ddc34eeb8509ac2b682232ee5e
[BSP] 0ea45a890180d7e54910109c3d670dd0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941365 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1928122368 | Size: 12402 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12132012_02d2032.txt >>
RKreport[1]_S_12132012_02d2032.txt



Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 17.0.1 (en-US)
.
C:\  [Fixed-NTFS] .. ( Total:919 Go - Free:141 Go )
D:\  [Fixed-NTFS] .. ( Total:12 Go - Free:1 Go )
E:\  [CD_Rom]
G:\  [Removable]
H:\  [Removable]
I:\  [Removable]
J:\  [Removable]
.
Scan : 20:34.52
Path : C:\Users\NAMES\Desktop\Rooter.exe
User : NAMES ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ? (372)
______ ? (520)
______ ? (576)
______ ? (972)
______ ? (156)
______ ? (404)
______ ? (640)
______ ? (968)
______ ? (160)
______ ? (976)
______ ? (1136)
______ ? (1280)
______ ? (1380)
______ ? (1436)
______ ? (1468)
______ ? (1496)
______ ? (1604)
______ ? (1636)
______ ? (1724)
______ ? (1852)
______ ? (1880)
______ ? (1984)
______ C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (2012)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (2036)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1088)
______ C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (1560)
______ C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (1808)
______ ? (1660)
______ C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe (2072)
______ C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (2112)
______ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (2136)
______ C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (2180)
______ ? (2204)
______ ? (2400)
______ C:\Program Files (x86)\PDF Complete\pdfsvc.exe (2432)
______ c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (2464)
______ C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (2512)
______ ? (2568)
______ ? (2620)
______ ? (2788)
______ ? (3324)
______ ? (3376)
______ ? (3508)
______ ? (3540)
______ ? (3604)
______ ? (3644)
______ ? (3116)
______ ? (4104)
______ C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (4168)
______ C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (4176)
______ ? (4192)
______ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (4224)
______ ? (4240)
______ ? (4536)
______ ? (4912)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (4964)
______ C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (5008)
______ C:\Users\NAMES\AppData\Roaming\Dropbox\bin\Dropbox.exe (4288)
______ C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (4436)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4552)
______ ? (4952)
______ C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (4836)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (4336)
______ C:\Program Files (x86)\AVG\AVG2013\avgui.exe (5296)
______ ? (5380)
______ ? (5520)
______ ? (5284)
______ ? (6112)
______ ? (5256)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (3572)
______ C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (4600)
______ ? (5192)
______ C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (5316)
______ C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (6412)
______ ? (6840)
______ C:\Program Files (x86)\Nero\Update\NASvc.exe (6996)
______ ? (7108)
______ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (7136)
Locked audiodg.exe (6888)
______ C:\Windows\SysWOW64\notepad.exe (6728)
______ C:\Users\NAMES\Desktop\RogueKiller.exe (6312)
______ C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (6480)
______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (7080)
______ ? (2252)
______ C:\Users\NAMES\Desktop\Rooter.exe (6656)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:987092746240)
\Device\Harddisk0\Partition3 (Start_Offset:987198652416 | Length:13004439552)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\HPCeeScheduleForNAMES.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:35.00
.
C:\Rooter$\Rooter_1.txt - (13/12/2012 | 20:35.00)



THANK YOU!!!

[SuperDave]

Java and Adobe both tell me they are up to date.

You can remove the previous version of Java. (Java(TM) 6 Update 29 )

How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[darling]

Thank you (again!)

Still having the same intermittent problem. One out of every five times or so, Firefox nbcnews redirects to kanoodle, or loads nbcnews and opens kanoodle in a new tab. Nbcnews self-reloads every now and then, so if I happen to leave it open in a tab and come back, kanoodle appears.

This isn't happening with any other site (that I use.)
I guess I could just block kanoodle in hosts but that wouldn't solve the underlying issue - whatever that is.


Anyway, here's the ESET log. (The instructions weren't clear whether or not to uncheck the 'remove found threats box' so I unchecked it.)


C:\Users\NAMES\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3545009a-5ba8d18e   Java/TrojanDownloader.Agent.JX trojan
C:\Users\NAMES\Documents\Downloads\Downloads - OldDell\Install_AIM.exe   Win32/Adware.WBug.A application
C:\Users\NAMES\Documents\Downloads\Downloads - OldDell\kazaa_lite_210_english.exe   probably a variant of Win32/Agent.COPKWSR trojan


The second two are files transferred from and old computer and certainly haven't been run on this newer box. The first one...??

Thanks again, oh, and the full log just in case:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=73c008ffb0dbcd488e6b78d1798a6dc5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-15 11:30:37
# local_time=2012-12-15 06:30:37 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 0 107157687 0 0
# scanned=432820
# found=3
# cleaned=0
# scan_time=14003
C:\Users\NAMES\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3545009a-5ba8d18e   Java/TrojanDownloader.Agent.JX trojan (unable to clean)   D149B7F271B5E32ADABEE911E5C41A95CDC1DE9 2   I
C:\Users\NAMES\Documents\Downloads\Downloads - OldDell\Install_AIM.exe   Win32/Adware.WBug.A application (unable to clean)   964DAB177BE5EF62D098C5963818ACBBEABCBFF D   I
C:\Users\NAMES\Documents\Downloads\Downloads - OldDell\kazaa_lite_210_english.exe   probably a variant of Win32/Agent.COPKWSR trojan (unable to clean)   A7C8CA26B4A4FF55EB8A4003711904148F41380 8   I
ESETSmartInstaller@High as downloader log:
all ok

[SuperDave]

Anyway, here's the ESET log. (The instructions weren't clear whether or not to uncheck the 'remove found threats box' so I unchecked it.)

please run ESET again and leave the "remove found threats" box checked.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

[darling]

Thank you!
I ran ESET again with the box checked. Here's the TDSS log:



