No help from two other removal sites. Referred here.

cspence2393 · February 21, 2012, 01:58:36 AM

Thats a new DDS log.
Symptoms:
Unable to use notepad, command prompt, change time and date, device manager, etc.
Gradually slower response times until computer is unusable.
Repeated black screens of death (after log in only a cursor appears) requiring fixing the boot record.
Interference with security software including scans.

Corrine · February 21, 2012, 03:04:10 AM

Thanks cspence2393. I don't know that this will help, but let's give it a try.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click "Yes" to continue scanning for malware.

When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

cspence2393 · February 22, 2012, 10:50:43 PM

ComboFix 12-02-21.01 - Caleb 02/21/2012 23:05:29.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.3272 [GMT -6:00]
Running from: c:\users\Caleb\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\lol
c:\program files (x86)\lol\LeagueOfLegends\0x0409.ini
c:\program files (x86)\lol\LeagueOfLegends\data1.cab
c:\program files (x86)\lol\LeagueOfLegends\data1.hdr
c:\program files (x86)\lol\LeagueOfLegends\data2.cab
c:\program files (x86)\lol\LeagueOfLegends\ISSetup.dll
c:\program files (x86)\lol\LeagueOfLegends\layout.bin
c:\program files (x86)\lol\LeagueOfLegends\setup.exe
c:\program files (x86)\lol\LeagueOfLegends\setup.ini
c:\program files (x86)\lol\LeagueOfLegends\setup.inx
c:\program files (x86)\lol\LeagueOfLegends\setup.isn
c:\program files (x86)\WinPCap
c:\program files (x86)\WinPCap\install.log
c:\program files (x86)\WinPCap\rpcapd.exe
c:\program files (x86)\WinPCap\WinPcapInstall.dll
c:\users\Caleb\AppData\Roaming\mIRC\logs\status.log
c:\users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ilasm266.default\searchplugins\bing-zugo.xml
c:\windows\es.exe
c:\windows\iun6002.exe
c:\windows\pthreadGC2.dll
c:\windows\SysWow64\local.txt
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 04:50 . 2012-01-06 05:15   8602168   ------w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04791B3-C41D-444F-A5AE-B2EB035CB6D2}\mpengine.dll
2012-02-19 00:57 . 2012-02-19 00:57   --------   d-----w-   c:\program files (x86)\Microsoft
2012-02-19 00:57 . 2012-02-19 00:57   --------   d-----w-   c:\program files\Unlocker
2012-02-17 23:51 . 2012-02-18 06:06   --------   d-----w-   c:\users\Caleb\AppData\Roaming\mIRC
2012-02-17 23:51 . 2012-02-17 23:51   --------   d-----w-   c:\program files (x86)\mIRC
2012-02-17 05:44 . 2012-02-18 06:40   --------   d-----w-   C:\rsit
2012-02-17 05:44 . 2012-02-17 05:44   --------   d-----w-   c:\program files\trend micro
2012-02-15 03:47 . 2012-01-04 10:44   509952   ----a-w-   c:\windows\system32\ntshrui.dll
2012-02-15 03:47 . 2012-01-04 08:58   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
2012-02-15 03:47 . 2011-12-30 06:26   515584   ----a-w-   c:\windows\system32\timedate.cpl
2012-02-15 03:47 . 2011-12-30 05:27   478720   ----a-w-   c:\windows\SysWow64\timedate.cpl
2012-02-15 03:47 . 2012-01-14 04:06   3145728   ----a-w-   c:\windows\system32\win32k.sys
2012-02-15 03:47 . 2011-12-28 03:59   498688   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-02-15 03:47 . 2011-12-16 08:46   634880   ----a-w-   c:\windows\system32\msvcrt.dll
2012-02-15 03:47 . 2011-12-16 07:52   690688   ----a-w-   c:\windows\SysWow64\msvcrt.dll
2012-02-10 20:49 . 2012-02-10 20:49   --------   d-----w-   C:\AMD
2012-02-01 03:15 . 2012-02-10 20:50   25160   ----a-w-   c:\windows\system32\drivers\hitmanpro36.sys
2012-02-01 03:13 . 2012-02-01 03:15   --------   d-----w-   c:\program files\HitmanPro
2012-02-01 03:12 . 2012-02-01 03:15   --------   d-----w-   c:\programdata\HitmanPro
2012-01-31 06:39 . 2012-01-31 06:39   --------   d-----w-   c:\users\Caleb\AppData\Roaming\SUPERAntiSpyware.com
2012-01-31 06:38 . 2012-01-31 06:39   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-01-31 06:38 . 2012-01-31 06:38   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-01-31 06:35 . 2012-01-31 06:35   388096   ----a-r-   c:\users\Caleb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-31 06:35 . 2012-01-31 06:35   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-01-31 01:05 . 2012-01-31 01:05   --------   d-----w-   C:\cinject_0.4.3
2012-01-31 00:40 . 2012-01-31 00:40   --------   d-----w-   c:\program files (x86)\Safari
2012-01-30 04:40 . 2012-02-18 06:31   --------   d-----w-   c:\users\Caleb\AppData\Local\Spotify
2012-01-30 04:40 . 2012-02-18 06:16   --------   d-----w-   c:\users\Caleb\AppData\Roaming\Spotify
2012-01-26 06:37 . 2011-11-17 05:28   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 20:43 . 2011-03-01 23:10   87456   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll
2012-02-10 20:43 . 2011-03-01 23:10   34688   ----a-w-   c:\windows\system32\LMIport.dll
2012-02-10 20:43 . 2011-03-01 23:10   80768   ----a-w-   c:\windows\system32\LMIinit.dll
2012-01-29 11:10 . 2010-11-21 03:27   279656   ------w-   c:\windows\system32\MpSigStub.exe
2012-01-17 10:24 . 2012-01-17 10:24   91648   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2012-01-17 10:24 . 2012-01-17 10:24   89088   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2012-01-17 10:24 . 2012-01-17 10:24   86528   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2012-01-17 10:24 . 2012-01-17 10:24   85504   ----a-w-   c:\windows\system32\iesetup.dll
2012-01-17 10:24 . 2012-01-17 10:24   76800   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-17 10:24 . 2012-01-17 10:24   76800   ----a-w-   c:\windows\system32\tdc.ocx
2012-01-17 10:24 . 2012-01-17 10:24   74752   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-17 10:24 . 2012-01-17 10:24   74752   ----a-w-   c:\windows\SysWow64\iesetup.dll
2012-01-17 10:24 . 2012-01-17 10:24   63488   ----a-w-   c:\windows\SysWow64\tdc.ocx
2012-01-17 10:24 . 2012-01-17 10:24   603648   ----a-w-   c:\windows\system32\vbscript.dll
2012-01-17 10:24 . 2012-01-17 10:24   49664   ----a-w-   c:\windows\system32\imgutil.dll
2012-01-17 10:24 . 2012-01-17 10:24   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2012-01-17 10:24 . 2012-01-17 10:24   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2012-01-17 10:24 . 2012-01-17 10:24   448512   ----a-w-   c:\windows\system32\html.iec
2012-01-17 10:24 . 2012-01-17 10:24   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2012-01-17 10:24 . 2012-01-17 10:24   367104   ----a-w-   c:\windows\SysWow64\html.iec
2012-01-17 10:24 . 2012-01-17 10:24   35840   ----a-w-   c:\windows\SysWow64\imgutil.dll
2012-01-17 10:24 . 2012-01-17 10:24   30720   ----a-w-   c:\windows\system32\licmgr10.dll
2012-01-17 10:24 . 2012-01-17 10:24   23552   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2012-01-17 10:24 . 2012-01-17 10:24   222208   ----a-w-   c:\windows\system32\msls31.dll
2012-01-17 10:24 . 2012-01-17 10:24   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-01-17 10:24 . 2012-01-17 10:24   165888   ----a-w-   c:\windows\system32\iexpress.exe
2012-01-17 10:24 . 2012-01-17 10:24   161792   ----a-w-   c:\windows\SysWow64\msls31.dll
2012-01-17 10:24 . 2012-01-17 10:24   160256   ----a-w-   c:\windows\system32\wextract.exe
2012-01-17 10:24 . 2012-01-17 10:24   152064   ----a-w-   c:\windows\SysWow64\wextract.exe
2012-01-17 10:24 . 2012-01-17 10:24   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2012-01-17 10:24 . 2012-01-17 10:24   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2012-01-17 10:24 . 2012-01-17 10:24   135168   ----a-w-   c:\windows\system32\IEAdvpack.dll
2012-01-17 10:24 . 2012-01-17 10:24   12288   ----a-w-   c:\windows\system32\mshta.exe
2012-01-17 10:24 . 2012-01-17 10:24   11776   ----a-w-   c:\windows\SysWow64\mshta.exe
2012-01-17 10:24 . 2012-01-17 10:24   114176   ----a-w-   c:\windows\system32\admparse.dll
2012-01-17 10:24 . 2012-01-17 10:24   111616   ----a-w-   c:\windows\system32\iesysprep.dll
2012-01-17 10:24 . 2012-01-17 10:24   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2012-01-17 10:24 . 2012-01-17 10:24   101888   ----a-w-   c:\windows\SysWow64\admparse.dll
2012-01-01 19:03 . 2011-05-17 16:28   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-18 06:04 . 2011-03-01 23:10   87456   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-18 06:04 . 2011-03-01 23:10   80768   ----a-w-   c:\windows\system32\LMIinit.dll.000.bak
2011-12-10 21:24 . 2011-04-02 06:48   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2011-02-26 01:11   256960   ----a-w-   c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"FILE NAME"="c:\program files (x86)\Razer\Nostromo\t2Hid.exe" [2011-02-21 254976]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-07 9936000]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"FastFox"="c:\program files (x86)\NCH Software\FastFox\fastfox.exe" [2012-01-30 721412]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteDir[B64] WIPE_B64.TMP"="RD" [X]
"DeleteDir[B82] Alien Arena 7_50"="RD" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-29 240288]
.
c:\users\Caleb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Caleb\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-9-21 4142448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 1079584]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys

R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2009-05-28 43704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dualshock3;SIXAXIS/DUALSHOCK3 (USB) Beta;c:\windows\system32\DRIVERS\dualshock3_x64.sys
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-02-01 105800]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSIC0C7.tmp [2011-07-02 102400]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-10 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
R2 S3D Service (Win32);S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-03-19 360960]
R2 S3D Service (Win64);S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-03-19 614400]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
R2 uvnc_service_gs;uvnc_service_gs;c:\program files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe [2010-06-12 1587536]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 MegaSR1;MegaSR1;c:\windows\system32\drivers\MegaSR1.sys
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys
R3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\DRIVERS\PTQHBUS.sys
R3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\DRIVERS\PTQHMDM.sys
R3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\DRIVERS\PTQHVSP.sys
R3 rtl8190pn64;Realtek RTL8190 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl8190p.sys
R3 Si3124r5;Si3124r5;c:\windows\system32\drivers\Si3124r5.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge64.sys
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys
S3 T2Fltr;Razer Nostromo;c:\windows\system32\drivers\T2Fltr.sys
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys
S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;c:\windows\system32\DRIVERS\VJoystick.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 02:52]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 02:52]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821527708-2350592380-21829395-1000Core.job
- c:\users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 01:04]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821527708-2350592380-21829395-1000UA.job
- c:\users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 01:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"combofix"="c:\combofix\CF10159.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelContextmenu"="del" [X]
"combofix"="c:\combofix\CF10159.3XE" [2010-11-21 345088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi5"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ilasm266.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20111012
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111012&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Toolbar-Locked - (no file)
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AndreaMosaic - c:\windows\iun6002.exe
AddRemove-OpenAL - c:\program files (x86)\OpenAL\oalinst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSIC0C7.tmp\" -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
.
[HKEY_USERS\S-1-5-21-2821527708-2350592380-21829395-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,1e,45,aa,f8,44,39,70,f2,eb,9b,c8,c7,1c,4e,b1,42,b3,8d,0c,bb,67,34,
b8,6f,b0,75,26,f7,7a,52,ca,c0,63,03,e5,ac,ae,6c,cd,0a,24,dd,0f,f4,d3,26,be,\
"??"=hex:3a,77,22,69,6d,c5,c6,1c,be,d9,b0,24,93,d3,99,26
.
[HKEY_USERS\S-1-5-21-2821527708-2350592380-21829395-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,a3,52,82,2e,11,c6,f7,44,b3,89,ba,e0,2d,2d,2e,02,0c,dc,71,02,
5d,33,4c,94,3d,f3,29,72,6b,59,11,e6,57,66,67,92,f1,dc,6b,17,d9,8c,ce,10,32,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-22 16:37:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 22:37
.
Pre-Run: 654,473,363,456 bytes free
Post-Run: 657,000,640,512 bytes free
.
- - End Of File - - 9F83AF28BC382C95099D28ECBA098769

Corrine · February 23, 2012, 02:18:52 AM

Any improvement in the symptoms?

