# Remove Funmoods



## blocka (Aug 13, 2008)

Hi, somehow have downloaded funmoods on to my computer which has hijacked my browser(usually Firefox). Have been unable to remove it. ie not listed in add/remove, not in manage search engines. Is listed in about config but have reset values but no change has occurred. Getting very frustrated . Need help to remove. Any help appreciated . Blocka


----------



## Glaswegian (Dec 5, 2004)

Hi

Please follow the guidance in this thread

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

and post the logs back into this thread - thanks.


----------



## blocka (Aug 13, 2008)

ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:13 PM, on 5/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\ArcSoft\ShowBiz DVD 2\ShowBiz.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ashampoo HDD Control 2 Service (AHDDC2) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ashampoo Defrag Service - Unknown owner - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 8367 bytes
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421
Run by trevor at 19:54:37 on 2012-05-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2051 [GMT 9.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\ArcSoft\ShowBiz DVD 2\ShowBiz.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\trevor\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E775EF41-8DB2-43B2-9FC3-0AA9FEB36DC7} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\trevor\appdata\roaming\mozilla\firefox\profiles\2beg1lpx.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - d016929c000000000000001d7da0a2e2
FF - user.js: extensions.BabylonToolbar_i.hardId - d016929c000000000000001d7da0a2e2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15443
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:50:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-12-15 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-12-15 195416]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-5-10 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-5-10 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-5-10 909728]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-4-25 73136]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-12-15 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-15 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-15 314456]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-5-10 203088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-5-6 101112]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files\ashampoo\ashampoo hdd control 2\AHDDC2_Service.exe [2011-12-17 1517976]
R2 Ashampoo Defrag Service;Ashampoo Defrag Service;c:\program files\ashampoo\ashampoo magical defrag 3\defragservice.exe [2011-12-17 890208]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-15 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-15 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-15 44768]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-12-15 127192]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-5-10 575416]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2011-12-17 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2011-12-17 121856]
R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-4-19 96768]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-5-10 70736]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-6 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo hdd control 2\DfSdkS.exe [2011-12-17 406016]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-6 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 129976]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-12-17 27192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-5-10 402336]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-5-10 1118648]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-18 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-16 1343400]
.
=============== Created Last 30 ================
.
2012-05-12 10:05:21 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1678d09f-6aca-4832-933e-70b545877472}\mpengine.dll
2012-05-11 06:01:07 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 06:00:59 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-11 06:00:58 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-11 06:00:57 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-11 06:00:57 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-11 06:00:40 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 06:00:38 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 06:00:38 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 06:00:22 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 06:00:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 09:50:42 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-05-10 09:50:41 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-10 09:50:40 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-10 09:50:39 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-05-10 09:50:39 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-10 09:50:00 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-05-10 09:49:59 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-05-10 09:49:57 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-05-10 09:49:50 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-05-10 09:49:37 -------- d-----w- c:\program files\PC Tools
2012-05-10 09:44:39 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-05-10 09:44:39 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-05-10 09:44:37 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-05-10 09:44:37 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-05-10 09:44:35 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 09:44:35 -------- d-----w- c:\program files\common files\PC Tools
2012-05-10 09:44:18 -------- d-----w- c:\programdata\PC Tools
2012-05-10 09:44:17 -------- d-----w- c:\users\trevor\appdata\roaming\TestApp
2012-05-08 13:37:54 -------- dc----w- C:\Rbackup
2012-05-08 11:22:38 -------- d-----w- c:\users\trevor\appdata\roaming\SpeedMaxPc
2012-05-08 11:22:38 -------- d-----w- c:\users\trevor\appdata\roaming\DriverCure
2012-05-08 11:22:30 -------- d-----w- c:\programdata\SpeedMaxPc
2012-05-06 11:41:24 388096 ----a-r- c:\users\trevor\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-06 11:41:23 -------- d-----w- c:\program files\Trend Micro
2012-05-06 11:03:52 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-06 11:03:49 -------- d-----w- c:\program files\STOPzilla!
2012-05-06 11:03:48 -------- d-----w- c:\programdata\STOPzilla!
2012-05-06 11:03:48 -------- d-----w- c:\program files\common files\iS3
2012-04-28 08:49:31 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-28 08:49:29 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-28 08:49:29 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-25 02:05:32 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-25 02:05:22 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-25 02:05:16 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-04-25 01:51:26 73136 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-04-24 00:31:34 -------- d-----w- c:\users\trevor\appdata\roaming\tiger-k
2012-04-24 00:31:34 -------- d-----w- c:\users\trevor\appdata\roaming\Leawo
2012-04-24 00:29:01 -------- d-----w- c:\program files\Leawo
2012-04-23 10:55:32 -------- d-----w- c:\users\trevor\appdata\roaming\GF-Player
2012-04-22 11:32:21 -------- d-----w- c:\users\trevor\appdata\roaming\FastStone
2012-04-22 11:32:02 -------- d-----w- c:\program files\FastStone Image Viewer
2012-04-20 10:15:22 -------- d-----w- c:\program files\TuneUpMedia
2012-04-19 11:01:07 -------- d-----w- c:\users\trevor\appdata\roaming\NCH Software
2012-04-19 10:56:53 -------- d-----w- c:\users\trevor\appdata\local\Programs
2012-04-19 10:21:00 -------- d-----w- c:\users\trevor\appdata\local\ArcSoft
2012-04-19 10:20:00 -------- d-----w- c:\programdata\ArcSoft
2012-04-19 09:14:07 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2012-04-19 08:09:44 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-04-19 08:09:44 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-04-19 08:09:42 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-04-19 08:09:42 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-04-19 08:09:36 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-04-19 08:09:34 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-04-19 08:09:34 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-04-19 08:09:32 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-04-19 08:09:30 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-04-19 07:58:07 245408 ----a-w- c:\windows\system32\unicows.dll
2012-04-19 07:58:07 1645320 ----a-w- c:\windows\system32\GdiPlus.dll
2012-04-19 07:58:06 212480 ----a-w- c:\windows\PCDLIB32.DLL
2012-04-19 07:45:16 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-04-19 07:45:16 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-04-19 07:45:16 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-04-19 07:45:15 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-04-19 06:05:09 -------- d-----w- c:\program files\Freemake
2012-04-16 10:42:57 -------- d-----w- c:\users\trevor\appdata\local\ParserTemp
2012-04-15 06:32:47 -------- d-----w- c:\users\trevor\appdata\local\19th Parallel
2012-04-15 02:16:11 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-04-13 10:20:25 -------- d-----w- c:\program files\hpmonitor
2012-04-13 10:19:58 -------- d-----w- c:\users\trevor\appdata\local\Babylon
2012-04-13 10:19:57 -------- d-----w- c:\users\trevor\appdata\roaming\Babylon
2012-04-13 10:18:53 -------- d-----w- c:\program files\Wondershare
.
==================== Find3M ====================
.
2012-05-05 09:11:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 09:11:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 06:26:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 06:07:02 8107 ----a-w- c:\windows\w7dsd.reg
2012-04-04 06:07:02 8089 ----a-w- c:\windows\w7dse.reg
2012-04-04 05:45:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2012-03-01 05:46:57 19824  ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 05:58:26 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 05:58:26 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 00:48:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 00:31:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 00:31:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 19:57:12.88 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/14/2011 9:56:03 PM
System Uptime: 5/12/2012 7:28:59 PM (0 hours ago)
.
Motherboard: Unknow | | NF-MCP68
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket M2 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 9.988 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 200.282 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
H: is Removable
I: is FIXED (NTFS) - 932 GiB total, 698.664 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: WinFast VC100 U
Device ID: ROOT\MEDIA\0000
Manufacturer: eMPIA Technology
Name: WinFast VC100 U
PNP Device ID: ROOT\MEDIA\0000
Service: USB28xxBGA
.
==== System Restore Points ===================
.
RP301: 5/9/2012 9:11:26 AM - StopZILLA! Restore Point.
RP302: 5/11/2012 5:47:46 PM - Windows Update
.
==== Installed Programs ======================
.
Leawo DVD Creator version 5.0.0.1
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
ABBYY FineReader 9.0 Sprint
AC3Filter 1.63b
ACDSee for PENTAX 2.0
[email protected] ISO Burner
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.0
Adobe Reader X (10.1.3)
Aiseesoft DVD Ripper 6.2.26
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz DVD 2
Ashampoo Burning Studio 10 v.10.0.15
Ashampoo HDD Control 2 2.09
Ashampoo Magical Defrag 3
Ashampoo Movie Shrink & Burn 3 3.03
avast! Internet Security
Bonjour
Browser Guard 4.0
CCleaner
CD Audio Reader Filter (remove only)
DVD Shrink 3.2
FastStone Image Viewer 4.6
ffdshow v1.1.3572 [2010-09-13]
Freemake Video Converter version 3.0.2
GameShadow
GameSpy Arcade
Glary Utilities 2.44.0.1450
GOM Player
Google Update Helper
HiJackThis
iTunes
iWisoft Free Video Converter 1.2
K-Lite Codec Pack 8.0.0 (Standard)
Malwarebytes Anti-Malware version 1.61.0.1400
Media Player Classic - Home Cinema 1.6.0.4014
Microsoft .NET Framework 4 Client Profile
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Halo
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OpenSource Flash Video Splitter 1.0.0.5
PC Tools Spyware Doctor 9.0
PunkBuster Services
QuickTime
Revo Uninstaller Pro 2.5.7
Secure Eraser v4.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Silent Hunter III
SlimCleaner
SpywareBlaster 4.6
Steam
STOPzilla
SUPERAntiSpyware
TuneUp Companion 2.4.4.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.1
WebM Project Directshow Filters
WinFast VC100 U Video Editor Driver 
WinPatrol
Wondershare Video Studio Express(Build 1.2.0.5)
Zoner Photo Studio 14 FREE
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 8:03:17 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
5/8/2012 8:57:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2012 8:49:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2012 8:49:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/8/2012 8:49:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/8/2012 8:48:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/8/2012 8:48:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/8/2012 8:48:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache is3srv SASDIFSV SASKUTIL spldr Wanarpv6
5/7/2012 4:47:58 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/6/2012 8:41:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/6/2012 8:41:34 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/6/2012 8:41:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/6/2012 5:20:07 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
5/12/2012 7:29:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
5/11/2012 5:47:38 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
5/10/2012 7:21:28 PM, Error: PCTCore [280] - 
5/10/2012 4:58:39 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-12 21:19:18
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800JB-00JJC0 rev.05.01C05
Running: nmcmrp48.exe; Driver: C:\Users\trevor\AppData\Local\Temp\ufdiipob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x93037FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x93EE8510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9303A456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9303A4AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9303A5C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9303A3AC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8C49037C]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8C490644]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9303A4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9303A400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9303A572]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8C490940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x93037FE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x93EE85C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x93037DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9303800C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9303A9BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x93038AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9303A486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9303A4D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9303A5EE]
SSDT  \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9303A3D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9303A53E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9303A42E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9303A59C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x93EE8658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9303896A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x93038030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x93038054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x93037E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x93037F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x93037F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x93037F6C]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8C48FF7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x93038078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A8C3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AC5D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82ACCD80 4 Bytes [C4, 7F, 03, 93] {LES EDI, DWORD [EDI+0x3]; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82ACCDA8 4 Bytes [10, 85, EE, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82ACCE5C 8 Bytes [56, A4, 03, 93, AE, A4, 03, ...] {PUSH ESI; MOVSB ; ADD EDX, [EBX-0x6cfc5b52]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82ACCE68 4 Bytes [C4, A5, 03, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82ACCE84 4 Bytes [AC, A3, 03, 93]
.text ... 
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C59C64 5 Bytes JMP 93EF969C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82C72290 5 Bytes JMP 93EFB174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82C873D7 4 Bytes CALL 93039025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82CA11E0 4 Bytes CALL 9303903B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[172] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 5A92C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] kernel32.dll!MapViewOfFile 75AE93DB 5 Bytes JMP 5AB5E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] kernel32.dll!VirtualAlloc 75AEC43A 5 Bytes JMP 5AB5E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00080A08 
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000803FC 
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00080804 
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000801F8 
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00080600 
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] GDI32.dll!CreateDIBSection 75A58850 5 Bytes JMP 5AB5E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\System32\spoolsv.exe[412] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\System32\spoolsv.exe[412] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\System32\spoolsv.exe[412] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[412] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00110A08 
.text C:\Windows\System32\spoolsv.exe[412] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001103FC 
.text C:\Windows\System32\spoolsv.exe[412] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00110804 
.text C:\Windows\System32\spoolsv.exe[412] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001101F8 
.text C:\Windows\System32\spoolsv.exe[412] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00110600 
.text C:\Windows\system32\svchost.exe[448] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\svchost.exe[448] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\svchost.exe[448] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[448] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 003E0A08 
.text C:\Windows\system32\svchost.exe[448] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 003E03FC 
.text C:\Windows\system32\svchost.exe[448] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 003E0804 
.text C:\Windows\system32\svchost.exe[448] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 003E01F8 
.text C:\Windows\system32\svchost.exe[448] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 003E0600 
.text C:\Windows\system32\csrss.exe[472] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000303FC 
.text C:\Windows\system32\wininit.exe[544] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000301F8 
.text C:\Windows\system32\wininit.exe[544] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[544] USER32.dll!UnhookWindowsHookEx  7576ADF9 5 Bytes JMP 00050A08 
.text C:\Windows\system32\wininit.exe[544] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000503FC 
.text C:\Windows\system32\wininit.exe[544] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00050804 
.text C:\Windows\system32\wininit.exe[544] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000501F8 
.text C:\Windows\system32\wininit.exe[544] USER32.dll!SetWindowsHookExA 75796D0C 3 Bytes JMP 00050600 
.text C:\Windows\system32\wininit.exe[544] USER32.dll!SetWindowsHookExA + 4 75796D10 1 Byte [8A]
.text C:\Windows\system32\csrss.exe[556] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\services.exe[600] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\services.exe[600] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[624] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\Dwm.exe[624] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\Dwm.exe[624] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[624] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 000F0A08 
.text C:\Windows\system32\Dwm.exe[624] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000F03FC 
.text C:\Windows\system32\Dwm.exe[624] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 000F0804 
.text C:\Windows\system32\Dwm.exe[624] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000F01F8 
.text C:\Windows\system32\Dwm.exe[624] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 000F0600 
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\lsass.exe[628] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[628] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00140A08 
.text C:\Windows\system32\lsass.exe[628] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001403FC 
.text C:\Windows\system32\lsass.exe[628] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00140804 
.text C:\Windows\system32\lsass.exe[628] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001401F8 
.text C:\Windows\system32\lsass.exe[628] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00140600 
.text C:\Windows\system32\lsm.exe[636] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\lsm.exe[636] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\lsm.exe[636] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[664] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000303FC 
.text C:\Windows\system32\winlogon.exe[664] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000301F8 
.text C:\Windows\system32\winlogon.exe[664] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[664] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00090A08 
.text C:\Windows\system32\winlogon.exe[664] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000903FC 
.text C:\Windows\system32\winlogon.exe[664] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00090804 
.text C:\Windows\system32\winlogon.exe[664] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000901F8 
.text C:\Windows\system32\winlogon.exe[664] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00090600 
.text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\svchost.exe[784] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[880] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00410A08 
.text C:\Windows\system32\svchost.exe[880] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 004103FC 
.text C:\Windows\system32\svchost.exe[880] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00410804 
.text C:\Windows\system32\svchost.exe[880] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 004101F8 
.text C:\Windows\system32\svchost.exe[880] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00410600 
.text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\System32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 001D0A08 
.text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001D03FC 
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 001D0804 
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001D01F8 
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 001D0600 
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1000] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001603FC 
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1000] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001601F8 
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1000] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1000] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00250A08 
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1000] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 002503FC 
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1000] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00250804 
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1000] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 002501F8 
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1000] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00250600 
.text C:\Windows\System32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\System32\svchost.exe[1104] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 008B0A08 
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 008B03FC 
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 008B0804 
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 008B01F8 
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 008B0600 
.text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00ED0A08 
.text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 00ED03FC 
.text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00ED0804 
.text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 00ED01F8 
.text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00ED0600 
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00080A08 
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000803FC 
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] USER32.dll!SetWindowsHookExW  7576E30C 5 Bytes JMP 00080804 
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000801F8 
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00080600 
.text C:\Windows\system32\AUDIODG.EXE[1188] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1236] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1236] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00960A08 
.text C:\Windows\system32\svchost.exe[1236] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 009603FC 
.text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00960804 
.text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 009601F8 
.text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00960600 
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1300] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001603FC 
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1300] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001601F8 
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1300] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1300] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00180A08 
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1300] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001803FC 
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1300] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00180804 
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1300] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001801F8 
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1300] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00180600 