22:29:31.0957 7020  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:29:32.0200 7020  ============================================================
22:29:32.0200 7020  Current date / time: 2012/12/17 22:29:32.0200
22:29:32.0201 7020  SystemInfo:
22:29:32.0201 7020 
22:29:32.0201 7020  OS Version: 6.1.7601 ServicePack: 1.0
22:29:32.0201 7020  Product type: Workstation
22:29:32.0201 7020  ComputerName: DESKY
22:29:32.0201 7020  UserName: NAMES
22:29:32.0201 7020  Windows directory: C:\Windows
22:29:32.0201 7020  System windows directory: C:\Windows
22:29:32.0201 7020  Running under WOW64
22:29:32.0201 7020  Processor architecture: Intel x64
22:29:32.0201 7020  Number of processors: 8
22:29:32.0201 7020  Page size: 0x1000
22:29:32.0201 7020  Boot type: Normal boot
22:29:32.0201 7020  ============================================================
22:29:33.0037 7020  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:29:33.0053 7020  ============================================================
22:29:33.0053 7020  \Device\Harddisk0\DR0:
22:29:33.0053 7020  MBR partitions:
22:29:33.0053 7020  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:29:33.0053 7020  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72E9A800
22:29:33.0053 7020  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72ECD000, BlocksNum 0x1839000
22:29:33.0053 7020  ============================================================
22:29:33.0103 7020  C: <-> \Device\Harddisk0\DR0\Partition2
22:29:33.0146 7020  D: <-> \Device\Harddisk0\DR0\Partition3
22:29:33.0170 7020  ============================================================
22:29:33.0170 7020  Initialize success
22:29:33.0171 7020  ============================================================
22:29:36.0432 6348  ============================================================
22:29:36.0432 6348  Scan started
22:29:36.0432 6348  Mode: Manual;
22:29:36.0432 6348  ============================================================
22:29:37.0168 6348  ================ Scan system memory ========================
22:29:37.0168 6348  System memory - ok
22:29:37.0168 6348  ================ Scan services =============================
22:29:37.0329 6348  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:29:37.0333 6348  1394ohci - ok
22:29:37.0364 6348  [ E0A8525A951ADDB4655BC2068566407D ] 61883           C:\Windows\system32\DRIVERS\61883.sys
22:29:37.0367 6348  61883 - ok
22:29:37.0418 6348  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:29:37.0423 6348  ACPI - ok
22:29:37.0471 6348  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:29:37.0473 6348  AcpiPmi - ok
22:29:37.0600 6348  [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
22:29:37.0626 6348  Ad-Aware Service - ok
22:29:37.0693 6348  [ 4AE327C9C375D985FF2A2AAB92765218 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
22:29:37.0695 6348  Adobe LM Service - ok
22:29:37.0881 6348  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:29:37.0883 6348  AdobeARMservice - ok
22:29:38.0018 6348  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:29:38.0023 6348  AdobeFlashPlayerUpdateSvc - ok
22:29:38.0055 6348  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:29:38.0063 6348  adp94xx - ok
22:29:38.0074 6348  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:29:38.0080 6348  adpahci - ok
22:29:38.0101 6348  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:29:38.0105 6348  adpu320 - ok
22:29:38.0141 6348  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:29:38.0143 6348  AeLookupSvc - ok
22:29:38.0178 6348  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:29:38.0185 6348  AFD - ok
22:29:38.0223 6348  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:29:38.0225 6348  agp440 - ok
22:29:38.0247 6348  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:29:38.0250 6348  ALG - ok
22:29:38.0281 6348  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:29:38.0283 6348  aliide - ok
22:29:38.0330 6348  [ C9A5A02CB76B35A78404F6D4101163F9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:29:38.0334 6348  AMD External Events Utility - ok
22:29:38.0358 6348  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:29:38.0360 6348  amdide - ok
22:29:38.0386 6348  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:29:38.0389 6348  AmdK8 - ok
22:29:38.0624 6348  [ 5F62E6CFD4FEA8D19110BDEB423BF510 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:29:38.0794 6348  amdkmdag - ok
22:29:38.0837 6348  [ D93655EC3CA48FCBFFD9D4E6DF63737F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:29:38.0841 6348  amdkmdap - ok
22:29:38.0860 6348  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:29:38.0862 6348  AmdPPM - ok
22:29:38.0887 6348  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:29:38.0890 6348  amdsata - ok
22:29:38.0898 6348  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:29:38.0902 6348  amdsbs - ok
22:29:38.0934 6348  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:29:38.0935 6348  amdxata - ok
22:29:38.0980 6348  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:29:38.0983 6348  AppID - ok
22:29:39.0007 6348  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:29:39.0009 6348  AppIDSvc - ok
22:29:39.0061 6348  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
22:29:39.0064 6348  Appinfo - ok
22:29:39.0093 6348  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:29:39.0095 6348  Apple Mobile Device - ok
22:29:39.0113 6348  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:29:39.0116 6348  arc - ok
22:29:39.0122 6348  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:29:39.0125 6348  arcsas - ok
22:29:39.0276 6348  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:29:39.0278 6348  aspnet_state - ok
22:29:39.0314 6348  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:29:39.0316 6348  AsyncMac - ok
22:29:39.0346 6348  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:29:39.0347 6348  atapi - ok
22:29:39.0414 6348  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:29:39.0417 6348  AtiHDAudioService - ok
22:29:39.0441 6348  [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
22:29:39.0444 6348  AtiHdmiService - ok
22:29:39.0503 6348  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:29:39.0513 6348  AudioEndpointBuilder - ok
22:29:39.0528 6348  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:29:39.0534 6348  AudioSrv - ok
22:29:39.0584 6348  [ 16FABE84916623D0607E4A975544032C ] Avc             C:\Windows\system32\DRIVERS\avc.sys
22:29:39.0586 6348  Avc - ok
22:29:39.0781 6348  [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
22:29:39.0899 6348  AVGIDSAgent - ok
22:29:39.0956 6348  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:29:39.0960 6348  AVGIDSDriver - ok
22:29:40.0011 6348  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
22:29:40.0013 6348  AVGIDSHA - ok
22:29:40.0062 6348  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
22:29:40.0066 6348  Avgldx64 - ok
22:29:40.0096 6348  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
22:29:40.0099 6348  Avgloga - ok
22:29:40.0152 6348  [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
22:29:40.0154 6348  Avgmfx64 - ok
22:29:40.0164 6348  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
22:29:40.0165 6348  Avgrkx64 - ok
22:29:40.0186 6348  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
22:29:40.0190 6348  Avgtdia - ok
22:29:40.0248 6348  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
22:29:40.0252 6348  avgwd - ok
22:29:40.0324 6348  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:29:40.0327 6348  AxInstSV - ok