Quote from: cspence2393 on February 21, 2012, 01:58:36 AM
Symptoms:
Unable to use notepad, command prompt, change time and date, device manager, etc.
Gradually slower response times until computer is unusable.
Repeated black screens of death (after log in only a cursor appears) requiring fixing the boot record.
Interference with security software including scans.

Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

cspence2393 · February 24, 2012, 05:56:12 AM

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6dbaaa35ad59614988e5bafb443d821a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-24 05:52:46
# local_time=2012-02-23 11:52:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 81602525 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=337117
# found=3
# cleaned=0
# scan_time=3690
C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll   a variant of Win32/Packed.VMProtect.AAD trojan (unable to clean)   00000000000000000000000000000000   I
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll   a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean)   00000000000000000000000000000000   I
C:\Users\Caleb\Downloads\BestUninstallTool_Setup.exe   a variant of Win32/PerfectUninstaller application (unable to clean)   00000000000000000000000000000000   I

Booting not in safe mode results in a black screen of death. I can fix the boot record but I have to repeat the process each time. Safe mode is fine.

Corrine · February 24, 2012, 03:02:54 PM

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

cspence2393 · February 25, 2012, 02:07:30 AM

19:36:53.0369 1780   TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
19:36:53.0759 1780   ============================================================
19:36:53.0759 1780   Current date / time: 2012/02/24 19:36:53.0759
19:36:53.0759 1780   SystemInfo:
19:36:53.0759 1780
19:36:53.0759 1780   OS Version: 6.1.7601 ServicePack: 1.0
19:36:53.0759 1780   Product type: Workstation
19:36:53.0759 1780   ComputerName: CALEB-VM
19:36:53.0759 1780   UserName: Caleb
19:36:53.0759 1780   Windows directory: C:\Windows
19:36:53.0759 1780   System windows directory: C:\Windows
19:36:53.0759 1780   Running under WOW64
19:36:53.0759 1780   Processor architecture: Intel x64
19:36:53.0759 1780   Number of processors: 4
19:36:53.0759 1780   Page size: 0x1000
19:36:53.0759 1780   Boot type: Safe boot with network
19:36:53.0759 1780   ============================================================
19:36:54.0508 1780   Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
19:36:54.0508 1780   Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:36:54.0539 1780   \Device\Harddisk0\DR0:
19:36:54.0539 1780   MBR used
19:36:54.0539 1780   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:36:54.0570 1780   Initialize success
19:36:54.0570 1780   ============================================================
19:37:47.0042 2512   ============================================================
19:37:47.0042 2512   Scan started
19:37:47.0043 2512   Mode: Manual;
19:37:47.0043 2512   ============================================================
19:37:47.0922 2512   1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
19:37:47.0924 2512   1394ohci - ok
19:37:47.0943 2512   ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:37:47.0946 2512   ACPI - ok
19:37:47.0970 2512   AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:37:47.0971 2512   AcpiPmi - ok
19:37:48.0008 2512   adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:37:48.0013 2512   adp94xx - ok
19:37:48.0052 2512   adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:37:48.0056 2512   adpahci - ok
19:37:48.0069 2512   adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:37:48.0071 2512   adpu320 - ok
19:37:48.0121 2512   AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:37:48.0124 2512   AFD - ok
19:37:48.0180 2512   agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:37:48.0181 2512   agp440 - ok
19:37:48.0213 2512   ahcix64s (dada9751964a7d217a762c873c332b0e) C:\Windows\system32\drivers\ahcix64s.sys
19:37:48.0215 2512   ahcix64s - ok
19:37:48.0250 2512   aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:37:48.0251 2512   aliide - ok
19:37:48.0276 2512   amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:37:48.0277 2512   amdide - ok
19:37:48.0301 2512   AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:37:48.0302 2512   AmdK8 - ok
19:37:48.0432 2512   amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
19:37:48.0523 2512   amdkmdag - ok
19:37:48.0569 2512   amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
19:37:48.0569 2512   amdkmdap - ok
19:37:48.0601 2512   AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:37:48.0601 2512   AmdPPM - ok
19:37:48.0647 2512   amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:37:48.0647 2512   amdsata - ok
19:37:48.0663 2512   amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:37:48.0663 2512   amdsbs - ok
19:37:48.0679 2512   amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:37:48.0679 2512   amdxata - ok
19:37:48.0725 2512   AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:37:48.0725 2512   AppID - ok
19:37:48.0819 2512   arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:37:48.0819 2512   arc - ok
19:37:48.0835 2512   arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:37:48.0835 2512   arcsas - ok
19:37:48.0835 2512   AsIO - ok
19:37:48.0881 2512   AsUpIO - ok
19:37:48.0897 2512   AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:37:48.0897 2512   AsyncMac - ok
19:37:48.0928 2512   atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:37:48.0928 2512   atapi - ok
19:37:48.0959 2512   AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
19:37:48.0959 2512   AtiHDAudioService - ok
19:37:49.0006 2512   b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:37:49.0022 2512   b06bdrv - ok
19:37:49.0084 2512   b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:37:49.0084 2512   b57nd60a - ok
19:37:49.0100 2512   Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:37:49.0100 2512   Beep - ok
19:37:49.0131 2512   blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:37:49.0131 2512   blbdrive - ok
19:37:49.0178 2512   bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:37:49.0178 2512   bowser - ok
19:37:49.0193 2512   BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:37:49.0193 2512   BrFiltLo - ok
19:37:49.0209 2512   BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:37:49.0209 2512   BrFiltUp - ok
19:37:49.0303 2512   BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:37:49.0303 2512   BridgeMP - ok
19:37:49.0318 2512   Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:37:49.0334 2512   Brserid - ok
19:37:49.0349 2512   BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:37:49.0349 2512   BrSerWdm - ok
19:37:49.0381 2512   BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:37:49.0381 2512   BrUsbMdm - ok
19:37:49.0396 2512   BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:37:49.0396 2512   BrUsbSer - ok
19:37:49.0427 2512   BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
19:37:49.0427 2512   BTCFilterService - ok
19:37:49.0459 2512   BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
19:37:49.0459 2512   BthEnum - ok
19:37:49.0521 2512   BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:37:49.0521 2512   BTHMODEM - ok
19:37:49.0568 2512   BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:37:49.0568 2512   BthPan - ok