.text C:\Windows\system32\WUDFHost.exe[1352] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\WUDFHost.exe[1352] ntdll.dll!LdrLoadDll  771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\WUDFHost.exe[1352] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[1352] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00100A08 
.text C:\Windows\system32\WUDFHost.exe[1352] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001003FC 
.text C:\Windows\system32\WUDFHost.exe[1352] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00100804 
.text C:\Windows\system32\WUDFHost.exe[1352] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001001F8 
.text C:\Windows\system32\WUDFHost.exe[1352] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00100600 
.text C:\Windows\system32\taskhost.exe[1424] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000503FC 
.text C:\Windows\system32\taskhost.exe[1424] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000501F8 
.text C:\Windows\system32\taskhost.exe[1424] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1424] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 000E0A08 
.text C:\Windows\system32\taskhost.exe[1424] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000E03FC 
.text C:\Windows\system32\taskhost.exe[1424] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 000E0804 
.text C:\Windows\system32\taskhost.exe[1424] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000E01F8 
.text C:\Windows\system32\taskhost.exe[1424] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 000E0600 
.text C:\Program Files\iPod\bin\iPodService.exe[1452] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\iPod\bin\iPodService.exe[1452] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\iPod\bin\iPodService.exe[1452] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[1452] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00190A08 
.text C:\Program Files\iPod\bin\iPodService.exe[1452] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001903FC 
.text C:\Program Files\iPod\bin\iPodService.exe[1452] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00190804 
.text C:\Program Files\iPod\bin\iPodService.exe[1452] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001901F8 
.text C:\Program Files\iPod\bin\iPodService.exe[1452] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00190600 
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000A03FC 
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000A01F8 
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 008C0A08 
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 008C03FC 
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 008C0804 
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 008C01F8 
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 008C0600 
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!SetUnhandledExceptionFilter 75AEF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1564] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\Explorer.EXE[1564] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\Explorer.EXE[1564] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1564] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 000A0A08 
.text C:\Windows\Explorer.EXE[1564] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000A03FC 
.text C:\Windows\Explorer.EXE[1564] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 000A0804 
.text C:\Windows\Explorer.EXE[1564] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000A01F8 
.text C:\Windows\Explorer.EXE[1564] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 000A0600 
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1588] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Users\trevor\Downloads\nmcmrp48.exe[1860] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001603FC 
.text C:\Users\trevor\Downloads\nmcmrp48.exe[1860] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001601F8 
.text C:\Users\trevor\Downloads\nmcmrp48.exe[1860] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Users\trevor\Downloads\nmcmrp48.exe[1860] USER32.dll!UnhookWindowsHookEx  7576ADF9 5 Bytes JMP 003E0A08 
.text C:\Users\trevor\Downloads\nmcmrp48.exe[1860] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 003E03FC 
.text C:\Users\trevor\Downloads\nmcmrp48.exe[1860] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 003E0804 
.text C:\Users\trevor\Downloads\nmcmrp48.exe[1860] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 003E01F8 
.text C:\Users\trevor\Downloads\nmcmrp48.exe[1860] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 003E0600 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2096] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001603FC 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2096] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001601F8 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2096] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2096] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 001F0A08 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2096] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001F03FC 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2096] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 001F0804 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2096] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001F01F8 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2096] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 001F0600 
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2188] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2188] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2188] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2188] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 001F0A08 
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2188] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001F03FC 
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2188] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 001F0804 
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2188] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001F01F8 
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2188] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 001F0600 
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] ntdll.dll!LdrUnloadDll  771CC86E 5 Bytes JMP 000703FC 
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000701F8 
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00100600 
.text C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe[2376] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001603FC 
.text C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe[2376] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001601F8 
.text C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe[2376] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe[2376] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00190A08 
.text C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe[2376] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001903FC 
.text C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe[2376] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00190804 
.text C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe[2376] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001901F8 
.text C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe[2376] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00190600 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2436] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2436] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2436] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2436] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2436] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2436] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2436] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2436] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00100600 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2488] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2488] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2488] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2488] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2488] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2488] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2488] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2488] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00100600 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2540] ntdll.dll!LdrUnloadDll  771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2540] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2540] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2540] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2540] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2540] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2540] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2540] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00100600 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2560] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2560] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2560] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2560] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00190A08 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2560] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001903FC 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2560] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00190804 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2560] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001901F8 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2560] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00190600 
.text C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001703FC 
.text C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001701F8 
.text C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00200A08 
.text C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 002003FC 
.text C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] USER32.dll!SetWindowsHookExW  7576E30C 5 Bytes JMP 00200804 
.text C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 002001F8 
.text C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00200600 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2692] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000503FC 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2692] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000501F8 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2692] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2692] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 000F0A08 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2692] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000F03FC 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2692] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 000F0804 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2692] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000F01F8 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[2692] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 000F0600 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2720] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000503FC 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2720] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000501F8 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2720] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2720] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00230A08 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2720] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 002303FC 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2720] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00230804 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2720] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 002301F8 
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[2720] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00230600 
.text C:\Windows\system32\svchost.exe[2752] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\svchost.exe[2752] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\svchost.exe[2752] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2752] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00920A08 
.text C:\Windows\system32\svchost.exe[2752] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 009203FC 
.text C:\Windows\system32\svchost.exe[2752] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00920804 
.text C:\Windows\system32\svchost.exe[2752] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 009201F8 
.text C:\Windows\system32\svchost.exe[2752] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00920600 
.text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2784] KERNEL32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\PnkBstrA.exe[2884] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001503FC 
.text C:\Windows\system32\PnkBstrA.exe[2884] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001501F8 
.text C:\Windows\system32\PnkBstrA.exe[2884] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\PnkBstrA.exe[2884] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 001E0A08 
.text C:\Windows\system32\PnkBstrA.exe[2884] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001E03FC 
.text C:\Windows\system32\PnkBstrA.exe[2884] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 001E0804 
.text C:\Windows\system32\PnkBstrA.exe[2884] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001E01F8 
.text C:\Windows\system32\PnkBstrA.exe[2884] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 001E0600 
.text C:\Windows\system32\svchost.exe[2916] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\svchost.exe[2916] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\svchost.exe[2916] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3232] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\wbem\wmiprvse.exe[3232] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\wbem\wmiprvse.exe[3232] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3232] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00190A08 
.text C:\Windows\system32\wbem\wmiprvse.exe[3232] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001903FC 
.text C:\Windows\system32\wbem\wmiprvse.exe[3232] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00190804 
.text C:\Windows\system32\wbem\wmiprvse.exe[3232] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001901F8 
.text C:\Windows\system32\wbem\wmiprvse.exe[3232] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00190600 
.text C:\Windows\system32\SearchProtocolHost.exe[3252] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000503FC 
.text C:\Windows\system32\SearchProtocolHost.exe[3252] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000501F8 
.text C:\Windows\system32\SearchProtocolHost.exe[3252] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[3252] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00080A08 
.text C:\Windows\system32\SearchProtocolHost.exe[3252] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000803FC 
.text C:\Windows\system32\SearchProtocolHost.exe[3252] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00080804 
.text C:\Windows\system32\SearchProtocolHost.exe[3252] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000801F8 
.text C:\Windows\system32\SearchProtocolHost.exe[3252] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00080600 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[3320] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[3320] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[3320] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[3320] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 000F0A08 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[3320] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000F03FC 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[3320] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 000F0804 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[3320] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000F01F8 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[3320] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 000F0600 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[3368] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[3368] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[3368] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[3368] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 000F0A08 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[3368] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000F03FC 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[3368] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 000F0804 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[3368] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000F01F8 
.text C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[3368] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 000F0600 
.text C:\Windows\system32\WUDFHost.exe[3628] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\WUDFHost.exe[3628] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\WUDFHost.exe[3628] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[3628] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00200A08 
.text C:\Windows\system32\WUDFHost.exe[3628] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 002003FC 
.text C:\Windows\system32\WUDFHost.exe[3628] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00200804 
.text C:\Windows\system32\WUDFHost.exe[3628] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 002001F8 
.text C:\Windows\system32\WUDFHost.exe[3628] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00200600 
.text C:\Windows\system32\SearchIndexer.exe[3792] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\SearchIndexer.exe[3792] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\SearchIndexer.exe[3792] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3792] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00110A08 
.text C:\Windows\system32\SearchIndexer.exe[3792] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001103FC 
.text C:\Windows\system32\SearchIndexer.exe[3792] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00110804 
.text C:\Windows\system32\SearchIndexer.exe[3792] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001101F8 
.text C:\Windows\system32\SearchIndexer.exe[3792] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00110600 
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000703FC 
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000701F8 
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] kernel32.dll!SetUnhandledExceptionFilter 75AEF4FB 5 Bytes JMP 601550B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00110A08 
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001103FC 
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00110804 
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001101F8 
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00110600 
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] ole32.dll!OleLoadFromStream 75606143 5 Bytes JMP 60C1EAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3952] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3968] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\iTunes\iTunesHelper.exe[3968] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\iTunes\iTunesHelper.exe[3968] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3968] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00090A08 
.text C:\Program Files\iTunes\iTunesHelper.exe[3968] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 000903FC 
.text C:\Program Files\iTunes\iTunesHelper.exe[3968] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00090804 
.text C:\Program Files\iTunes\iTunesHelper.exe[3968] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 000901F8 
.text C:\Program Files\iTunes\iTunesHelper.exe[3968] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00090600 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3976] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001603FC 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3976] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001601F8 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3976] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3976] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 001F0A08 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3976] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001F03FC 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3976] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 001F0804 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3976] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001F01F8 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3976] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 001F0600 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4024] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001603FC 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4024] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001601F8 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4024] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4024] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 003F0A08 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4024] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 003F03FC 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4024] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 003F0804 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4024] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 003F01F8 
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4024] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 003F0600 
.text C:\Windows\System32\svchost.exe[4552] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000A03FC 
.text C:\Windows\System32\svchost.exe[4552] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000A01F8 
.text C:\Windows\System32\svchost.exe[4552] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4552] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00430A08 
.text C:\Windows\System32\svchost.exe[4552] USER32.dll!UnhookWinEvent  7576B750 5 Bytes JMP 004303FC 
.text C:\Windows\System32\svchost.exe[4552] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00430804 
.text C:\Windows\System32\svchost.exe[4552] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 004301F8 
.text C:\Windows\System32\svchost.exe[4552] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00430600 
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4700] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001603FC 
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4700] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001601F8 
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4700] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4700] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 002C0A08 
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4700] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 002C03FC 
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4700] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 002C0804 
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4700] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 002C01F8 
.text C:\Program Files\STOPzilla!\STOPzilla.exe[4700] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 002C0600 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00300A08 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 003003FC 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00300804 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 003001F8 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!GetWindowInfo 75774B5E 5 Bytes JMP 5AAA4822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!TrackPopupMenu 75782228 5 Bytes JMP 5AAA4DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00300600 
.text C:\Windows\system32\SearchFilterHost.exe[5312] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\system32\SearchFilterHost.exe[5312] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\system32\SearchFilterHost.exe[5312] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\system32\SearchFilterHost.exe[5312] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00140A08 
.text C:\Windows\system32\SearchFilterHost.exe[5312] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001403FC 
.text C:\Windows\system32\SearchFilterHost.exe[5312] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00140804 
.text C:\Windows\system32\SearchFilterHost.exe[5312] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001401F8 
.text C:\Windows\system32\SearchFilterHost.exe[5312] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00140600 
.text C:\Windows\System32\svchost.exe[5432] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Windows\System32\svchost.exe[5432] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Windows\System32\svchost.exe[5432] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[5432] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00250A08 
.text C:\Windows\System32\svchost.exe[5432] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 002503FC 
.text C:\Windows\System32\svchost.exe[5432] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00250804 
.text C:\Windows\System32\svchost.exe[5432] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 002501F8 
.text C:\Windows\System32\svchost.exe[5432] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00250600 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5480] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5480] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5480] kernel32.dll!GetBinaryTypeW + 70 75B069F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5480] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 00150A08 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5480] USER32.dll!UnhookWinEvent 7576B750 5 Bytes JMP 001503FC 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5480] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 00150804 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5480] USER32.dll!SetWinEventHook 757724DC 5 Bytes JMP 001501F8 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5480] USER32.dll!SetWindowsHookExA 75796D0C 5 Bytes JMP 00150600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [739124CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738F562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [738F56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73912546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [739085AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73904D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73905105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [739051DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73906707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73908301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73908850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [739090B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7390E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73904C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[2628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3908] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [751FFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)