22:29:40.0349 6348  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:29:40.0358 6348  b06bdrv - ok
22:29:40.0404 6348  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:29:40.0410 6348  b57nd60a - ok
22:29:40.0471 6348  [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:29:40.0475 6348  BBSvc - ok
22:29:40.0488 6348  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:29:40.0491 6348  BDESVC - ok
22:29:40.0507 6348  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:29:40.0509 6348  Beep - ok
22:29:40.0583 6348  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:29:40.0594 6348  BFE - ok
22:29:40.0665 6348  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
22:29:40.0678 6348  BITS - ok
22:29:40.0689 6348  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:29:40.0691 6348  blbdrive - ok
22:29:40.0751 6348  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:29:40.0758 6348  Bonjour Service - ok
22:29:40.0790 6348  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:29:40.0792 6348  bowser - ok
22:29:40.0823 6348  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:29:40.0825 6348  BrFiltLo - ok
22:29:40.0848 6348  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:29:40.0850 6348  BrFiltUp - ok
22:29:40.0881 6348  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:29:40.0884 6348  BridgeMP - ok
22:29:40.0939 6348  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:29:40.0942 6348  Browser - ok
22:29:40.0951 6348  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:29:40.0956 6348  Brserid - ok
22:29:40.0963 6348  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:29:40.0965 6348  BrSerWdm - ok
22:29:40.0982 6348  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:29:40.0984 6348  BrUsbMdm - ok
22:29:40.0989 6348  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:29:40.0991 6348  BrUsbSer - ok
22:29:41.0006 6348  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:29:41.0008 6348  BTHMODEM - ok
22:29:41.0028 6348  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:29:41.0031 6348  bthserv - ok
22:29:41.0073 6348  catchme - ok
22:29:41.0123 6348  [ B99D91E4CD9017F213645AA2E80EB425 ] CBDisk          C:\Windows\system32\drivers\CBDisk.sys
22:29:41.0126 6348  CBDisk - ok
22:29:41.0142 6348  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:29:41.0144 6348  cdfs - ok
22:29:41.0212 6348  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:29:41.0216 6348  cdrom - ok
22:29:41.0266 6348  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:29:41.0269 6348  CertPropSvc - ok
22:29:41.0304 6348  [ EA3333DB9AB03106EEC0D6D9D487ED01 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
22:29:41.0311 6348  CinemaNow Service - ok
22:29:41.0325 6348  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:29:41.0327 6348  circlass - ok
22:29:41.0359 6348  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:29:41.0365 6348  CLFS - ok
22:29:41.0422 6348  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:29:41.0425 6348  clr_optimization_v2.0.50727_32 - ok
22:29:41.0453 6348  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:29:41.0456 6348  clr_optimization_v2.0.50727_64 - ok
22:29:41.0535 6348  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:29:41.0538 6348  clr_optimization_v4.0.30319_32 - ok
22:29:41.0550 6348  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:29:41.0554 6348  clr_optimization_v4.0.30319_64 - ok
22:29:41.0560 6348  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:29:41.0561 6348  CmBatt - ok
22:29:41.0597 6348  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:29:41.0600 6348  cmdide - ok
22:29:41.0656 6348  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
22:29:41.0664 6348  CNG - ok
22:29:41.0670 6348  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:29:41.0672 6348  Compbatt - ok
22:29:41.0720 6348  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:29:41.0722 6348  CompositeBus - ok
22:29:41.0727 6348  COMSysApp - ok
22:29:41.0745 6348  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:29:41.0747 6348  crcdisk - ok
22:29:41.0802 6348  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:29:41.0806 6348  CryptSvc - ok
22:29:41.0861 6348  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:29:41.0870 6348  DcomLaunch - ok
22:29:41.0892 6348  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:29:41.0897 6348  defragsvc - ok
22:29:41.0945 6348  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:29:41.0947 6348  DfsC - ok
22:29:42.0003 6348  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:29:42.0009 6348  Dhcp - ok
22:29:42.0015 6348  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:29:42.0016 6348  discache - ok
22:29:42.0036 6348  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:29:42.0038 6348  Disk - ok
22:29:42.0110 6348  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:29:42.0114 6348  Dnscache - ok
22:29:42.0166 6348  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:29:42.0170 6348  dot3svc - ok
22:29:42.0229 6348  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:29:42.0232 6348  DPS - ok
22:29:42.0249 6348  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:29:42.0251 6348  drmkaud - ok
22:29:42.0318 6348  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:29:42.0333 6348  DXGKrnl - ok
22:29:42.0339 6348  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:29:42.0342 6348  EapHost - ok
22:29:42.0424 6348  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:29:42.0483 6348  ebdrv - ok
22:29:42.0536 6348  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:29:42.0538 6348  EFS - ok
22:29:42.0585 6348  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:29:42.0594 6348  ehRecvr - ok
22:29:42.0616 6348  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:29:42.0619 6348  ehSched - ok
22:29:42.0631 6348  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:29:42.0639 6348  elxstor - ok
22:29:42.0664 6348  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:29:42.0666 6348  ErrDev - ok
22:29:42.0704 6348  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:29:42.0710 6348  EventSystem - ok
22:29:42.0732 6348  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:29:42.0735 6348  exfat - ok
22:29:42.0767 6348  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:29:42.0771 6348  fastfat - ok
22:29:42.0841 6348  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:29:42.0851 6348  Fax - ok
22:29:42.0857 6348  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:29:42.0859 6348  fdc - ok
22:29:42.0874 6348  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:29:42.0876 6348  fdPHost - ok
22:29:42.0884 6348  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:29:42.0886 6348  FDResPub - ok
22:29:42.0896 6348  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:29:42.0898 6348  FileInfo - ok
22:29:42.0903 6348  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:29:42.0905 6348  Filetrace - ok
22:29:42.0972 6348  [ 00940C5E43282206994659D16B4AC412 ] FixTDSS         C:\Windows\system32\drivers\FixTDSS.sys
22:29:42.0973 6348  FixTDSS - ok
22:29:42.0978 6348  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:29:42.0980 6348  flpydisk - ok
22:29:43.0028 6348  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:29:43.0033 6348  FltMgr - ok
22:29:43.0108 6348  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
22:29:43.0126 6348  FontCache - ok
22:29:43.0189 6348  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:29:43.0190 6348  FontCache3.0.0.0 - ok
22:29:43.0197 6348  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:29:43.0199 6348  FsDepends - ok