19:37:49.0615 2512   BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
19:37:49.0630 2512   BTHPORT - ok
19:37:49.0661 2512   BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
19:37:49.0661 2512   BTHUSB - ok
19:37:49.0693 2512   btwaudio (ba1498a4c7e7372654433648a61434a7) C:\Windows\system32\drivers\btwaudio.sys
19:37:49.0693 2512   btwaudio - ok
19:37:49.0724 2512   btwavdt (ba66ceb74d49e00820c2c8d34c9caa83) C:\Windows\system32\DRIVERS\btwavdt.sys
19:37:49.0724 2512   btwavdt - ok
19:37:49.0817 2512   btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:37:49.0817 2512   btwl2cap - ok
19:37:49.0833 2512   btwrchid (138771ea158e3d7a14b0e0e357c8ca93) C:\Windows\system32\DRIVERS\btwrchid.sys
19:37:49.0833 2512   btwrchid - ok
19:37:49.0880 2512   catchme - ok
19:37:49.0895 2512   cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:37:49.0895 2512   cdfs - ok
19:37:49.0927 2512   cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:37:49.0927 2512   cdrom - ok
19:37:49.0989 2512   circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:37:49.0989 2512   circlass - ok
19:37:50.0020 2512   CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:37:50.0020 2512   CLFS - ok
19:37:50.0067 2512   CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:37:50.0068 2512   CmBatt - ok
19:37:50.0080 2512   cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:37:50.0081 2512   cmdide - ok
19:37:50.0114 2512   CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:37:50.0118 2512   CNG - ok
19:37:50.0145 2512   Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:37:50.0146 2512   Compbatt - ok
19:37:50.0170 2512   CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:37:50.0170 2512   CompositeBus - ok
19:37:50.0212 2512   crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:37:50.0213 2512   crcdisk - ok
19:37:50.0245 2512   DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:37:50.0246 2512   DfsC - ok
19:37:50.0259 2512   discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:37:50.0259 2512   discache - ok
19:37:50.0273 2512   Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:37:50.0274 2512   Disk - ok
19:37:50.0303 2512   drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:37:50.0303 2512   drmkaud - ok
19:37:50.0333 2512   dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:37:50.0336 2512   dtsoftbus01 - ok
19:37:50.0363 2512   dualshock3 (578af51b92667da718cc0a061edc0e33) C:\Windows\system32\DRIVERS\dualshock3_x64.sys
19:37:50.0364 2512   dualshock3 - ok
19:37:50.0420 2512   DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:37:50.0429 2512   DXGKrnl - ok
19:37:50.0482 2512   ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:37:50.0512 2512   ebdrv - ok
19:37:50.0568 2512   elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:37:50.0573 2512   elxstor - ok
19:37:50.0633 2512   ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:37:50.0634 2512   ErrDev - ok
19:37:50.0655 2512   exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:37:50.0657 2512   exfat - ok
19:37:50.0681 2512   fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:37:50.0683 2512   fastfat - ok
19:37:50.0701 2512   fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:37:50.0702 2512   fdc - ok
19:37:50.0711 2512   FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:37:50.0712 2512   FileInfo - ok
19:37:50.0739 2512   Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:37:50.0739 2512   Filetrace - ok
19:37:50.0754 2512   flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:37:50.0755 2512   flpydisk - ok
19:37:50.0786 2512   FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:37:50.0789 2512   FltMgr - ok
19:37:50.0805 2512   FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:37:50.0805 2512   FsDepends - ok
19:37:50.0859 2512   Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:37:50.0859 2512   Fs_Rec - ok
19:37:51.0003 2512   fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:37:51.0004 2512   fvevol - ok
19:37:51.0019 2512   gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:37:51.0020 2512   gagp30kx - ok
19:37:51.0053 2512   gbridge (830e853d557da8f4d9449699e53cbee0) C:\Windows\system32\DRIVERS\gbridge64.sys
19:37:51.0054 2512   gbridge - ok
19:37:51.0102 2512   GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:37:51.0103 2512   GEARAspiWDM - ok
19:37:51.0136 2512   hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:37:51.0137 2512   hcw85cir - ok
19:37:51.0180 2512   HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:37:51.0184 2512   HdAudAddService - ok
19:37:51.0206 2512   HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:37:51.0207 2512   HDAudBus - ok
19:37:51.0264 2512   HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:37:51.0264 2512   HidBatt - ok
19:37:51.0279 2512   HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:37:51.0280 2512   HidBth - ok
19:37:51.0302 2512   HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:37:51.0303 2512   HidIr - ok
19:37:51.0338 2512   HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:37:51.0339 2512   HidUsb - ok
19:37:51.0381 2512   HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:37:51.0382 2512   HpSAMD - ok
19:37:51.0421 2512   HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:37:51.0427 2512   HTTP - ok
19:37:51.0482 2512   hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:37:51.0483 2512   hwpolicy - ok
19:37:51.0517 2512   i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:37:51.0519 2512   i8042prt - ok
19:37:51.0554 2512   iaStor (5f118f3081afbc833a2d9cd1c213411a) C:\Windows\system32\drivers\iaStor.sys
19:37:51.0559 2512   iaStor - ok
19:37:51.0587 2512   iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:37:51.0591 2512   iaStorV - ok
19:37:51.0616 2512   iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:37:51.0616 2512   iirsp - ok
19:37:51.0628 2512   intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:37:51.0629 2512   intelide - ok
19:37:51.0695 2512   intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:37:51.0696 2512   intelppm - ok
19:37:51.0723 2512   IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:37:51.0723 2512   IpFilterDriver - ok
19:37:51.0738 2512   IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:37:51.0739 2512   IPMIDRV - ok
19:37:51.0754 2512   IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:37:51.0756 2512   IPNAT - ok
19:37:51.0804 2512   IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:37:51.0805 2512   IRENUM - ok
19:37:51.0826 2512   isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:37:51.0826 2512   isapnp - ok
19:37:51.0844 2512   iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:37:51.0879 2512   iScsiPrt - ok
19:37:51.0943 2512   ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
19:37:51.0945 2512   ISODrive - ok
19:37:51.0989 2512   iZ3DInjectionDriver (ae72046ad733d2764d5de373de0cc180) C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys
19:37:51.0991 2512   iZ3DInjectionDriver - ok
19:37:52.0044 2512   kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:37:52.0045 2512   kbdclass - ok
19:37:52.0064 2512   kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:37:52.0065 2512   kbdhid - ok
19:37:52.0107 2512   KORGUMDS (b3f33ead5e5ad0704c4ae8d9cb2d4a2e) C:\Windows\system32\Drivers\KORGUM64.SYS
19:37:52.0108 2512   KORGUMDS - ok
19:37:52.0135 2512   KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:37:52.0136 2512   KSecDD - ok