Device \Driver\PCTBD \Device\PCTBDDevice ACCCD422
Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


----------



## Glaswegian (Dec 5, 2004)

Hi again

My name is Iain and I will be helping you clean your system.

You may wish to *Subscribe* to this thread *(Thread Tools > Subscribe to this thread)* so that you are notified when you receive a reply.

*Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.*

*Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.*

*If there is anything you don't understand, please ask BEFORE proceeding with the fixes.*

*Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.*

*Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.*

*IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.*

*Combofix*
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.*

*You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.*

Please include the log *C:\ComboFix.txt* in your next reply for further review.


----------



## blocka (Aug 13, 2008)

Hi would also like to remove the Babylon toolbar. thanks

ComboFix 12-05-14.01 - trevor 05/14/2012 18:48:57.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2401 [GMT 9.5:30]
Running from: c:\users\trevor\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 09:30 . 2012-05-14 09:30 -------- d-----w- c:\users\trevor\AppData\Local\temp
2012-05-14 09:30 . 2012-05-14 09:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-14 09:30 . 2012-05-14 09:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 10:05 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1678D09F-6ACA-4832-933E-70B545877472}\mpengine.dll
2012-05-11 06:01 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 06:00 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 06:00 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 06:00 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 06:00 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 06:00 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 06:00 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 06:00 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 06:00 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 06:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 09:50 . 2012-04-13 04:58 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-05-10 09:50 . 2012-04-13 04:58 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-10 09:50 . 2012-04-13 04:58 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-10 09:50 . 2012-04-13 04:58 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-05-10 09:50 . 2012-04-13 04:58 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-10 09:49 . 2012-05-14 08:17 -------- d-----w- c:\program files\PC Tools
2012-05-10 09:44 . 2012-05-14 08:17 -------- d-----w- c:\program files\Common Files\PC Tools
2012-05-10 09:44 . 2012-04-23 04:47 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 09:44 . 2012-05-13 12:18 -------- d-----w- c:\programdata\PC Tools
2012-05-10 09:44 . 2012-05-10 09:44 -------- d-----w- c:\users\trevor\AppData\Roaming\TestApp
2012-05-08 13:37 . 2012-05-08 13:37 -------- dc----w- C:\Rbackup
2012-05-08 11:22 . 2012-05-08 13:45 -------- d-----w- c:\users\trevor\AppData\Roaming\SpeedMaxPc
2012-05-08 11:22 . 2012-05-08 11:22 -------- d-----w- c:\users\trevor\AppData\Roaming\DriverCure
2012-05-08 11:22 . 2012-05-08 13:45 -------- d-----w- c:\programdata\SpeedMaxPc
2012-05-06 11:41 . 2012-05-06 11:41 388096 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-06 11:41 . 2012-05-06 11:41 -------- d-----w- c:\program files\Trend Micro
2012-05-06 11:03 . 2012-01-11 23:56 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-06 11:03 . 2012-05-06 11:04 -------- d-----w- c:\program files\STOPzilla!
2012-05-06 11:03 . 2012-05-14 09:30 -------- d-----w- c:\programdata\STOPzilla!
2012-05-06 11:03 . 2012-05-06 11:03 -------- d-----w- c:\program files\Common Files\iS3
2012-04-28 08:49 . 2012-04-28 08:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-28 08:49 . 2012-04-28 08:49 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-28 08:49 . 2012-04-28 08:49 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-25 02:05 . 2012-04-25 02:05 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-25 02:05 . 2012-04-25 02:05 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-25 02:05 . 2012-04-25 02:05 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-04-25 01:51 . 2012-04-25 01:51 73136 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-04-24 00:31 . 2012-04-24 00:32 -------- d-----w- c:\users\trevor\AppData\Roaming\tiger-k
2012-04-24 00:31 . 2012-04-24 00:31 -------- d-----w- c:\users\trevor\AppData\Roaming\Leawo
2012-04-24 00:29 . 2012-04-24 00:29 -------- d-----w- c:\program files\Leawo
2012-04-23 10:55 . 2012-04-23 10:56 -------- d-----w- c:\users\trevor\AppData\Roaming\GF-Player
2012-04-22 11:32 . 2012-04-22 11:32 -------- d-----w- c:\users\trevor\AppData\Roaming\FastStone
2012-04-22 11:32 . 2012-05-07 07:57 -------- d-----w- c:\program files\FastStone Image Viewer
2012-04-20 10:15 . 2012-04-20 10:16 -------- d-----w- c:\program files\TuneUpMedia
2012-04-19 11:01 . 2012-04-19 12:08 -------- d-----w- c:\users\trevor\AppData\Roaming\NCH Software
2012-04-19 10:56 . 2012-04-19 10:56 -------- d-----w- c:\users\trevor\AppData\Local\Programs
2012-04-19 10:37 . 2012-04-20 11:32 -------- d-----w- c:\users\trevor\AppData\Roaming\ArcSoft
2012-04-19 10:21 . 2012-04-19 10:21 -------- d-----w- c:\users\trevor\AppData\Local\ArcSoft
2012-04-19 10:20 . 2012-04-20 11:01 -------- d-----w- c:\programdata\ArcSoft
2012-04-19 07:58 . 1995-07-31 19:14 212480 ----a-w- c:\windows\PCDLIB32.DLL
2012-04-19 07:58 . 2012-04-19 07:58 -------- d-----w- c:\program files\ArcSoft
2012-04-19 07:45 . 2001-09-04 18:48 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-19 07:45 . 2001-09-04 18:44 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-19 07:45 . 2001-09-04 18:43 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-19 07:45 . 2001-09-04 18:48 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-19 06:05 . 2012-04-19 06:05 -------- d-----w- c:\program files\Freemake
2012-04-16 10:42 . 2012-04-16 10:42 -------- d-----w- c:\users\trevor\AppData\Local\ParserTemp
2012-04-15 06:32 . 2012-04-15 06:32 -------- d-----w- c:\users\trevor\AppData\Local\19th Parallel
2012-04-15 02:16 . 2010-02-25 08:21 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 09:11 . 2012-03-29 10:03 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 09:11 . 2011-12-15 06:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 04:25 . 2012-05-10 09:50 3488 ----a-w- c:\windows\UDB.zip
2012-04-13 04:25 . 2012-05-10 09:50 131 ----a-w- c:\windows\IDB.zip
2012-04-05 22:35 . 2012-04-05 22:35 45056 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2012-04-05 22:35 . 2012-04-05 22:35 45056 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2012-04-05 22:35 . 2012-04-05 22:35 40960 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2012-04-04 06:26 . 2012-02-04 06:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 06:07 . 2012-04-04 05:45 8107 ----a-w- c:\windows\w7dsd.reg
2012-04-04 06:07 . 2012-04-04 05:45 8089 ----a-w- c:\windows\w7dse.reg
2012-04-04 05:45 . 2012-04-04 05:45 233888 ----a-w- c:\windows\system32\DreamScene.dll
2012-03-01 05:46 . 2012-04-11 12:42 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 12:42 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 12:42 159232 ----a-w-  c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 12:42 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-11 12:53 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 12:53 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 12:53 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 12:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 05:58 . 2012-02-24 05:58 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 05:58 . 2012-02-24 05:58 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 00:48 . 2011-12-14 23:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 08:24 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 08:24 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 08:24 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 00:31 . 2012-02-15 00:31 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 00:31 . 2012-02-15 00:31 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-28 08:49 . 2012-02-19 06:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-30 3905920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-02-24 99728]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-11 101112]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-04-02 96768]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe [2009-08-24 406016]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-28 129976]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2012-04-13 70736]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-29 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2012-02-24 99728]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2012-04-25 73136]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-11-24 1517976]
S2 Ashampoo Defrag Service;Ashampoo Defrag Service;c:\program files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe [2009-12-15 890208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:11]
.
2012-05-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-02-26 11:36]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\trevor\AppData\Roaming\Mozilla\Firefox\Profiles\2beg1lpx.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - d016929c000000000000001d7da0a2e2
FF - user.js: extensions.BabylonToolbar_i.hardId - d016929c000000000000001d7da0a2e2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15443
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-14 19:03:30
ComboFix-quarantined-files.txt 2012-05-14 09:33
.
Pre-Run: 10,713,669,632 bytes free
Post-Run: 10,698,944,512 bytes free
.
- - End Of File - - A7BACFC851D0877324F5EF3480A310F8


----------



## Glaswegian (Dec 5, 2004)

Hi again

*Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.*

*Combofix*


Close any open browsers.

Open *notepad* and copy/paste the text in the box below into it:


```
ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\trevor\AppData\Roaming\Mozilla\Firefox\Profiles\2beg1lpx.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - d016929c000000000000001d7da0a2e2
FF - user.js: extensions.BabylonToolbar_i.hardId - d016929c000000000000001d7da0a2e2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15443