22:29:43.0247 6348  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:29:43.0248 6348  Fs_Rec - ok
22:29:43.0306 6348  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:29:43.0310 6348  fvevol - ok
22:29:43.0316 6348  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:29:43.0319 6348  gagp30kx - ok
22:29:43.0385 6348  [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
22:29:43.0390 6348  GameConsoleService - ok
22:29:43.0440 6348  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:29:43.0442 6348  GEARAspiWDM - ok
22:29:43.0501 6348  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:29:43.0513 6348  gpsvc - ok
22:29:43.0550 6348  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:29:43.0553 6348  gupdate - ok
22:29:43.0560 6348  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:29:43.0562 6348  gupdatem - ok
22:29:43.0589 6348  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:29:43.0593 6348  gusvc - ok
22:29:43.0657 6348  [ 6D0F56D217545E2D0ADDBF301B35260F ] HCW85BDA        C:\Windows\system32\drivers\HCW85BDA.sys
22:29:43.0693 6348  HCW85BDA - ok
22:29:43.0712 6348  [ 25581DCFE6CB06CC0E48FA5B63F67532 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir3.sys
22:29:43.0715 6348  hcw85cir - ok
22:29:43.0767 6348  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:29:43.0773 6348  HdAudAddService - ok
22:29:43.0795 6348  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:29:43.0799 6348  HDAudBus - ok
22:29:43.0820 6348  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
22:29:43.0822 6348  HECIx64 - ok
22:29:43.0836 6348  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:29:43.0838 6348  HidBatt - ok
22:29:43.0846 6348  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:29:43.0849 6348  HidBth - ok
22:29:43.0855 6348  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:29:43.0857 6348  HidIr - ok
22:29:43.0882 6348  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
22:29:43.0884 6348  hidserv - ok
22:29:43.0892 6348  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:29:43.0894 6348  HidUsb - ok
22:29:43.0946 6348  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:29:43.0950 6348  hkmsvc - ok
22:29:44.0003 6348  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:29:44.0008 6348  HomeGroupListener - ok
22:29:44.0019 6348  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:29:44.0024 6348  HomeGroupProvider - ok
22:29:44.0064 6348  HP Support Assistant Service - ok
22:29:44.0085 6348  hpqwmiex - ok
22:29:44.0107 6348  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:29:44.0110 6348  HpSAMD - ok
22:29:44.0169 6348  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:29:44.0181 6348  HTTP - ok
22:29:44.0240 6348  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:29:44.0241 6348  hwpolicy - ok
22:29:44.0283 6348  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:29:44.0286 6348  i8042prt - ok
22:29:44.0322 6348  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:29:44.0328 6348  iaStor - ok
22:29:44.0372 6348  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:29:44.0398 6348  IAStorDataMgrSvc - ok
22:29:44.0439 6348  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:29:44.0446 6348  iaStorV - ok
22:29:44.0541 6348  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:29:44.0555 6348  idsvc - ok
22:29:44.0564 6348  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:29:44.0567 6348  iirsp - ok
22:29:44.0633 6348  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:29:44.0647 6348  IKEEXT - ok
22:29:44.0716 6348  [ 2B888BBDF6962E608A5E1A1D7A626ADF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:29:44.0814 6348  IntcAzAudAddService - ok
22:29:44.0842 6348  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:29:44.0843 6348  intelide - ok
22:29:44.0847 6348  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:29:44.0848 6348  intelppm - ok
22:29:44.0984 6348  [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
22:29:44.0986 6348  IntuitUpdateService - ok
22:29:45.0094 6348  [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:29:45.0095 6348  IntuitUpdateServiceV4 - ok
22:29:45.0118 6348  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:29:45.0121 6348  IPBusEnum - ok
22:29:45.0172 6348  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:29:45.0174 6348  IpFilterDriver - ok
22:29:45.0225 6348  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:29:45.0234 6348  iphlpsvc - ok
22:29:45.0278 6348  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:29:45.0281 6348  IPMIDRV - ok
22:29:45.0288 6348  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:29:45.0290 6348  IPNAT - ok
22:29:45.0330 6348  [ B474C756C13960793C7583B766F904C4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:29:45.0339 6348  iPod Service - ok
22:29:45.0363 6348  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:29:45.0365 6348  IRENUM - ok
22:29:45.0389 6348  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:29:45.0391 6348  isapnp - ok
22:29:45.0430 6348  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:29:45.0435 6348  iScsiPrt - ok
22:29:45.0459 6348  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:29:45.0462 6348  kbdclass - ok
22:29:45.0472 6348  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:29:45.0474 6348  kbdhid - ok
22:29:45.0487 6348  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:29:45.0489 6348  KeyIso - ok
22:29:45.0544 6348  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:29:45.0546 6348  KSecDD - ok
22:29:45.0602 6348  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:29:45.0604 6348  KSecPkg - ok
22:29:45.0620 6348  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:29:45.0622 6348  ksthunk - ok
22:29:45.0641 6348  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:29:45.0648 6348  KtmRm - ok
22:29:45.0707 6348  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:29:45.0713 6348  LanmanServer - ok
22:29:45.0725 6348  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:29:45.0729 6348  LanmanWorkstation - ok
22:29:45.0759 6348  [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:29:45.0761 6348  LightScribeService - ok
22:29:45.0778 6348  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:29:45.0781 6348  lltdio - ok
22:29:45.0816 6348  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:29:45.0822 6348  lltdsvc - ok
22:29:45.0843 6348  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:29:45.0846 6348  lmhosts - ok
22:29:45.0883 6348  [ E38775922D4A4C05B5D96733AB4CE169 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:29:45.0888 6348  LMS - ok
22:29:45.0911 6348  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:29:45.0914 6348  LSI_FC - ok
22:29:45.0936 6348  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:29:45.0939 6348  LSI_SAS - ok
22:29:45.0962 6348  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:29:45.0965 6348  LSI_SAS2 - ok
22:29:45.0972 6348  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:29:45.0975 6348  LSI_SCSI - ok
22:29:45.0995 6348  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:29:45.0997 6348  luafv - ok
22:29:46.0088 6348  [ 543080D7653128B1FA7CD8F7DB22BADB ] M4LIC           C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
22:29:46.0092 6348  M4LIC - ok
22:29:46.0191 6348  [ 95C395FDEAF6813A1DC974DDB7EE04B4 ] MacDrive8Service C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
22:29:46.0194 6348  MacDrive8Service - ok
22:29:46.0245 6348  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:29:46.0248 6348  Mcx2Svc - ok
22:29:46.0283 6348  [ 99875732A0C1373316AF28ED79C168CC ] MDFSYSNT        C:\Windows\system32\drivers\MDFSYSNT.sys