19:37:52.0157 2512   KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:37:52.0158 2512   KSecPkg - ok
19:37:52.0175 2512   ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:37:52.0175 2512   ksthunk - ok
19:37:52.0263 2512   lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:37:52.0263 2512   lltdio - ok
19:37:52.0328 2512   LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
19:37:52.0329 2512   LMIInfo - ok
19:37:52.0380 2512   lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
19:37:52.0380 2512   lmimirr - ok
19:37:52.0395 2512   LMIRfsClientNP - ok
19:37:52.0412 2512   LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
19:37:52.0413 2512   LMIRfsDriver - ok
19:37:52.0463 2512   LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:37:52.0480 2512   LSI_FC - ok
19:37:52.0519 2512   LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:37:52.0521 2512   LSI_SAS - ok
19:37:52.0547 2512   LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:37:52.0548 2512   LSI_SAS2 - ok
19:37:52.0569 2512   LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:37:52.0570 2512   LSI_SCSI - ok
19:37:52.0607 2512   luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:37:52.0608 2512   luafv - ok
19:37:52.0633 2512   ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
19:37:52.0634 2512   ManyCam - ok
19:37:52.0664 2512   MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:37:52.0665 2512   MBAMProtector - ok
19:37:52.0716 2512   megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:37:52.0717 2512   megasas - ok
19:37:52.0763 2512   MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:37:52.0766 2512   MegaSR - ok
19:37:52.0810 2512   MegaSR1 (99f2b93c85f76722919133f656ea2958) C:\Windows\system32\drivers\MegaSR1.sys
19:37:52.0815 2512   MegaSR1 - ok
19:37:52.0862 2512   Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:37:52.0862 2512   Modem - ok
19:37:52.0915 2512   monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:37:52.0916 2512   monitor - ok
19:37:52.0952 2512   motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
19:37:52.0952 2512   motandroidusb - ok
19:37:53.0009 2512   motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
19:37:53.0010 2512   motccgp - ok
19:37:53.0041 2512   motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
19:37:53.0042 2512   motccgpfl - ok
19:37:53.0083 2512   MotioninJoyXFilter (eb03d4164e7f10b601d280413655ade4) C:\Windows\system32\DRIVERS\MijXfilt.sys
19:37:53.0085 2512   MotioninJoyXFilter - ok
19:37:53.0108 2512   motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
19:37:53.0109 2512   motmodem - ok
19:37:53.0165 2512   MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
19:37:53.0165 2512   MotoSwitchService - ok
19:37:53.0179 2512   Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
19:37:53.0180 2512   Motousbnet - ok
19:37:53.0202 2512   motport (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motport.sys
19:37:53.0203 2512   motport - ok
19:37:53.0237 2512   motusbdevice - ok
19:37:53.0271 2512   mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:37:53.0272 2512   mouclass - ok
19:37:53.0293 2512   mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:37:53.0293 2512   mouhid - ok
19:37:53.0307 2512   mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:37:53.0308 2512   mountmgr - ok
19:37:53.0329 2512   mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:37:53.0331 2512   mpio - ok
19:37:53.0346 2512   mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:37:53.0347 2512   mpsdrv - ok
19:37:53.0366 2512   MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:37:53.0367 2512   MRxDAV - ok
19:37:53.0411 2512   mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:37:53.0412 2512   mrxsmb - ok
19:37:53.0444 2512   mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:37:53.0446 2512   mrxsmb10 - ok
19:37:53.0454 2512   mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:37:53.0454 2512   mrxsmb20 - ok
19:37:53.0480 2512   msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:37:53.0481 2512   msahci - ok
19:37:53.0500 2512   msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:37:53.0506 2512   msdsm - ok
19:37:53.0525 2512   Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:37:53.0525 2512   Msfs - ok
19:37:53.0548 2512   mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:37:53.0548 2512   mshidkmdf - ok
19:37:53.0575 2512   msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:37:53.0576 2512   msisadrv - ok
19:37:53.0632 2512   MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:37:53.0632 2512   MSKSSRV - ok
19:37:53.0648 2512   MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:37:53.0649 2512   MSPCLOCK - ok
19:37:53.0671 2512   MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:37:53.0671 2512   MSPQM - ok
19:37:53.0694 2512   MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:37:53.0697 2512   MsRPC - ok
19:37:53.0723 2512   mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:37:53.0724 2512   mssmbios - ok
19:37:53.0747 2512   MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:37:53.0747 2512   MSTEE - ok
19:37:53.0761 2512   MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:37:53.0761 2512   MTConfig - ok
19:37:53.0789 2512   MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
19:37:53.0789 2512   MTsensor - ok
19:37:53.0808 2512   Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:37:53.0809 2512   Mup - ok
19:37:53.0860 2512   mv91cons (b54b122dcea87b66c6dc4a364fb1453f) C:\Windows\system32\drivers\mv91cons.sys
19:37:53.0860 2512   mv91cons - ok
19:37:53.0885 2512   mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\drivers\mv91xx.sys
19:37:53.0886 2512   mv91xx - ok
19:37:53.0918 2512   NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:37:53.0920 2512   NativeWifiP - ok
19:37:53.0953 2512   NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:37:53.0961 2512   NDIS - ok
19:37:53.0986 2512   NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:37:53.0986 2512   NdisCap - ok
19:37:54.0014 2512   NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:37:54.0014 2512   NdisTapi - ok
19:37:54.0054 2512   Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:37:54.0055 2512   Ndisuio - ok
19:37:54.0063 2512   NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:37:54.0064 2512   NdisWan - ok
19:37:54.0080 2512   NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:37:54.0081 2512   NDProxy - ok
19:37:54.0100 2512   NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:37:54.0100 2512   NetBIOS - ok
19:37:54.0110 2512   NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:37:54.0111 2512   NetBT - ok
19:37:54.0149 2512   netr7364 (621559a521682a888d83db34c6ec0bf8) C:\Windows\system32\DRIVERS\netr7364.sys
19:37:54.0156 2512   netr7364 - ok
19:37:54.0189 2512   nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:37:54.0190 2512   nfrd960 - ok
19:37:54.0238 2512   Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:37:54.0238 2512   Npfs - ok
19:37:54.0250 2512   nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:37:54.0250 2512   nsiproxy - ok
19:37:54.0296 2512   Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:37:54.0311 2512   Ntfs - ok
19:37:54.0322 2512   Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:37:54.0322 2512   Null - ok
19:37:54.0351 2512   nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:37:54.0352 2512   nusb3hub - ok
19:37:54.0380 2512   nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:37:54.0389 2512   nusb3xhc - ok