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
```
Looking at the image below as an example










Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag *CFScript* onto *ComboFix.exe.*

*If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.*

When finished, it will produce a log for you at *"C:\ComboFix.txt"*

*Do not mouseclick combofix's window whilst it's running. This may cause it to stall.*

*CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!*

Please post the log *C:\ComboFix.txt * for further review.


----------



## blocka (Aug 13, 2008)

ComboFix 12-05-14.01 - trevor 05/15/2012 9:32:16.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2387 [GMT 9.5:30]
Running from: C:\Users\trevor\Downloads\ComboFix.exe
Command switches used :: C:\Users\trevor\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}learJavaCache::

Firefox::
FF - ProfilePath - c:\users\trevor\AppData\Roaming\Mozilla\Firefox\Profiles\2beg1lpx.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - d016929c000000000000001d7da0a2e2
FF - user.js: extensions.BabylonToolbar_i.hardId - d016929c000000000000001d7da0a2e2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15443
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make

((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))

2012-05-15 00:14:24 . 2012-05-15 00:14:24 -------- d-----w- C:\Users\Public\AppData\Local\temp
2012-05-15 00:14:24 . 2012-05-15 00:14:24 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-05-14 10:08:04 . 2012-05-14 10:08:04 -------- d-----w- C:\Users\trevor\AppData\Local\Diagnostics
2012-05-14 09:33:32 . 2012-05-15 00:14:24 -------- d-----w- C:\Users\trevor\AppData\Local\temp
2012-05-12 10:05:21 . 2012-04-13 07:36:43 6734704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1678D09F-6ACA-4832-933E-70B545877472}\mpengine.dll
2012-05-11 06:01:07 . 2012-03-30 10:23:11 1291632 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-05-11 06:00:59 . 2012-03-31 04:29:48 936960 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 06:00:58 . 2012-03-31 04:30:54 1221632 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 06:00:57 . 2012-03-31 04:29:47 989184 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 06:00:57 . 2012-03-31 04:29:47 969216 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 06:00:40 . 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-05-11 06:00:38 . 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-05-11 06:00:38 . 2012-03-31 02:36:11 2343424 ----a-w- C:\Windows\system32\win32k.sys
2012-05-11 06:00:22 . 2012-03-17 07:27:18 56176 ----a-w- C:\Windows\system32\drivers\partmgr.sys
2012-05-11 06:00:19 . 2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\system32\DWrite.dll
2012-05-10 09:50:42 . 2012-04-13 04:58:56 70736 ----a-w- C:\Windows\system32\drivers\PCTBD.sys
2012-05-10 09:50:41 . 2012-04-13 04:58:30 767928 ----a-w- C:\Windows\BDTSupport.dll
2012-05-10 09:50:40 . 2012-04-13 04:58:50 149432 ----a-w- C:\Windows\SGDetectionTool.dll
2012-05-10 09:50:39 . 2012-04-13 04:58:48 2271160 ----a-w- C:\Windows\PCTBDCore.dll
2012-05-10 09:50:39 . 2012-04-13 04:58:48 1681336 ----a-w- C:\Windows\PCTBDRes.dll
2012-05-10 09:49:37 . 2012-05-14 08:17:46 -------- d-----w- C:\Program Files\PC Tools
2012-05-10 09:44:35 . 2012-05-14 08:17:45 -------- d-----w- C:\Program Files\Common Files\PC Tools
2012-05-10 09:44:35 . 2012-04-23 04:47:56 203088 ----a-w- C:\Windows\system32\drivers\PCTSD.sys
2012-05-10 09:44:18 . 2012-05-13 12:18:54 -------- d-----w- C:\ProgramData\PC Tools
2012-05-10 09:44:17 . 2012-05-10 09:44:17 -------- d-----w- C:\Users\trevor\AppData\Roaming\TestApp
2012-05-08 13:37:54 . 2012-05-08 13:37:54 -------- dc----w- C:\Rbackup
2012-05-08 11:22:38 . 2012-05-08 13:45:27 -------- d-----w- C:\Users\trevor\AppData\Roaming\SpeedMaxPc
2012-05-08 11:22:38 . 2012-05-08 11:22:38 -------- d-----w- C:\Users\trevor\AppData\Roaming\DriverCure
2012-05-08 11:22:30 . 2012-05-08 13:45:27 -------- d-----w- C:\ProgramData\SpeedMaxPc
2012-05-06 11:41:24 . 2012-05-06 11:41:24 388096 ----a-r- C:\Users\trevor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-06 11:41:23 . 2012-05-06 11:41:23 -------- d-----w- C:\Program Files\Trend Micro
2012-05-06 11:03:52 . 2012-01-11 23:56:20 101112 ----a-r- C:\Windows\system32\drivers\SBREDrv.sys
2012-05-06 11:03:49 . 2012-05-06 11:04:53 -------- d-----w- C:\Program Files\STOPzilla!
2012-05-06 11:03:48 . 2012-05-15 00:14:56 -------- d-----w- C:\ProgramData\STOPzilla!
2012-05-06 11:03:48 . 2012-05-06 11:03:48 -------- d-----w- C:\Program Files\Common Files\iS3
2012-04-28 08:49:31 . 2012-04-28 08:49:35 -------- d-----w- C:\Program Files\Mozilla Maintenance Service
2012-04-28 08:49:29 . 2012-04-28 08:49:29 157352 ----a-w- C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-28 08:49:29 . 2012-04-28 08:49:29 129976 ----a-w- C:\Program Files\Mozilla Firefox\maintenanceservice.exe
2012-04-25 02:05:32 . 2012-04-25 02:05:32 23376 ----a-r- C:\Windows\system32\SZIO5.dll
2012-04-25 02:05:22 . 2012-04-25 02:05:22 546640 ----a-r- C:\Windows\system32\SZComp5.dll
2012-04-25 02:05:16 . 2012-04-25 02:05:16 481104 ----a-r- C:\Windows\system32\SZBase5.dll
2012-04-25 01:51:26 . 2012-04-25 01:51:26 73136 ----a-r- C:\Windows\system32\drivers\SZKGFS.sys
2012-04-24 00:31:34 . 2012-04-24 00:32:11 -------- d-----w- C:\Users\trevor\AppData\Roaming\tiger-k
2012-04-24 00:31:34 . 2012-04-24 00:31:34 -------- d-----w- C:\Users\trevor\AppData\Roaming\Leawo
2012-04-24 00:29:01 . 2012-04-24 00:29:01 -------- d-----w- C:\Program Files\Leawo
2012-04-23 10:55:32 . 2012-04-23 10:56:10 -------- d-----w- C:\Users\trevor\AppData\Roaming\GF-Player
2012-04-22 11:32:21 . 2012-04-22 11:32:21 -------- d-----w- C:\Users\trevor\AppData\Roaming\FastStone
2012-04-22 11:32:02 . 2012-05-07 07:57:01 -------- d-----w- C:\Program Files\FastStone Image Viewer
2012-04-20 10:15:22 . 2012-04-20 10:16:03 -------- d-----w- C:\Program Files\TuneUpMedia
2012-04-19 11:01:07 . 2012-04-19 12:08:43 -------- d-----w- C:\Users\trevor\AppData\Roaming\NCH Software
2012-04-19 10:56:53 . 2012-04-19 10:56:53 -------- d-----w- C:\Users\trevor\AppData\Local\Programs
2012-04-19 10:37:24 . 2012-04-20 11:32:10 -------- d-----w- C:\Users\trevor\AppData\Roaming\ArcSoft
2012-04-19 10:21:00 . 2012-04-19 10:21:00 -------- d-----w- C:\Users\trevor\AppData\Local\ArcSoft
2012-04-19 10:20:00 . 2012-04-20 11:01:50 -------- d-----w- C:\ProgramData\ArcSoft
2012-04-19 07:58:06 . 1995-07-31 19:14:46 212480 ----a-w- C:\Windows\PCDLIB32.DLL
2012-04-19 07:58:03 . 2012-04-19 07:58:03 -------- d-----w- C:\Program Files\ArcSoft
2012-04-19 07:45:16 . 2001-09-04 18:48:34 225280 ------w- C:\Program Files\Common Files\InstallShield\IScript\iscript.dll
2012-04-19 07:45:16 . 2001-09-04 18:44:42 176128 ------w- C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-19 07:45:16 . 2001-09-04 18:43:42 32768 ------w- C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-19 07:45:15 . 2001-09-04 18:48:52 77824 ----a-w- C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-19 06:05:09 . 2012-04-19 06:05:31 -------- d-----w- C:\Program Files\Freemake
2012-04-16 10:42:57 . 2012-04-16 10:42:57 -------- d-----w- C:\Users\trevor\AppData\Local\ParserTemp
2012-04-15 06:32:47 . 2012-04-15 06:32:47 -------- d-----w- C:\Users\trevor\AppData\Local\19th Parallel
2012-04-15 02:16:11 . 2010-02-25 08:21:02 25216 ----a-w- C:\Windows\system32\drivers\tap0901.sys
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-05 09:11:07 . 2012-03-29 10:03:38 419488 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-05-05 09:11:07 . 2011-12-15 06:23:41 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 04:25:04 . 2012-05-10 09:50:40 3488 ----a-w- C:\Windows\UDB.zip
2012-04-13 04:25:04 . 2012-05-10 09:50:40 131 ----a-w- C:\Windows\IDB.zip
2012-04-05 22:35:42 . 2012-04-05 22:35:42 45056 ----a-r- C:\Users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2012-04-05 22:35:42 . 2012-04-05 22:35:42 45056 ----a-r- C:\Users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2012-04-05 22:35:42 . 2012-04-05 22:35:42 40960 ----a-r- C:\Users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2012-04-04 06:26:40 . 2012-02-04 06:44:33 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-04 06:07:02 . 2012-04-04 05:45:55 8107 ----a-w- C:\Windows\w7dsd.reg
2012-04-04 06:07:02 . 2012-04-04 05:45:55 8089 ----a-w- C:\Windows\w7dse.reg
2012-04-04 05:45:55 . 2012-04-04 05:45:55 233888 ----a-w- C:\Windows\system32\DreamScene.dll
2012-03-01 05:46:57 . 2012-04-11 12:42:48 19824 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 . 2012-04-11 12:42:47 172544 ----a-w- C:\Windows\system32\wintrust.dll
2012-03-01 05:33:23 . 2012-04-11 12:42:45 159232 ----a-w- C:\Windows\system32\imagehlp.dll
2012-03-01 05:29:16 . 2012-04-11 12:42:48 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-02-28 01:18:55 . 2012-04-11 12:53:58 1799168 ----a-w- C:\Windows\system32\jscript9.dll
2012-02-28 01:11:21 . 2012-04-11 12:53:54 1427456 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-02-28 01:11:07 . 2012-04-11 12:53:56 1127424 ----a-w- C:\Windows\system32\wininet.dll
2012-02-28 01:03:16 . 2012-04-11 12:53:59 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-02-24 05:58:26 . 2012-02-24 05:58:26 99728 ----a-r- C:\Windows\system32\drivers\SZKG.sys
2012-02-24 05:58:26 . 2012-02-24 05:58:26 99728 ----a-r- C:\Windows\system32\drivers\is3srv.sys
2012-02-23 00:48:36 . 2011-12-14 23:42:36 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-02-17 05:34:22 . 2012-03-14 08:24:49 826880 ----a-w- C:\Windows\system32\rdpcore.dll
2012-02-17 04:14:08 . 2012-03-14 08:24:47 183808 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 . 2012-03-14 08:24:47 24576 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-02-15 00:31:50 . 2012-02-15 00:31:50 4547944 ----a-w- C:\Windows\system32\usbaaplrc.dll
2012-02-15 00:31:50 . 2012-02-15 00:31:50 43520 ----a-w- C:\Windows\system32\drivers\usbaapl.sys
2012-04-28 08:49:29 . 2012-02-19 06:51:12 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01:17 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-30 08:07:27 3905920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-05 22:54:59 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-11-28 18:01:24 3744552]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 10:58:32 59240]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-03-26 19:39:24 421736]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 09:47:52 207424]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 13:10:42 843712]