22:29:46.0288 6348  MDFSYSNT - ok
22:29:46.0325 6348  [ 8D3B834090836A01F49B97F22AE9C83C ] MDPMGRNT        C:\Windows\system32\DRIVERS\MDPMGRNT.SYS
22:29:46.0326 6348  MDPMGRNT - ok
22:29:46.0353 6348  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:29:46.0355 6348  megasas - ok
22:29:46.0365 6348  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:29:46.0370 6348  MegaSR - ok
22:29:46.0400 6348  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:29:46.0403 6348  MMCSS - ok
22:29:46.0424 6348  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:29:46.0426 6348  Modem - ok
22:29:46.0451 6348  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:29:46.0453 6348  monitor - ok
22:29:46.0460 6348  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:29:46.0462 6348  mouclass - ok
22:29:46.0469 6348  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:29:46.0471 6348  mouhid - ok
22:29:46.0521 6348  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:29:46.0523 6348  mountmgr - ok
22:29:46.0578 6348  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:29:46.0581 6348  MozillaMaintenance - ok
22:29:46.0627 6348  [ 19B2629C3F8E02B2E823738FF0AB1BFD ] mozybackup      C:\Program Files\MozyHome\mozybackup.exe
22:29:46.0629 6348  mozybackup - ok
22:29:46.0677 6348  [ A5C8838B68EDDD5C738308B3A50CB350 ] mozyFilter      C:\Windows\system32\DRIVERS\mozy.sys
22:29:46.0679 6348  mozyFilter - ok
22:29:46.0705 6348  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:29:46.0709 6348  mpio - ok
22:29:46.0740 6348  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:29:46.0741 6348  mpsdrv - ok
22:29:46.0805 6348  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:29:46.0816 6348  MpsSvc - ok
22:29:46.0884 6348  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:29:46.0888 6348  MRxDAV - ok
22:29:46.0933 6348  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:29:46.0936 6348  mrxsmb - ok
22:29:46.0991 6348  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:29:46.0996 6348  mrxsmb10 - ok
22:29:47.0007 6348  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:29:47.0010 6348  mrxsmb20 - ok
22:29:47.0051 6348  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:29:47.0053 6348  msahci - ok
22:29:47.0094 6348  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:29:47.0097 6348  msdsm - ok
22:29:47.0124 6348  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:29:47.0128 6348  MSDTC - ok
22:29:47.0155 6348  [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
22:29:47.0158 6348  MSDV - ok
22:29:47.0174 6348  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:29:47.0175 6348  Msfs - ok
22:29:47.0186 6348  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:29:47.0188 6348  mshidkmdf - ok
22:29:47.0200 6348  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:29:47.0201 6348  msisadrv - ok
22:29:47.0237 6348  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:29:47.0242 6348  MSiSCSI - ok
22:29:47.0247 6348  msiserver - ok
22:29:47.0282 6348  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:29:47.0284 6348  MSKSSRV - ok
22:29:47.0305 6348  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:29:47.0307 6348  MSPCLOCK - ok
22:29:47.0312 6348  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:29:47.0314 6348  MSPQM - ok
22:29:47.0368 6348  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:29:47.0373 6348  MsRPC - ok
22:29:47.0416 6348  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:29:47.0418 6348  mssmbios - ok
22:29:47.0432 6348  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:29:47.0434 6348  MSTEE - ok
22:29:47.0442 6348  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:29:47.0444 6348  MTConfig - ok
22:29:47.0459 6348  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:29:47.0460 6348  Mup - ok
22:29:47.0513 6348  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:29:47.0522 6348  napagent - ok
22:29:47.0550 6348  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:29:47.0556 6348  NativeWifiP - ok
22:29:47.0661 6348  [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
22:29:47.0672 6348  NAUpdate - ok
22:29:47.0742 6348  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:29:47.0756 6348  NDIS - ok
22:29:47.0771 6348  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:29:47.0773 6348  NdisCap - ok
22:29:47.0799 6348  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:29:47.0801 6348  NdisTapi - ok
22:29:47.0851 6348  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:29:47.0853 6348  Ndisuio - ok
22:29:47.0897 6348  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:29:47.0901 6348  NdisWan - ok
22:29:47.0950 6348  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:29:47.0952 6348  NDProxy - ok
22:29:47.0968 6348  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:29:47.0970 6348  NetBIOS - ok
22:29:48.0030 6348  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:29:48.0035 6348  NetBT - ok
22:29:48.0045 6348  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:29:48.0047 6348  Netlogon - ok
22:29:48.0088 6348  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:29:48.0095 6348  Netman - ok
22:29:48.0172 6348  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:29:48.0175 6348  NetMsmqActivator - ok
22:29:48.0181 6348  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:29:48.0183 6348  NetPipeActivator - ok
22:29:48.0195 6348  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:29:48.0203 6348  netprofm - ok
22:29:48.0209 6348  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:29:48.0210 6348  NetTcpActivator - ok
22:29:48.0215 6348  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:29:48.0216 6348  NetTcpPortSharing - ok
22:29:48.0228 6348  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:29:48.0230 6348  nfrd960 - ok
22:29:48.0251 6348  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:29:48.0255 6348  NlaSvc - ok
22:29:48.0338 6348  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
22:29:48.0390 6348  NOBU - ok
22:29:48.0402 6348  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:29:48.0403 6348  Npfs - ok
22:29:48.0424 6348  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:29:48.0426 6348  nsi - ok
22:29:48.0436 6348  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:29:48.0436 6348  nsiproxy - ok
22:29:48.0515 6348  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:29:48.0549 6348  Ntfs - ok
22:29:48.0563 6348  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:29:48.0565 6348  Null - ok
22:29:48.0595 6348  [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
22:29:48.0599 6348  nusb3hub - ok
22:29:48.0612 6348  [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:29:48.0616 6348  nusb3xhc - ok
22:29:48.0637 6348  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:29:48.0640 6348  nvraid - ok
22:29:48.0677 6348  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:29:48.0681 6348  nvstor - ok
22:29:48.0716 6348  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:29:48.0720 6348  nv_agp - ok
22:29:48.0763 6348  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:29:48.0766 6348  ohci1394 - ok
22:29:48.0835 6348  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:29:48.0837 6348  ose - ok
22:29:48.0981 6348  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:29:49.0060 6348  osppsvc - ok
22:29:49.0079 6348  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:29:49.0083 6348  p2pimsvc - ok
22:29:49.0093 6348  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:29:49.0098 6348  p2psvc - ok
22:29:49.0116 6348  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:29:49.0118 6348  Parport - ok