19:37:54.0449 2512   nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:37:54.0451 2512   nvraid - ok
19:37:54.0482 2512   nvrd64 (8787d3eece88611a313de7608c44c04d) C:\Windows\system32\drivers\nvrd64.sys
19:37:54.0485 2512   nvrd64 - ok
19:37:54.0502 2512   nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:37:54.0504 2512   nvstor - ok
19:37:54.0545 2512   nvstor64 (f3d7b0ede156583f6fd3d2b5e898e2b6) C:\Windows\system32\drivers\nvstor64.sys
19:37:54.0546 2512   nvstor64 - ok
19:37:54.0575 2512   nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:37:54.0576 2512   nv_agp - ok
19:37:54.0625 2512   OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys
19:37:54.0628 2512   OA002Afx - ok
19:37:54.0645 2512   OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys
19:37:54.0647 2512   OA002Ufd - ok
19:37:54.0682 2512   OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys
19:37:54.0685 2512   OA002Vid - ok
19:37:54.0704 2512   ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:37:54.0704 2512   ohci1394 - ok
19:37:54.0728 2512   Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:37:54.0729 2512   Parport - ok
19:37:54.0752 2512   partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:37:54.0752 2512   partmgr - ok
19:37:54.0762 2512   pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:37:54.0763 2512   pci - ok
19:37:54.0776 2512   pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:37:54.0776 2512   pciide - ok
19:37:54.0811 2512   pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:37:54.0813 2512   pcmcia - ok
19:37:54.0861 2512   pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:37:54.0861 2512   pcw - ok
19:37:54.0877 2512   PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:37:54.0882 2512   PEAUTH - ok
19:37:54.0906 2512   PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:37:54.0906 2512   PptpMiniport - ok
19:37:54.0927 2512   Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:37:54.0928 2512   Processor - ok
19:37:54.0977 2512   Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:37:54.0977 2512   Psched - ok
19:37:55.0027 2512   PTQHBUS (3587aa9e55e439274def53726563a3dc) C:\Windows\system32\DRIVERS\PTQHBUS.sys
19:37:55.0028 2512   PTQHBUS - ok
19:37:55.0065 2512   PTQHMDM (06d4b597397d56f4becc2f17267a37c6) C:\Windows\system32\DRIVERS\PTQHMDM.sys
19:37:55.0067 2512   PTQHMDM - ok
19:37:55.0086 2512   PTQHVSP (a8aced23323c5d67424bc4e644d78ba8) C:\Windows\system32\DRIVERS\PTQHVSP.sys
19:37:55.0088 2512   PTQHVSP - ok
19:37:55.0134 2512   ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:37:55.0148 2512   ql2300 - ok
19:37:55.0168 2512   ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:37:55.0169 2512   ql40xx - ok
19:37:55.0185 2512   QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:37:55.0185 2512   QWAVEdrv - ok
19:37:55.0206 2512   RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:37:55.0207 2512   RasAcd - ok
19:37:55.0288 2512   RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:37:55.0288 2512   RasAgileVpn - ok
19:37:55.0301 2512   Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:37:55.0302 2512   Rasl2tp - ok
19:37:55.0311 2512   RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:37:55.0311 2512   RasPppoe - ok
19:37:55.0319 2512   RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:37:55.0319 2512   RasSstp - ok
19:37:55.0329 2512   rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:37:55.0331 2512   rdbss - ok
19:37:55.0358 2512   rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:37:55.0359 2512   rdpbus - ok
19:37:55.0380 2512   RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:37:55.0380 2512   RDPCDD - ok
19:37:55.0413 2512   RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:37:55.0413 2512   RDPENCDD - ok
19:37:55.0421 2512   RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:37:55.0421 2512   RDPREFMP - ok
19:37:55.0445 2512   RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:37:55.0446 2512   RDPWD - ok
19:37:55.0498 2512   rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:37:55.0499 2512   rdyboost - ok
19:37:55.0574 2512   RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:37:55.0576 2512   RFCOMM - ok
19:37:55.0600 2512   rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:37:55.0600 2512   rspndr - ok
19:37:55.0630 2512   RTHDMIAzAudService (116d03e901246ac7af006121e1e22842) C:\Windows\system32\drivers\RtHDMIVX.sys
19:37:55.0632 2512   RTHDMIAzAudService - ok
19:37:55.0661 2512   RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:37:55.0665 2512   RTL8167 - ok
19:37:55.0703 2512   rtl8190pn64 (a052fec0974fa649dab1f01cf96f45d7) C:\Windows\system32\DRIVERS\rtl8190p.sys
19:37:55.0708 2512   rtl8190pn64 - ok
19:37:55.0760 2512   rtl819xpn64 (ad462be7b3899e4f1ac2256381578b2c) C:\Windows\system32\DRIVERS\rtl819xp.sys
19:37:55.0766 2512   rtl819xpn64 - ok
19:37:55.0796 2512   RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
19:37:55.0797 2512   RzSynapse - ok
19:37:55.0872 2512   SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:37:55.0873 2512   SASDIFSV - ok
19:37:55.0875 2512   SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:37:55.0876 2512   SASKUTIL - ok
19:37:55.0901 2512   sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:37:55.0902 2512   sbp2port - ok
19:37:55.0938 2512   scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:37:55.0939 2512   scfilter - ok
19:37:55.0988 2512   secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:37:55.0988 2512   secdrv - ok
19:37:56.0031 2512   Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:37:56.0031 2512   Serenum - ok
19:37:56.0043 2512   Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:37:56.0045 2512   Serial - ok
19:37:56.0062 2512   sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:37:56.0062 2512   sermouse - ok
19:37:56.0080 2512   sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:37:56.0080 2512   sffdisk - ok
19:37:56.0102 2512   sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:37:56.0102 2512   sffp_mmc - ok
19:37:56.0109 2512   sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:37:56.0110 2512   sffp_sd - ok
19:37:56.0130 2512   sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:37:56.0130 2512   sfloppy - ok
19:37:56.0190 2512   Si3124r5 (da492c8305434ec6f9bdd60c8b83b10e) C:\Windows\system32\drivers\Si3124r5.sys
19:37:56.0193 2512   Si3124r5 - ok
19:37:56.0234 2512   SiFilter (8d10887a1699cf61e74467694b929b09) C:\Windows\system32\drivers\SiWinAcc.sys
19:37:56.0235 2512   SiFilter - ok
19:37:56.0242 2512   SiRemFil (94e1eda9a0b305a67ee1bbd0a68ce21a) C:\Windows\system32\drivers\SiRemFil.sys
19:37:56.0243 2512   SiRemFil - ok
19:37:56.0276 2512   SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:37:56.0276 2512   SiSRaid2 - ok
19:37:56.0293 2512   SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:37:56.0294 2512   SiSRaid4 - ok
19:37:56.0317 2512   Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:37:56.0318 2512   Smb - ok
19:37:56.0349 2512   spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:37:56.0350 2512   spldr - ok
19:37:56.0377 2512   srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:37:56.0380 2512   srv - ok
19:37:56.0405 2512   srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:37:56.0408 2512   srv2 - ok
19:37:56.0416 2512   srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:37:56.0417 2512   srvnet - ok
19:37:56.0482 2512   stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:37:56.0482 2512   stexstor - ok