C:\Users\trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54:14 551296 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R0 is3srv;is3srv;C:\Windows\system32\drivers\is3srv.sys [2012-02-24 05:58:26 99728]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 02:46:28 130384]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-04-02 07:06:58 96768]
R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54:50 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 09:11:08 257696]
R3 DfSdkS;Defragmentation-Service;C:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe [2009-08-24 10:46:36 406016]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54:50 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-28 08:49:29 129976]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD.sys [2012-04-13 04:58:56 70736]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 08:30:58 15544]
R3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-29 23:51:18 27192]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 10:24:41 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-16 11:14:33 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys [2011-11-28 17:26:19 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 szkg5;szkg5;C:\Windows\system32\DRIVERS\szkg.sys [2012-02-24 05:58:26 99728]
S0 szkgfs;szkgfs;C:\Windows\system32\drivers\szkgfs.sys [2012-04-25 01:51:26 73136]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 16:27:02 12880]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 21:55:22 67664]
S1 SBRE;SBRE;C:\Windows\system32\drivers\SBREdrv.sys [2012-01-11 23:56:20 101112]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 23:38:07 116608]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 06:37:14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]
S2 AHDDC2;Ashampoo HDD Control 2 Service;C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-11-24 23:02:30 1517976]
S2 Ashampoo Defrag Service;Ashampoo Defrag Service;C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe [2009-12-15 23:51:36 890208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 17:52:07 55128]
S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-11-28 18:01:23 127192]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 05:00:00 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 05:00:00 121856]

Contents of the 'Scheduled Tasks' folder

2012-05-15 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:03:38 . 2012-05-05 09:11:08]

2012-05-14 C:\Windows\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2012-02-26 10:17:15 . 2012-04-06 11:36:56]

2012-05-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54:53 . 2012-04-05 22:54:50]

2012-05-15 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54:53 . 2012-04-05 22:54:50]

------- Supplementary Scan -------

uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - C:\Users\trevor\AppData\Roaming\Mozilla\Firefox\Profiles\2beg1lpx.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0


----------



## Glaswegian (Dec 5, 2004)

Hi again

How is your system running now?

Download   *Malwarebytes' Anti-Malware* to your desktop.


Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
 *Update Malwarebytes' Anti-Malware*
 *Launch Malwarebytes' Anti-Malware*

Then click *Finish*.
If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform Quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
When completed, a log will open in Notepad. *Save it to your desktop*.
* Note:* Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, *post that saved log *in your next reply.


----------



## blocka (Aug 13, 2008)

Hi, thanks for your help but still have funmoods on my computer.


----------



## Glaswegian (Dec 5, 2004)

Hi

Can you post the Malwarebytes log please?


----------



## blocka (Aug 13, 2008)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.16.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
trevor :: TREVOR-PC [administrator]

5/16/2012 1:07:57 PM
mbam-log-2012-05-16 (13-07-57).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324278
Time elapsed: 1 hour(s), 1 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## Glaswegian (Dec 5, 2004)

blocka said:


> Hi, thanks for your help but still have funmoods on my computer.


Where does it show? Does it appear in Add/Remove Programs? It should be gone from Firefox.


----------



## blocka (Aug 13, 2008)

Hi, funmoods it is not listed in the add/remove list. I am using Firefox with a Google search. After entering something in the search bar i get a box at top on the list next to the word Firefox which says 'funmoods-web search results'. Underneath that i get a box which says ' start.funmoods.com/results-------------'.


----------



## Glaswegian (Dec 5, 2004)

Hi

OK - please run ComboFix again - double click it to start and let it run and produce a log.