22:29:49.0163 6348  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:29:49.0165 6348  partmgr - ok
22:29:49.0170 6348  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:29:49.0174 6348  PcaSvc - ok
22:29:49.0187 6348  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:29:49.0189 6348  pci - ok
22:29:49.0214 6348  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:29:49.0215 6348  pciide - ok
22:29:49.0240 6348  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:29:49.0244 6348  pcmcia - ok
22:29:49.0260 6348  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:29:49.0262 6348  pcw - ok
22:29:49.0271 6348  pdfcDispatcher - ok
22:29:49.0286 6348  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:29:49.0295 6348  PEAUTH - ok
22:29:49.0370 6348  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:29:49.0373 6348  PerfHost - ok
22:29:49.0457 6348  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:29:49.0482 6348  pla - ok
22:29:49.0548 6348  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:29:49.0555 6348  PlugPlay - ok
22:29:49.0564 6348  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:29:49.0567 6348  PNRPAutoReg - ok
22:29:49.0577 6348  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:29:49.0581 6348  PNRPsvc - ok
22:29:49.0612 6348  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:29:49.0620 6348  PolicyAgent - ok
22:29:49.0660 6348  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:29:49.0664 6348  Power - ok
22:29:49.0718 6348  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:29:49.0721 6348  PptpMiniport - ok
22:29:49.0740 6348  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:29:49.0743 6348  Processor - ok
22:29:49.0791 6348  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:29:49.0796 6348  ProfSvc - ok
22:29:49.0803 6348  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:29:49.0805 6348  ProtectedStorage - ok
22:29:49.0844 6348  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:29:49.0846 6348  Psched - ok
22:29:49.0919 6348  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
22:29:49.0922 6348  PSI_SVC_2 - ok
22:29:49.0974 6348  [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
22:29:49.0976 6348  PxHlpa64 - ok
22:29:50.0023 6348  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:29:50.0058 6348  ql2300 - ok
22:29:50.0088 6348  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:29:50.0091 6348  ql40xx - ok
22:29:50.0119 6348  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:29:50.0125 6348  QWAVE - ok
22:29:50.0130 6348  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:29:50.0133 6348  QWAVEdrv - ok
22:29:50.0150 6348  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:29:50.0152 6348  RasAcd - ok
22:29:50.0183 6348  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:29:50.0185 6348  RasAgileVpn - ok
22:29:50.0199 6348  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:29:50.0203 6348  RasAuto - ok
22:29:50.0252 6348  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:29:50.0256 6348  Rasl2tp - ok
22:29:50.0321 6348  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:29:50.0328 6348  RasMan - ok
22:29:50.0335 6348  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:29:50.0338 6348  RasPppoe - ok
22:29:50.0349 6348  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:29:50.0351 6348  RasSstp - ok
22:29:50.0373 6348  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:29:50.0378 6348  rdbss - ok
22:29:50.0397 6348  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:29:50.0399 6348  rdpbus - ok
22:29:50.0411 6348  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:29:50.0412 6348  RDPCDD - ok
22:29:50.0430 6348  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:29:50.0431 6348  RDPENCDD - ok
22:29:50.0445 6348  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:29:50.0446 6348  RDPREFMP - ok
22:29:50.0509 6348  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:29:50.0510 6348  RdpVideoMiniport - ok
22:29:50.0552 6348  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:29:50.0557 6348  RDPWD - ok
22:29:50.0611 6348  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:29:50.0615 6348  rdyboost - ok
22:29:50.0630 6348  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:29:50.0633 6348  RemoteAccess - ok
22:29:50.0659 6348  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:29:50.0664 6348  RemoteRegistry - ok
22:29:50.0676 6348  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:29:50.0679 6348  RpcEptMapper - ok
22:29:50.0708 6348  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:29:50.0711 6348  RpcLocator - ok
22:29:50.0761 6348  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:29:50.0768 6348  RpcSs - ok
22:29:50.0785 6348  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:29:50.0788 6348  rspndr - ok
22:29:50.0813 6348  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:29:50.0872 6348  RTL8167 - ok
22:29:50.0911 6348  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:29:50.0913 6348  SamSs - ok
22:29:51.0030 6348  [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
22:29:51.0115 6348  SBAMSvc - ok
22:29:51.0179 6348  [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs         C:\Windows\system32\DRIVERS\sbapifs.sys
22:29:51.0181 6348  sbapifs - ok
22:29:51.0201 6348  [ B671EEF468D13016B9286F5835A06AE1 ] sbhips          C:\Windows\system32\drivers\sbhips.sys
22:29:51.0203 6348  sbhips - ok
22:29:51.0249 6348  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:29:51.0252 6348  sbp2port - ok
22:29:51.0317 6348  [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE            C:\Windows\system32\drivers\SBREdrv.sys
22:29:51.0320 6348  SBRE - ok
22:29:51.0336 6348  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:29:51.0341 6348  SCardSvr - ok
22:29:51.0390 6348  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:29:51.0392 6348  scfilter - ok
22:29:51.0464 6348  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:29:51.0488 6348  Schedule - ok
22:29:51.0558 6348  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:29:51.0560 6348  SCPolicySvc - ok
22:29:51.0607 6348  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:29:51.0613 6348  SDRSVC - ok
22:29:51.0688 6348  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:29:51.0692 6348  SeaPort - ok
22:29:51.0720 6348  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:29:51.0722 6348  secdrv - ok
22:29:51.0770 6348  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:29:51.0773 6348  seclogon - ok
22:29:51.0792 6348  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
22:29:51.0796 6348  SENS - ok
22:29:51.0809 6348  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:29:51.0813 6348  SensrSvc - ok
22:29:51.0840 6348  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:29:51.0843 6348  Serenum - ok
22:29:51.0860 6348  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:29:51.0863 6348  Serial - ok
22:29:51.0899 6348  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:29:51.0901 6348  sermouse - ok
22:29:51.0955 6348  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:29:51.0959 6348  SessionEnv - ok
22:29:51.0999 6348  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:29:52.0001 6348  sffdisk - ok
22:29:52.0007 6348  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:29:52.0009 6348  sffp_mmc - ok
22:29:52.0014 6348  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:29:52.0016 6348  sffp_sd - ok
22:29:52.0036 6348  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:29:52.0038 6348  sfloppy - ok
22:29:52.0068 6348 