19:37:56.0501 2512   swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:37:56.0502 2512   swenum - ok
19:37:56.0537 2512   T2Fltr (e4e85e55f66f4f620cc8ee8c4e26139c) C:\Windows\system32\drivers\T2Fltr.sys
19:37:56.0537 2512   T2Fltr - ok
19:37:56.0588 2512   Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:37:56.0605 2512   Tcpip - ok
19:37:56.0647 2512   TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:37:56.0652 2512   TCPIP6 - ok
19:37:56.0669 2512   tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:37:56.0670 2512   tcpipreg - ok
19:37:56.0723 2512   TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:37:56.0723 2512   TDPIPE - ok
19:37:56.0734 2512   TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:37:56.0734 2512   TDTCP - ok
19:37:56.0761 2512   tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:37:56.0761 2512   tdx - ok
19:37:56.0784 2512   TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:37:56.0785 2512   TermDD - ok
19:37:56.0815 2512   tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:37:56.0816 2512   tssecsrv - ok
19:37:56.0851 2512   TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:37:56.0851 2512   TsUsbFlt - ok
19:37:56.0870 2512   TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:37:56.0870 2512   TsUsbGD - ok
19:37:56.0930 2512   tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:37:56.0931 2512   tunnel - ok
19:37:56.0953 2512   uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:37:56.0954 2512   uagp35 - ok
19:37:56.0973 2512   udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:37:56.0975 2512   udfs - ok
19:37:56.0985 2512   uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:37:56.0986 2512   uliagpkx - ok
19:37:57.0005 2512   umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:37:57.0006 2512   umbus - ok
19:37:57.0021 2512   UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:37:57.0022 2512   UmPass - ok
19:37:57.0061 2512   USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:37:57.0062 2512   USBAAPL64 - ok
19:37:57.0104 2512   usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:37:57.0105 2512   usbaudio - ok
19:37:57.0163 2512   usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:37:57.0164 2512   usbccgp - ok
19:37:57.0206 2512   usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:37:57.0207 2512   usbcir - ok
19:37:57.0228 2512   usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:37:57.0229 2512   usbehci - ok
19:37:57.0247 2512   usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:37:57.0251 2512   usbhub - ok
19:37:57.0266 2512   usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:37:57.0267 2512   usbohci - ok
19:37:57.0344 2512   usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:37:57.0345 2512   usbprint - ok
19:37:57.0368 2512   usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:37:57.0369 2512   usbscan - ok
19:37:57.0391 2512   USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:37:57.0392 2512   USBSTOR - ok
19:37:57.0430 2512   usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:37:57.0431 2512   usbuhci - ok
19:37:57.0479 2512   usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:37:57.0481 2512   usbvideo - ok
19:37:57.0581 2512   VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
19:37:57.0583 2512   VBoxDrv - ok
19:37:57.0630 2512   VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
19:37:57.0632 2512   VBoxNetAdp - ok
19:37:57.0646 2512   VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
19:37:57.0648 2512   VBoxNetFlt - ok
19:37:57.0659 2512   VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
19:37:57.0661 2512   VBoxUSBMon - ok
19:37:57.0695 2512   vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:37:57.0696 2512   vdrvroot - ok
19:37:57.0728 2512   vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:37:57.0728 2512   vga - ok
19:37:57.0736 2512   VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:37:57.0736 2512   VgaSave - ok
19:37:57.0755 2512   vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:37:57.0757 2512   vhdmp - ok
19:37:57.0854 2512   VIAHdAudAddService (906a7c6b6659a650648cf21998270945) C:\Windows\system32\drivers\viahduaa.sys
19:37:57.0865 2512   VIAHdAudAddService - ok
19:37:57.0882 2512   viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:37:57.0883 2512   viaide - ok
19:37:57.0918 2512   VJoystick (b7f49333d2513eb1edaffdc269a23b68) C:\Windows\system32\DRIVERS\VJoystick.sys
19:37:57.0919 2512   VJoystick - ok
19:37:57.0937 2512   VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
19:37:57.0937 2512   VKbms - ok
19:37:57.0967 2512   volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:37:57.0968 2512   volmgr - ok
19:37:57.0978 2512   volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:37:57.0981 2512   volmgrx - ok
19:37:57.0991 2512   volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:37:57.0994 2512   volsnap - ok
19:37:58.0053 2512   vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:37:58.0055 2512   vsmraid - ok
19:37:58.0077 2512   vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:37:58.0077 2512   vwifibus - ok
19:37:58.0103 2512   vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:37:58.0103 2512   vwififlt - ok
19:37:58.0128 2512   vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:37:58.0128 2512   vwifimp - ok
19:37:58.0147 2512   WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:37:58.0148 2512   WacomPen - ok
19:37:58.0189 2512   WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:37:58.0190 2512   WANARP - ok
19:37:58.0192 2512   Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:37:58.0192 2512   Wanarpv6 - ok
19:37:58.0226 2512   Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:37:58.0227 2512   Wd - ok
19:37:58.0240 2512   Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:37:58.0245 2512   Wdf01000 - ok
19:37:58.0329 2512   WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:37:58.0329 2512   WfpLwf - ok
19:37:58.0354 2512   WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:37:58.0354 2512   WIMMount - ok
19:37:58.0408 2512   WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:37:58.0409 2512   WinUsb - ok
19:37:58.0448 2512   WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:37:58.0449 2512   WmiAcpi - ok
19:37:58.0489 2512   ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:37:58.0489 2512   ws2ifsl - ok
19:37:58.0541 2512   WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:37:58.0542 2512   WSDPrintDevice - ok
19:37:58.0561 2512   WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:37:58.0562 2512   WudfPf - ok
19:37:58.0571 2512   WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:37:58.0573 2512   WUDFRd - ok
19:37:58.0605 2512   xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
19:37:58.0606 2512   xusb21 - ok
19:37:58.0653 2512   MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:37:58.0696 2512   \Device\Harddisk0\DR0 - ok
19:37:58.0697 2512   Boot (0x1200) (958086814565f7cd71b2545bdbc42ba5) \Device\Harddisk0\DR0\Partition0
19:37:58.0698 2512   \Device\Harddisk0\DR0\Partition0 - ok
19:37:58.0698 2512   ============================================================
19:37:58.0698 2512   Scan finished
19:37:58.0698 2512   ============================================================
19:37:58.0711 2608   Detected object count: 0
19:37:58.0711 2608   Actual detected object count: 0
20:06:46.0956 0976   Deinitialize success