----------



## blocka (Aug 13, 2008)

ComboFix 12-05-19.01 - trevor 05/19/2012 17:32:50.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2291 [GMT 9.5:30]
Running from: c:\users\trevor\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 08:13 . 2012-05-19 08:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-19 08:13 . 2012-05-19 08:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-18 12:33 . 2012-05-18 12:33 -------- d-----w- c:\users\trevor\AppData\Local\AVG Secure Search
2012-05-18 12:33 . 2012-05-18 12:33 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-18 12:33 . 2012-05-18 12:33 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-05-18 12:33 . 2012-05-18 12:33 -------- d-----w- c:\program files\AVG Secure Search
2012-05-18 11:31 . 2012-05-18 11:31 -------- d-----w- c:\users\trevor\AppData\Roaming\Digiarty
2012-05-18 11:31 . 2012-05-18 11:31 -------- d-----w- c:\program files\Digiarty
2012-05-18 06:14 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{855A3056-582B-4A81-A7C8-FE214CCC009E}\mpengine.dll
2012-05-14 10:08 . 2012-05-14 10:08 -------- d-----w- c:\users\trevor\AppData\Local\Diagnostics
2012-05-14 09:33 . 2012-05-19 08:13 -------- d-----w- c:\users\trevor\AppData\Local\temp
2012-05-11 06:01 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 06:00 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 06:00 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 06:00 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 06:00 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 06:00 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 06:00 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 06:00 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 06:00 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 06:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 09:50 . 2012-04-13 04:58 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-05-10 09:50 . 2012-04-13 04:58 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-10 09:50 . 2012-04-13 04:58 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-10 09:50 . 2012-04-13 04:58 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-05-10 09:50 . 2012-04-13 04:58 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-10 09:44 . 2012-05-14 08:17 -------- d-----w- c:\program files\Common Files\PC Tools
2012-05-10 09:44 . 2012-04-23 04:47 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 09:44 . 2012-05-10 09:44 -------- d-----w- c:\users\trevor\AppData\Roaming\TestApp
2012-05-08 13:37 . 2012-05-08 13:37 -------- dc----w- C:\Rbackup
2012-05-08 11:22 . 2012-05-08 13:45 -------- d-----w- c:\users\trevor\AppData\Roaming\SpeedMaxPc
2012-05-08 11:22 . 2012-05-08 11:22 -------- d-----w- c:\users\trevor\AppData\Roaming\DriverCure
2012-05-06 11:41 . 2012-05-06 11:41 388096 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-06 11:41 . 2012-05-06 11:41 -------- d-----w- c:\program files\Trend Micro
2012-05-06 11:03 . 2012-01-11 23:56 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-06 11:03 . 2012-05-06 11:04 -------- d-----w- c:\program files\STOPzilla!
2012-05-06 11:03 . 2012-05-19 08:13 -------- d-----w- c:\programdata\STOPzilla!
2012-05-06 11:03 . 2012-05-06 11:03 -------- d-----w- c:\program files\Common Files\iS3
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-04-28 08:49 . 2012-05-16 03:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-28 08:49 . 2012-04-21 01:19 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-28 08:49 . 2012-04-21 01:19 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-25 02:05 . 2012-04-25 02:05 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-25 02:05 . 2012-04-25 02:05 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-25 02:05 . 2012-04-25 02:05 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-04-25 01:51 . 2012-04-25 01:51 73136 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-04-24 00:31 . 2012-04-24 00:32 -------- d-----w- c:\users\trevor\AppData\Roaming\tiger-k
2012-04-24 00:31 . 2012-04-24 00:31 -------- d-----w- c:\users\trevor\AppData\Roaming\Leawo
2012-04-24 00:29 . 2012-04-24 00:29 -------- d-----w- c:\program files\Leawo
2012-04-23 10:55 . 2012-04-23 10:56 -------- d-----w- c:\users\trevor\AppData\Roaming\GF-Player
2012-04-22 11:32 . 2012-04-22 11:32 -------- d-----w- c:\users\trevor\AppData\Roaming\FastStone
2012-04-22 11:32 . 2012-05-07 07:57 -------- d-----w- c:\program files\FastStone Image Viewer
2012-04-20 10:15 . 2012-04-20 10:16 -------- d-----w- c:\program files\TuneUpMedia
2012-04-19 11:01 . 2012-04-19 12:08 -------- d-----w- c:\users\trevor\AppData\Roaming\NCH Software
2012-04-19 10:56 . 2012-04-19 10:56 -------- d-----w- c:\users\trevor\AppData\Local\Programs
2012-04-19 10:37 . 2012-04-20 11:32 -------- d-----w- c:\users\trevor\AppData\Roaming\ArcSoft
2012-04-19 10:21 . 2012-04-19 10:21 -------- d-----w- c:\users\trevor\AppData\Local\ArcSoft
2012-04-19 10:20 . 2012-04-20 11:01 -------- d-----w- c:\programdata\ArcSoft
2012-04-19 09:14 . 2006-11-10 05:35 18688 ----a-w- c:\windows\system32\drivers\afc.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 09:11 . 2012-03-29 10:03 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 09:11 . 2011-12-15 06:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 08:09 . 2012-04-19 08:09 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-04-19 08:09 . 2012-04-19 08:09 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-04-19 08:09 . 2012-04-19 08:09 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-04-19 08:09 . 2012-04-19 08:09 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-04-19 08:09 . 2012-04-19 08:09 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-04-19 08:09 . 2012-04-19 08:09 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-04-19 08:09 . 2012-04-19 08:09 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-04-19 08:09 . 2012-04-19 08:09 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-04-19 08:09 . 2012-04-19 08:09 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-04-13 04:25 . 2012-05-10 09:50 3488 ----a-w- c:\windows\UDB.zip
2012-04-13 04:25 . 2012-05-10 09:50 131 ----a-w- c:\windows\IDB.zip
2012-04-05 22:35 . 2012-04-05 22:35 45056 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2012-04-05 22:35 . 2012-04-05 22:35 45056 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2012-04-05 22:35 . 2012-04-05 22:35 40960 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2012-04-04 06:26 . 2012-02-04 06:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 06:07 . 2012-04-04 05:45 8107 ----a-w- c:\windows\w7dsd.reg
2012-04-04 06:07 . 2012-04-04 05:45 8089 ----a-w- c:\windows\w7dse.reg
2012-04-04 05:45 . 2012-04-04 05:45 233888 ----a-w- c:\windows\system32\DreamScene.dll
2012-03-01 05:46 . 2012-04-11 12:42 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 12:42 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 12:42 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 12:42 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-11 12:53 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 12:53 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 12:53 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 12:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 05:58 . 2012-02-24 05:58 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 05:58 . 2012-02-24 05:58 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 00:48 . 2011-12-14 23:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-21 01:19 . 2012-02-19 06:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-18 12:33 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-05-18 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-30 3905920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-18 1104440]
.
c:\users\trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-02-24 99728]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-04-02 96768]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe [2009-08-24 406016]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-28 129976]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2012-04-13 70736]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-29 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2012-02-24 99728]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2012-04-25 73136]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-11 101112]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-11-24 1517976]
S2 Ashampoo Defrag Service;Ashampoo Defrag Service;c:\program files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe [2009-12-15 890208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-05-18 935480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:11]
.
2012-05-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-02-26 11:36]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\trevor\AppData\Roaming\Mozilla\Firefox\Profiles\2beg1lpx.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bed7e9141-8127-4344-ad90-07336948711d%7D&mid=e2ccf100b72547d09d32d1543b444b11-1de18278c24dce92b29913544fc74380742b6d62&ds=ts022&v=11.1.0.7&lang=en&pr=sa&d=2012-05-18%2022%3A03%3A10&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bed7e9141-8127-4344-ad90-07336948711d%7D&mid=e2ccf100b72547d09d32d1543b444b11-1de18278c24dce92b29913544fc74380742b6d62&ds=ts022&v=11.1.0.7&lang=en&pr=sa&d=2012-05-18%2022%3A03%3A10&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-19 17:50:36
ComboFix-quarantined-files.txt 2012-05-19 08:20
.
Pre-Run: 12,622,434,304 bytes free
Post-Run: 12,607,094,784 bytes free
.
- - End Of File - - C0EADFBF3BE8803AFF34DAC820D57B99


----------



## Glaswegian (Dec 5, 2004)

Hi again

*Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.*

*Combofix*


Close any open browsers.

Open *notepad* and copy/paste the text in the box below into it:


```
ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\trevor\AppData\Roaming\Mozilla\Firefox\Profiles\2beg1lpx.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bed7e9141-8127-4344-ad90-07336948711d%7D&mid=e2ccf100b72547d09d32d1543b444b11-1de18278c24dce92b29913544fc74380742b6d62&ds=ts022&v=11.1.0.7&lang=en&pr=sa& d=2012-05-18%2022%3A03%3A10&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bed7e9141-8127-4344-ad90-07336948711d%7D&mid=e2ccf100b72547d09d32d1543b444b11-1de18278c24dce92b29913544fc74380742b6d62&ds=ts022&v=11.1.0.7&lang=en&pr=sa& d=2012-05-18%2022%3A03%3A10&sap=ku&q=

Folder::
c:\users\trevor\AppData\Local\AVG Secure Search
c:\programdata\AVG Secure Search
c:\program files\Common Files\AVG Secure Search
c:\program files\AVG Secure Search
```
Looking at the image below as an example










Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag *CFScript* onto *ComboFix.exe.*

*If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.*

When finished, it will produce a log for you at *"C:\ComboFix.txt"*

*Do not mouseclick combofix's window whilst it's running. This may cause it to stall.*

*CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!*

Please post the log *C:\ComboFix.txt * for further review.