[SuperDave]

The TDSSKiller log looks incomplete. Are you sure you post the whole log?

[darling]

Not sure what happened. Sorry! Let's try that again.

Edit: Ah, too long. Here's the second half (with the first few lines repeated from the end of the prior post.)

22:29:52.0014 6348  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:29:52.0016 6348  sffp_sd - ok
22:29:52.0036 6348  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:29:52.0038 6348  sfloppy - ok
22:29:52.0068 6348  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:29:52.0075 6348  SharedAccess - ok
22:29:52.0143 6348  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:29:52.0150 6348  ShellHWDetection - ok
22:29:52.0189 6348  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:29:52.0192 6348  SiSRaid2 - ok
22:29:52.0212 6348  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:29:52.0215 6348  SiSRaid4 - ok
22:29:52.0328 6348  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:29:52.0332 6348  SkypeUpdate - ok
22:29:52.0353 6348  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:29:52.0356 6348  Smb - ok
22:29:52.0378 6348  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:29:52.0381 6348  SNMPTRAP - ok
22:29:52.0390 6348  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:29:52.0391 6348  spldr - ok
22:29:52.0447 6348  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:29:52.0457 6348  Spooler - ok
22:29:52.0570 6348  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:29:52.0662 6348  sppsvc - ok
22:29:52.0695 6348  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:29:52.0699 6348  sppuinotify - ok
22:29:52.0756 6348  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:29:52.0763 6348  srv - ok
22:29:52.0777 6348  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:29:52.0783 6348  srv2 - ok
22:29:52.0796 6348  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:29:52.0799 6348  srvnet - ok
22:29:52.0818 6348  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:29:52.0823 6348  SSDPSRV - ok
22:29:52.0830 6348  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:29:52.0833 6348  SstpSvc - ok
22:29:52.0852 6348  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:29:52.0854 6348  stexstor - ok
22:29:52.0905 6348  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:29:52.0916 6348  stisvc - ok
22:29:52.0944 6348  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:29:52.0946 6348  swenum - ok
22:29:52.0985 6348  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:29:53.0010 6348  swprv - ok
22:29:53.0101 6348  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:29:53.0135 6348  SysMain - ok
22:29:53.0187 6348  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:29:53.0191 6348  TabletInputService - ok
22:29:53.0205 6348  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:29:53.0211 6348  TapiSrv - ok
22:29:53.0219 6348  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:29:53.0224 6348  TBS - ok
22:29:53.0308 6348  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:29:53.0343 6348  Tcpip - ok
22:29:53.0376 6348  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:29:53.0393 6348  TCPIP6 - ok
22:29:53.0439 6348  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:29:53.0442 6348  tcpipreg - ok
22:29:53.0459 6348  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:29:53.0461 6348  TDPIPE - ok
22:29:53.0490 6348  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:29:53.0492 6348  TDTCP - ok
22:29:53.0541 6348  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:29:53.0544 6348  tdx - ok
22:29:53.0558 6348  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:29:53.0561 6348  TermDD - ok
22:29:53.0622 6348  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:29:53.0633 6348  TermService - ok
22:29:53.0643 6348  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:29:53.0646 6348  Themes - ok
22:29:53.0674 6348  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:29:53.0676 6348  THREADORDER - ok
22:29:53.0690 6348  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:29:53.0695 6348  TrkWks - ok
22:29:53.0762 6348  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:29:53.0765 6348  TrustedInstaller - ok
22:29:53.0821 6348  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:29:53.0823 6348  tssecsrv - ok
22:29:53.0863 6348  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:29:53.0866 6348  TsUsbFlt - ok
22:29:53.0928 6348  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:29:53.0932 6348  tunnel - ok
22:29:53.0950 6348  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:29:53.0953 6348  uagp35 - ok
22:29:53.0976 6348  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:29:53.0982 6348  udfs - ok
22:29:54.0003 6348  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:29:54.0006 6348  UI0Detect - ok
22:29:54.0030 6348  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:29:54.0033 6348  uliagpkx - ok
22:29:54.0073 6348  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:29:54.0076 6348  umbus - ok
22:29:54.0097 6348  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:29:54.0099 6348  UmPass - ok
22:29:54.0179 6348  [ 02C298382359653BEC4C737C2AB7F9C5 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:29:54.0218 6348  UNS - ok
22:29:54.0267 6348  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:29:54.0277 6348  upnphost - ok
22:29:54.0338 6348  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:29:54.0340 6348  USBAAPL64 - ok
22:29:54.0403 6348  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:29:54.0407 6348  usbaudio - ok
22:29:54.0413 6348  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:29:54.0417 6348  usbccgp - ok
22:29:54.0457 6348  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:29:54.0460 6348  usbcir - ok
22:29:54.0509 6348  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:29:54.0510 6348  usbehci - ok
22:29:54.0666 6348  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:29:54.0672 6348  usbhub - ok
22:29:54.0694 6348  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:29:54.0696 6348  usbohci - ok
22:29:54.0759 6348  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:29:54.0761 6348  usbprint - ok
22:29:54.0799 6348  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
22:29:54.0802 6348  USBSTOR - ok
22:29:54.0835 6348  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:29:54.0837 6348  usbuhci - ok
22:29:54.0872 6348  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:29:54.0877 6348  usbvideo - ok
22:29:54.0899 6348  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:29:54.0902 6348  UxSms - ok
22:29:54.0907 6348  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:29:54.0908 6348  VaultSvc - ok
22:29:54.0928 6348  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:29:54.0929 6348  vdrvroot - ok
22:29:54.0978 6348  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:29:54.0984 6348  vds - ok
22:29:55.0011 6348  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:29:55.0012 6348  vga - ok
22:29:55.0030 6348  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:29:55.0031 6348  VgaSave - ok
22:29:55.0055 6348  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:29:55.0058 6348  vhdmp - ok
22:29:55.0108 6348  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:29:55.0110 6348  viaide - ok
22:29:55.0139 6348  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:29:55.0141 6348  volmgr - ok
22:29:55.0195 6348  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:29:55.0201 6348  volmgrx - ok
22:29:55.0222 6348  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:29:55.0227 6348  volsnap - ok
22:29:55.0258 6348  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:29:55.0262 6348  vsmraid - ok
22:29:55.0334 6348  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:29:55.0369 6348  VSS - ok
22:29:55.0381 6348  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:29:55.0382 6348  vwifibus - ok
22:29:55.0412 6348  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:29:55.0420 6348  W32Time - ok
22:29:55.0444 6348  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:29:55.0446 6348  WacomPen - ok
22:29:55.0463 6348  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:29:55.0465 6348  WANARP - ok
22:29:55.0468 6348  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:29:55.0469 6348  Wanarpv6 - ok
22:29:55.0537 6348  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:29:55.0561 6348  WatAdminSvc - ok
22:29:55.0639 6348  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:29:55.0673 6348  wbengine - ok
22:29:55.0681 6348  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:29:55.0687 6348  WbioSrvc - ok
22:29:55.0741 6348  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:29:55.0749 6348  wcncsvc - ok
22:29:55.0759 6348  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:29:55.0763 6348  WcsPlugInService - ok
22:29:55.0780 6348  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:29:55.0782 6348  Wd - ok
22:29:55.0838 6348  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
22:29:55.0840 6348  WDC_SAM - ok
22:29:55.0901 6348  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:29:55.0913 6348  Wdf01000 - ok
22:29:55.0928 6348  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:29:55.0931 6348  WdiServiceHost - ok
22:29:55.0934 6348  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:29:55.0936 6348  WdiSystemHost - ok
22:29:55.0989 6348  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:29:55.0995 6348  WebClient - ok
22:29:56.0014 6348  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:29:56.0020 6348  Wecsvc - ok
22:29:56.0029 6348  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:29:56.0033 6348  wercplsupport - ok
22:29:56.0046 6348  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:29:56.0050 6348  WerSvc - ok
22:29:56.0064 6348  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:29:56.0066 6348  WfpLwf - ok
22:29:56.0084 6348  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:29:56.0086 6348  WIMMount - ok
22:29:56.0115 6348  WinDefend - ok
22:29:56.0131 6348  WinHttpAutoProxySvc - ok
22:29:56.0181 6348  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:29:56.0185 6348  Winmgmt - ok
22:29:56.0231 6348  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:29:56.0267 6348  WinRM - ok
22:29:56.0372 6348  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:29:56.0374 6348  WinUsb - ok
22:29:56.0402 6348  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:29:56.0415 6348  Wlansvc - ok
22:29:56.0529 6348  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:29:56.0572 6348  wlidsvc - ok
22:29:56.0622 6348  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:29:56.0624 6348  WmiAcpi - ok
22:29:56.0641 6348  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:29:56.0645 6348  wmiApSrv - ok
22:29:56.0659 6348  WMPNetworkSvc - ok
22:29:56.0690 6348  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:29:56.0693 6348  WPCSvc - ok
22:29:56.0704 6348  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:29:56.0708 6348  WPDBusEnum - ok
22:29:56.0716 6348  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:29:56.0718 6348  ws2ifsl - ok
22:29:56.0733 6348  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
22:29:56.0737 6348  wscsvc - ok
22:29:56.0798 6348  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:29:56.0800 6348  WSDPrintDevice - ok
22:29:56.0850 6348  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
22:29:56.0853 6348  WSDScan - ok
22:29:56.0857 6348  WSearch - ok
22:29:56.0950 6348  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:29:57.0002 6348  wuauserv - ok
22:29:57.0060 6348  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:29:57.0062 6348  WudfPf - ok
22:29:57.0083 6348  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:29:57.0087 6348  WUDFRd - ok
22:29:57.0117 6348  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:29:57.0121 6348  wudfsvc - ok
22:29:57.0158 6348  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:29:57.0165 6348  WwanSvc - ok
22:29:57.0175 6348  ================ Scan global ===============================
22:29:57.0200 6348  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:29:57.0256 6348  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:29:57.0268 6348  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:29:57.0276 6348  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:29:57.0304 6348  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:29:57.0311 6348  [Global] - ok
22:29:57.0312 6348  ================ Scan MBR ==================================
22:29:57.0328 6348  [ F800E81B26AD2992AA7B42313FBDFB44 ] \Device\Harddisk0\DR0
22:29:57.0576 6348  \Device\Harddisk0\DR0 - ok
22:29:57.0577 6348  ================ Scan VBR ==================================
22:29:57.0581 6348  [ B3C06E530B4070185F133614E7BD150D ] \Device\Harddisk0\DR0\Partition1
22:29:57.0583 6348  \Device\Harddisk0\DR0\Partition1 - ok
22:29:57.0597 6348  [ 2C3DC1F4349EDA096C820A5AF1537685 ] \Device\Harddisk0\DR0\Partition2
22:29:57.0600 6348  \Device\Harddisk0\DR0\Partition2 - ok
22:29:57.0633 6348  [ 9F525A3BF3305A9D85D8BDC4AEDE251F ] \Device\Harddisk0\DR0\Partition3
22:29:57.0636 6348  \Device\Harddisk0\DR0\Partition3 - ok
22:29:57.0636 6348  ============================================================
22:29:57.0637 6348  Scan finished
22:29:57.0637 6348  ============================================================
22:29:57.0651 6564  Detected object count: 0
22:29:57.0651 6564  Actual detected object count: 0
22:33:18.0945 9328  Deinitialize success

[SuperDave]

How's your computer running now? Any other issues?

[darling]

Thanks again for your help.

Still having the same issue - an occasional new tab redirect  that only seems to happen when we try to visit the one site. I haven't noticed any other problems.

[SuperDave]

Thanks again for your help.

Still having the same issue - an occasional new tab redirect  that only seems to happen when we try to visit the one site. I haven't noticed any other problems.

Could you please run TDSSKiller again and post the entire log?

[darling]

No problem - I attached the log as a txt file because it's too big to post.

Thanks!

[year+ old attachment deleted by admin]

[SuperDave]

Still having the same issue - an occasional new tab redirect  that only seems to happen when we try to visit the one site. I haven't noticed any other problems.

Could you please post the link to that site?

[darling]

Thank you for bearing with me!

When we visit (in Firefox):
http://www.nbcnews.com/
(or when that site autorefreshes)

it used to be that occasionally (one out of every five? six? times) it would redirect to:
http://context3.kanoodle.com/AF7F5454-06AA-11DF-BB59-79A43FF5047F
(those numbers at the end seem to be the same every time)

Now, what seems to happen is that nbcnews.com opens as planned and kanoodle loads in a new tab.

[SuperDave]

Ok. Let's try this: Go to Tools, Options, Privacy, show cookies and remove the kanoodle.com cookie. You could also try blocking that site in FF. I tried that nbcnews about five times and it came up ok with no re-directs. Does it re-direct when using Internet Explorer?

[darling]

nbcnews.com doesn't seem to redirect in IE (although I will try a few more times just to be sure). It certainly doesn't redirect in Firefox on any other PC I use.

I have kanoodle on AdBlock in FF - I'll see what else FF can do to block it. It's the weirdest thing.

Thank you!!

[SuperDave]

You're welcome. Let's do some cleanup before I forget.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
**********************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing and Season Greetings!

[darling]

Cool - I'm a little short on time over the past few days so I'll get to work on all of the above very soon.

[SuperDave]

Cool - I'm a little short on time over the past few days so I'll get to work on all of the above very soon.

Good. Let me know when you're finished and I'll lock the thread.

[darling]

Alright... all those things done and dusted - thank you.

I'm still getting this darn redirect. I just blacklisted kanoodle using the BlockSite Firefox extension, but if there's a way to stop the redirect entirely I'd love to know how to do it.

Thanks again for all your help!

[SuperDave]

Alright... all those things done and dusted - thank you.

I'm still getting this darn redirect. I just blacklisted kanoodle using the BlockSite Firefox extension, but if there's a way to stop the redirect entirely I'd love to know how to do it.

Thanks again for all your help!

If it's only redirecting in FF the only thing I can think of is to uninstall and re-install FF.