----------



## blocka (Aug 13, 2008)

ComboFix 12-05-20.04 - trevor 05/20/2012 21:47:17.8.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.1967 [GMT 9.5:30]
Running from: c:\users\trevor\Downloads\ComboFix.exe
Command switches used :: c:\users\trevor\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVG Secure Search
c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
c:\program files\AVG Secure Search\about.gif
c:\program files\AVG Secure Search\active-threats18.gif
c:\program files\AVG Secure Search\avguidx.dll
c:\program files\AVG Secure Search\calc.gif
c:\program files\AVG Secure Search\CleanHistory.gif
c:\program files\AVG Secure Search\configuration.xml
c:\program files\AVG Secure Search\current.gif
c:\program files\AVG Secure Search\currently-safe18.gif
c:\program files\AVG Secure Search\Facebook.gif
c:\program files\AVG Secure Search\favicon.ico
c:\program files\AVG Secure Search\feedback.gif
c:\program files\AVG Secure Search\help.gif
c:\program files\AVG Secure Search\icon18.gif
c:\program files\AVG Secure Search\iGearedHelper.dll
c:\program files\AVG Secure Search\labs.gif
c:\program files\AVG Secure Search\Licenses\Encoding_decoding_base64.txt
c:\program files\AVG Secure Search\Licenses\hmac.txt
c:\program files\AVG Secure Search\Licenses\LICENSE-bsdiff.txt
c:\program files\AVG Secure Search\Licenses\LICENSE-bzip.txt
c:\program files\AVG Secure Search\Licenses\LICENSE-MPL-NPAPI.txt
c:\program files\AVG Secure Search\Licenses\LICENSE-sparsehash.txt
c:\program files\AVG Secure Search\lip.exe
c:\program files\AVG Secure Search\MigrationTool.exe
c:\program files\AVG Secure Search\note.gif
c:\program files\AVG Secure Search\PostInstall.exe
c:\program files\AVG Secure Search\radio\bg.gif
c:\program files\AVG Secure Search\radio\play.gif
c:\program files\AVG Secure Search\radio\play_hover.gif
c:\program files\AVG Secure Search\radio\radio.html
c:\program files\AVG Secure Search\radio\radio.js
c:\program files\AVG Secure Search\radio\stations.xml
c:\program files\AVG Secure Search\radio\stop.gif
c:\program files\AVG Secure Search\radio\stop_hover.gif
c:\program files\AVG Secure Search\radio\v_minus.gif
c:\program files\AVG Secure Search\radio\v_minus_1.gif
c:\program files\AVG Secure Search\radio\v_plus.gif
c:\program files\AVG Secure Search\radio\v_plus_1.gif
c:\program files\AVG Secure Search\radio\vol_line_emp.gif
c:\program files\AVG Secure Search\radio\vol_line_full.gif
c:\program files\AVG Secure Search\radio\vol_line_half.gif
c:\program files\AVG Secure Search\remote_configuration.xml
c:\program files\AVG Secure Search\search.gif
c:\program files\AVG Secure Search\SecuredSearch.gif
c:\program files\AVG Secure Search\setup.bmp
c:\program files\AVG Secure Search\speed-test.gif
c:\program files\AVG Secure Search\surf-with-caution18.gif
c:\program files\AVG Secure Search\toolbar.zip
c:\program files\AVG Secure Search\Uninstall.exe
c:\program files\AVG Secure Search\uninstall.gif
c:\program files\AVG Secure Search\updating18.gif
c:\program files\AVG Secure Search\vprot.exe
c:\program files\AVG Secure Search\weather.gif
c:\program files\AVG Secure Search\windows.gif
c:\program files\Common Files\AVG Secure Search
c:\program files\Common Files\AVG Secure Search\CommonInstaller\11.1.0\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\InstalledProducts.ini
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.1.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\11.1.0\toolband
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\UpdaterConfig.ini
c:\programdata\AVG Secure Search
c:\programdata\AVG Secure Search\11.1.0.7\chrome.manifest
c:\programdata\AVG Secure Search\11.1.0.7\chrome\avg.jar
c:\programdata\AVG Secure Search\11.1.0.7\components\toolbarhomeApi.js
c:\programdata\AVG Secure Search\11.1.0.7\icon.png
c:\programdata\AVG Secure Search\11.1.0.7\install.rdf
c:\programdata\AVG Secure Search\11.1.0.7\locale\en-US\global.dtd
c:\programdata\AVG Secure Search\11.1.0.7\locale\en-US\global.properties
c:\programdata\AVG Secure Search\11.1.0.7\modules\avg.xml
c:\programdata\AVG Secure Search\11.1.0.7\modules\avgJsm.js
c:\programdata\AVG Secure Search\11.1.0.7\modules\Bindings.xml
c:\programdata\AVG Secure Search\11.1.0.7\modules\configuration.js
c:\programdata\AVG Secure Search\11.1.0.7\modules\configuration_0.css
c:\programdata\AVG Secure Search\11.1.0.7\modules\configuration_0.xul
c:\programdata\AVG Secure Search\11.1.0.7\modules\HistoryCleaner.js
c:\programdata\AVG Secure Search\11.1.0.7\modules\IOJsm.js
c:\programdata\AVG Secure Search\11.1.0.7\modules\Preferences.js
c:\programdata\AVG Secure Search\11.1.0.7\modules\propertiesJsm.js
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\about.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\active-threats18.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\ajax-loader.gif
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\calc.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\CleanHistory.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\close.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\current.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\currently-safe18.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\Facebook.gif
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\feedback.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\feedicon.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\help.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\icon_search.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\icon18.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\information-24.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\labs.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\loader.gif
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\note.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\questionmarkIcon.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\search.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\SecuredSearch.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\speed-test.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\surf-with-caution18.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\uninstall.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\updating18.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\weather.gif
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\window-close.png
c:\programdata\AVG Secure Search\11.1.0.7\modules\skin\windows.png
c:\users\trevor\AppData\Local\AVG Secure Search
c:\users\trevor\AppData\Local\AVG Secure Search\SiteSafety\l_2012_05_18_05_34_03.db
c:\users\trevor\AppData\Local\AVG Secure Search\SiteSafety\l_2012_05_19_05_58_27.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vToolbarUpdater11.1.0
-------\Service_vToolbarUpdater11.1.0
.
.
((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-20 12:32 . 2012-05-20 12:36 -------- d-----w- c:\users\trevor\AppData\Local\temp
2012-05-20 12:32 . 2012-05-20 12:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-20 12:32 . 2012-05-20 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-20 10:16 . 2012-05-20 10:17 -------- d-----w- c:\program files\Safari
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-05-20 10:14 . 2012-05-20 10:15 -------- d-----w- c:\program files\QuickTime
2012-05-20 07:43 . 2012-03-07 01:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-20 07:43 . 2012-03-07 01:02 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-05-19 11:51 . 2012-05-19 11:51 -------- d-----w- c:\programdata\Premium
2012-05-19 11:51 . 2012-05-19 12:25 -------- d-----w- c:\program files\Web Assistant
2012-05-19 11:51 . 2012-05-19 11:54 -------- d-----w- c:\programdata\Bcool
2012-05-19 11:47 . 2012-05-19 11:47 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240CC.TMP
2012-05-19 11:46 . 2012-05-19 11:46 -------- d-----w- c:\users\trevor\AppData\Local\CRE
2012-05-19 11:46 . 2012-05-19 11:46 -------- d-----w- c:\program files\Conduit
2012-05-19 11:46 . 2012-05-19 11:46 -------- d-----w- c:\program files\uTorrent
2012-05-19 11:42 . 2012-05-19 11:42 -------- d-----w- c:\users\trevor\AppData\Local\CrashDumps
2012-05-18 11:31 . 2012-05-18 11:31 -------- d-----w- c:\users\trevor\AppData\Roaming\Digiarty
2012-05-18 11:31 . 2012-05-18 11:31 -------- d-----w- c:\program files\Digiarty
2012-05-14 10:08 . 2012-05-14 10:08 -------- d-----w- c:\users\trevor\AppData\Local\Diagnostics
2012-05-11 06:01 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 06:00 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 06:00 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 06:00 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 06:00 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 06:00 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 06:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 09:50 . 2012-04-13 04:58 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-05-10 09:50 . 2012-04-13 04:58 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-10 09:50 . 2012-04-13 04:58 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-10 09:50 . 2012-04-13 04:58 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-05-10 09:50 . 2012-04-13 04:58 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-10 09:44 . 2012-05-14 08:17 -------- d-----w- c:\program files\Common Files\PC Tools
2012-05-10 09:44 . 2012-04-23 04:47 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 09:44 . 2012-05-10 09:44 -------- d-----w- c:\users\trevor\AppData\Roaming\TestApp
2012-05-08 13:37 . 2012-05-08 13:37 -------- dc----w- C:\Rbackup
2012-05-08 11:22 . 2012-05-08 13:45 -------- d-----w- c:\users\trevor\AppData\Roaming\SpeedMaxPc
2012-05-08 11:22 . 2012-05-08 11:22 -------- d-----w- c:\users\trevor\AppData\Roaming\DriverCure
2012-05-06 11:41 . 2012-05-06 11:41 388096 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-06 11:41 . 2012-05-06 11:41 -------- d-----w- c:\program files\Trend Micro
2012-05-06 11:03 . 2012-01-11 23:56 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-06 11:03 . 2012-05-06 11:04 -------- d-----w- c:\program files\STOPzilla!
2012-05-06 11:03 . 2012-05-20 12:37 -------- d-----w- c:\programdata\STOPzilla!
2012-05-06 11:03 . 2012-05-06 11:03 -------- d-----w- c:\program files\Common Files\iS3
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-04-28 08:49 . 2012-05-16 03:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-28 08:49 . 2012-04-21 01:19 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-28 08:49 . 2012-04-21 01:19 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-25 01:51 . 2012-04-25 01:51 73136 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-04-24 00:31 . 2012-04-24 00:32 -------- d-----w- c:\users\trevor\AppData\Roaming\tiger-k
2012-04-24 00:31 . 2012-04-24 00:31 -------- d-----w- c:\users\trevor\AppData\Roaming\Leawo
2012-04-24 00:29 . 2012-04-24 00:29 -------- d-----w- c:\program files\Leawo
2012-04-23 10:55 . 2012-04-23 10:56 -------- d-----w- c:\users\trevor\AppData\Roaming\GF-Player
2012-04-22 11:32 . 2012-04-22 11:32 -------- d-----w- c:\users\trevor\AppData\Roaming\FastStone
2012-04-22 11:32 . 2012-05-07 07:57 -------- d-----w- c:\program files\FastStone Image Viewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2012-05-18 06:14 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{855A3056-582B-4A81-A7C8-FE214CCC009E}\mpengine.dll
2012-05-05 09:11 . 2012-03-29 10:03 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 09:11 . 2011-12-15 06:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-25 02:05 . 2012-04-25 02:05 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-25 02:05 . 2012-04-25 02:05 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-25 02:05 . 2012-04-25 02:05 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-04-19 08:09 . 2012-04-19 08:09 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-04-19 08:09 . 2012-04-19 08:09 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-04-19 08:09 . 2012-04-19 08:09 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-04-19 08:09 . 2012-04-19 08:09 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-04-19 08:09 . 2012-04-19 08:09 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-04-19 08:09 . 2012-04-19 08:09 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-04-19 08:09 . 2012-04-19 08:09 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-04-19 08:09 . 2012-04-19 08:09 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-04-19 08:09 . 2012-04-19 08:09 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-04-18 11:26 . 2012-04-18 11:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 11:26 . 2012-04-18 11:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-13 04:25 . 2012-05-10 09:50 3488 ----a-w- c:\windows\UDB.zip
2012-04-13 04:25 . 2012-05-10 09:50 131 ----a-w- c:\windows\IDB.zip
2012-04-05 22:35 . 2012-04-05 22:35 45056 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2012-04-05 22:35 . 2012-04-05 22:35 45056 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2012-04-05 22:35 . 2012-04-05 22:35 40960 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2012-04-04 06:26 . 2012-02-04 06:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 06:07 . 2012-04-04 05:45 8107 ----a-w- c:\windows\w7dsd.reg
2012-04-04 06:07 . 2012-04-04 05:45 8089 ----a-w- c:\windows\w7dse.reg
2012-04-04 05:45 . 2012-04-04 05:45 233888 ----a-w- c:\windows\system32\DreamScene.dll
2012-03-31 04:39 . 2012-05-11 06:00 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 06:00 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36 . 2012-05-11 06:00 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-07 01:15 . 2011-12-15 05:57 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 01:15 . 2011-12-15 05:57 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 01:04 . 2011-12-15 06:17 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-03-07 01:03 . 2011-12-15 05:58 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 01:03 . 2011-12-15 05:58 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 01:03 . 2011-12-15 06:17 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-03-07 01:01 . 2011-12-15 05:58 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 01:01 . 2011-12-15 05:58 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 01:01 . 2011-12-15 05:58 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 05:46 . 2012-04-11 12:42 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 12:42 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 12:42 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 12:42 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-11 12:53 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 12:53 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 12:53 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 12:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 05:58 . 2012-02-24 05:58 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 05:58 . 2012-02-24 05:58 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 00:48 . 2011-12-14 23:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-21 01:19 . 2012-02-19 06:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 01:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-30 3905920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-05 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-19 880496]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-02-24 99728]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe [2009-08-24 406016]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-28 129976]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2012-04-13 70736]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-29 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2012-02-24 99728]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2012-04-25 73136]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-11 101112]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-11-24 1517976]
S2 Ashampoo Defrag Service;Ashampoo Defrag Service;c:\program files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe [2009-12-15 890208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-07 134920]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-04-02 96768]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:11]
.
2012-05-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-02-26 11:36]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
FF - ProfilePath - c:\users\trevor\AppData\Roaming\Mozilla\Firefox\Profiles\2beg1lpx.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyCkrmUPz&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d016929c000000000000001d7da0a2e2
FF - user.js: extensions.incredibar_i.instlDay - 15479
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:21
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyCkrmUPz
FF - user.js: extensions.incredibar_i.upn2n - 92261436589468765
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 21%5F4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-AVG Secure Search - c:\program files\AVG Secure Search\UNINSTALL.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\taskhost.exe
c:\program files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe
c:\program files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\STOPzilla!\STOPzilla.exe
.
**************************************************************************
.
Completion time: 2012-05-20 22:15:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-20 12:45
ComboFix2.txt 2012-05-19 12:35
ComboFix3.txt 2012-05-19 08:20
.
Pre-Run: 11,833,679,872 bytes free
Post-Run: 11,657,072,640 bytes free
.
- - End Of File - - 0894E08EAD7CE683CFA791F3B4CEDEAC


----------



## Glaswegian (Dec 5, 2004)

Hi again

How is your system running now? Any more funmoods?


----------



## blocka (Aug 13, 2008)

Hi, no, it is still showing in Firefox. see attached. I have downloaded Google Chrome and it does NOT appear there. Would still like 2 remove it, Thanks


----------



## Glaswegian (Dec 5, 2004)

Hi again

It's proving to be a bit stubborn.

*Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.*

*Combofix*


Close any open browsers.

Open *notepad* and copy/paste the text in the box below into it:


```
ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\trevor\AppData\Roaming\Mozilla\Firefox\Profiles\2beg1lpx.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyCkrmUPz&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d016929c000000000000001d7da0a2e2
FF - user.js: extensions.incredibar_i.instlDay - 15479
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:21
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyCkrmUPz
FF - user.js: extensions.incredibar_i.upn2n - 92261436589468765
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 21%5F4
```
Looking at the image below as an example










Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag *CFScript* onto *ComboFix.exe.*

*If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.*

When finished, it will produce a log for you at *"C:\ComboFix.txt"*

*Do not mouseclick combofix's window whilst it's running. This may cause it to stall.*

*CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!*

Please post the log *C:\ComboFix.txt * for further review.


----------



## blocka (Aug 13, 2008)

This is proving very difficult to remove as it is still present on my computer. Any ideas as to why we cant remove it ? Thanks

ComboFix 12-05-24.01 - trevor 05/24/2012 21:22:17.9.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2271 [GMT 9.5:30]
Running from: c:\users\trevor\Downloads\ComboFix.exe
Command switches used :: c:\users\trevor\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-24 12:11 . 2012-05-24 12:11 -------- d-----w- c:\users\trevor\AppData\Local\temp
2012-05-24 12:11 . 2012-05-24 12:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-24 12:11 . 2012-05-24 12:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-24 11:47 . 2012-05-24 11:47 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-05-23 08:17 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58E4412D-B6B3-4C61-AE4B-610B1787C0B7}\mpengine.dll
2012-05-21 11:50 . 2012-05-21 11:50 -------- d-----w- c:\program files\Glarysoft
2012-05-20 10:16 . 2012-05-20 10:17 -------- d-----w- c:\program files\Safari
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-20 10:15 . 2012-05-20 10:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-05-20 10:14 . 2012-05-20 10:15 -------- d-----w- c:\program files\QuickTime
2012-05-20 07:43 . 2012-03-07 01:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-20 07:43 . 2012-03-07 01:02 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-05-19 11:51 . 2012-05-19 11:51 -------- d-----w- c:\programdata\Premium
2012-05-19 11:51 . 2012-05-19 12:25 -------- d-----w- c:\program files\Web Assistant
2012-05-19 11:51 . 2012-05-19 11:54 -------- d-----w- c:\programdata\Bcool
2012-05-19 11:47 . 2012-05-19 11:47 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240CC.TMP
2012-05-19 11:46 . 2012-05-19 11:46 -------- d-----w- c:\users\trevor\AppData\Local\CRE
2012-05-19 11:46 . 2012-05-19 11:46 -------- d-----w- c:\program files\Conduit
2012-05-19 11:46 . 2012-05-19 11:46 -------- d-----w- c:\program files\uTorrent
2012-05-19 11:42 . 2012-05-24 11:05 -------- d-----w- c:\users\trevor\AppData\Local\CrashDumps
2012-05-18 11:31 . 2012-05-18 11:31 -------- d-----w- c:\users\trevor\AppData\Roaming\Digiarty
2012-05-18 11:31 . 2012-05-18 11:31 -------- d-----w- c:\program files\Digiarty
2012-05-14 10:08 . 2012-05-14 10:08 -------- d-----w- c:\users\trevor\AppData\Local\Diagnostics
2012-05-11 06:01 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 06:00 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 06:00 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 06:00 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 06:00 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 06:00 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 06:00 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 06:00 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 06:00 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 06:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 09:50 . 2012-04-13 04:58 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-05-10 09:50 . 2012-04-13 04:58 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-10 09:50 . 2012-04-13 04:58 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-10 09:50 . 2012-04-13 04:58 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-05-10 09:50 . 2012-04-13 04:58 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-10 09:44 . 2012-05-14 08:17 -------- d-----w- c:\program files\Common Files\PC Tools
2012-05-10 09:44 . 2012-04-23 04:47 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 09:44 . 2012-05-10 09:44 -------- d-----w- c:\users\trevor\AppData\Roaming\TestApp
2012-05-08 13:37 . 2012-05-08 13:37 -------- dc----w- C:\Rbackup
2012-05-08 11:22 . 2012-05-08 13:45 -------- d-----w- c:\users\trevor\AppData\Roaming\SpeedMaxPc
2012-05-08 11:22 . 2012-05-08 11:22 -------- d-----w- c:\users\trevor\AppData\Roaming\DriverCure
2012-05-06 11:41 . 2012-05-06 11:41 388096 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-06 11:41 . 2012-05-06 11:41 -------- d-----w- c:\program files\Trend Micro
2012-05-06 11:03 . 2012-01-11 23:56 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-06 11:03 . 2012-05-06 11:04 -------- d-----w- c:\program files\STOPzilla!
2012-05-06 11:03 . 2012-05-24 12:11 -------- d-----w- c:\programdata\STOPzilla!
2012-05-06 11:03 . 2012-05-06 11:03 -------- d-----w- c:\program files\Common Files\iS3
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-04-28 08:49 . 2012-05-16 03:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-28 08:49 . 2012-04-21 01:19 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-28 08:49 . 2012-04-21 01:19 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-25 02:05 . 2012-04-25 02:05 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-25 02:05 . 2012-04-25 02:05 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-25 02:05 . 2012-04-25 02:05 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-04-25 01:51 . 2012-04-25 01:51 73136 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 09:11 . 2012-03-29 10:03 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 09:11 . 2011-12-15 06:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 08:09 . 2012-04-19 08:09 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-04-19 08:09 . 2012-04-19 08:09 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-04-19 08:09 . 2012-04-19 08:09 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-04-19 08:09 . 2012-04-19 08:09 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-04-19 08:09 . 2012-04-19 08:09 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-04-19 08:09 . 2012-04-19 08:09 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-04-19 08:09 . 2012-04-19 08:09 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-04-19 08:09 . 2012-04-19 08:09 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-04-19 08:09 . 2012-04-19 08:09 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-04-18 11:26 . 2012-04-18 11:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 11:26 . 2012-04-18 11:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-13 04:25 . 2012-05-10 09:50 3488 ----a-w- c:\windows\UDB.zip
2012-04-13 04:25 . 2012-05-10 09:50 131 ----a-w- c:\windows\IDB.zip
2012-04-05 22:35 . 2012-04-05 22:35 45056 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2012-04-05 22:35 . 2012-04-05 22:35 45056 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2012-04-05 22:35 . 2012-04-05 22:35 40960 ----a-r- c:\users\trevor\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2012-04-04 06:26 . 2012-02-04 06:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 06:07 . 2012-04-04 05:45 8107 ----a-w- c:\windows\w7dsd.reg
2012-04-04 06:07 . 2012-04-04 05:45 8089 ----a-w- c:\windows\w7dse.reg
2012-04-04 05:45 . 2012-04-04 05:45 233888 ----a-w- c:\windows\system32\DreamScene.dll
2012-03-07 01:15 . 2011-12-15 05:57 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 01:15 . 2011-12-15 05:57 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 01:04 . 2011-12-15 06:17 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-03-07 01:03 . 2011-12-15 05:58 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 01:03 . 2011-12-15 05:58 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 01:03 . 2011-12-15 06:17 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-03-07 01:01 . 2011-12-15 05:58 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 01:01 . 2011-12-15 05:58 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 01:01 . 2011-12-15 05:58 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 05:46 . 2012-04-11 12:42 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 12:42 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 12:42 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 12:42 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-11 12:53 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 12:53 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 12:53 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 12:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-21 01:19 . 2012-02-19 06:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 01:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-30 3905920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-05 39408]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^trevor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 09:47 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 11:26 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-19 11:46 880496 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-02-24 99728]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-04-02 96768]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 136176]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe [2009-08-24 406016]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-28 129976]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2012-04-13 70736]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-29 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2012-02-24 99728]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2012-04-25 73136]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-11 101112]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-11-24 1517976]
S2 Ashampoo Defrag Service;Ashampoo Defrag Service;c:\program files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe [2009-12-15 890208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-07 134920]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:11]
.
2012-05-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-02-26 11:36]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 22:54]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3883089985-102135855-1145050257-1001Core.job
- c:\users\trevor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 01:05]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3883089985-102135855-1145050257-1001UA.job
- c:\users\trevor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 01:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\trevor\AppData\Roaming\Mozilla\Firefox\Profiles\2beg1lpx.default\
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyCkrmUPz&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.instlDay - 15479
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:21
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyCkrmUPz
FF - user.js: extensions.incredibar_i.upn2n - 92261436589468765
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 21%5F4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-24 21:43:09
ComboFix-quarantined-files.txt 2012-05-24 12:13
ComboFix2.txt 2012-05-20 12:45
ComboFix3.txt 2012-05-19 12:35
ComboFix4.txt 2012-05-19 08:20
.
Pre-Run: 11,714,613,248 bytes free
Post-Run: 11,448,102,912 bytes free
.
- - End Of File - - FB9CC883BB39BDF13DE3D45927992BDF


----------



## Glaswegian (Dec 5, 2004)

Hi

Can you tell me exactly where it shows? Is it in your browser? The browser default search? Does it only show in Firefox or is it in IE as well?

Looks like it may be a Registry setting.


----------



## blocka (Aug 13, 2008)

Hi it is only appearing in Firefox. Not Chrome or IE. After entering a search it appears at the top in two places on the left hand side with the search results underneath See attached.


----------



## Glaswegian (Dec 5, 2004)

Hi again

I would suggest you backup your FF bookmarks

http://support.mozilla.org/en-US/kb/Backing-up-restoring-bookmarks

Uninstall Firefox, reboot your computer, then re-install Firefox and then restore your bookmarks. I would not backup extensions etc as that seems to be where the problem lies.


----------



## blocka (Aug 13, 2008)

Hi , have done as you have suggested and all appears to have been fixed. Thanks for all your help. Blocka


----------



## Glaswegian (Dec 5, 2004)

Hi again

Good work  your system should be nice and clean now.

If there are no more problems well just tidy up and Ill let you go, along with my recommendations for staying safe and secure.

The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Referring to the image below










Click *All Programs > Accessories > Run* and copy/paste, or type the following bold text into the Run box and click *OK*:

*
ComboFix /Uninstall
*

You can keep MBAM  its a great on-demand scanner.

Now that you are clean, to help protect your computer in the future I recommend that you get the following *free* programs:

*
General Protection*
Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.
Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here.

*
MVPS Hosts File*
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. *Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.*

*Other Protection*
Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

*Web of Trust*
WOT warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

Green to go 
Yellow for caution 
Red to stop
 WOT has an addon available for both Firefox and IE.

*Do Not Track +*
DNT+ protects your online privacy and prevents advertising companies and social networks from collecting personal information. This means they cannot serve you adverts nor follow you throughout the web. Every time you go online you are being watched and your habits recorded. DNT+ allows you to control your personal details. How DNT+ works.

*Additional Reading*
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

PC Safety & Security - What Do I Need?.
Making Internet Explorer Safer.
Think Prevention!

Have a look here if your PC is still running a bit slow
Is your PC running slow...?

Keep *clean* and *safe* and enjoy your computing!

*Please respond to this thread one more time so we can mark this thread as resolved.*


----------