Corrine · February 26, 2012, 12:02:10 AM

Hi, cspence2393

Let's take care of the findings from the ESET scan. Please uninstall the following:

Bulletstorm-->MsiExec.exe /I{45410935-3E72-472B-8C35-AB1000008200}
BulletStorm-->MsiExec.exe /I{45410935-B52C-468A-A836-0D1000018201}
Bulletstorm-->MsiExec.exe /X{45410935-3E72-472B-8C35-AB1000008200}
Ubisoft Game Launcher

After uninstalling, check Program Files and delete the folders if left behind:

C:\Program Files (x86)\EA\Bulletstorm\
C:\Program Files (x86)\Ubisoft\

Next,

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code Select


File::
BestUninstallTool_Setup.exe

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

cspence2393 · February 26, 2012, 04:40:21 AM

ComboFix 12-02-21.01 - Caleb 02/25/2012 22:35:00.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2866 [GMT -6:00]
Running from: c:\users\Caleb\Desktop\ComboFix.exe
Command switches used :: c:\users\Caleb\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 04:35 . 2012-02-26 04:35   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2012-02-26 04:35 . 2012-02-26 04:35   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-02-24 04:46 . 2012-02-24 04:46   --------   d-----w-   c:\program files (x86)\ESET
2012-02-22 04:50 . 2012-01-06 05:15   8602168   ------w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04791B3-C41D-444F-A5AE-B2EB035CB6D2}\mpengine.dll
2012-02-19 00:57 . 2012-02-19 00:57   --------   d-----w-   c:\program files (x86)\Microsoft
2012-02-19 00:57 . 2012-02-19 00:57   --------   d-----w-   c:\program files\Unlocker
2012-02-17 23:51 . 2012-02-18 06:06   --------   d-----w-   c:\users\Caleb\AppData\Roaming\mIRC
2012-02-17 23:51 . 2012-02-17 23:51   --------   d-----w-   c:\program files (x86)\mIRC
2012-02-17 05:44 . 2012-02-18 06:40   --------   d-----w-   C:\rsit
2012-02-17 05:44 . 2012-02-17 05:44   --------   d-----w-   c:\program files\trend micro
2012-02-15 03:47 . 2012-01-04 10:44   509952   ----a-w-   c:\windows\system32\ntshrui.dll
2012-02-15 03:47 . 2012-01-04 08:58   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
2012-02-15 03:47 . 2011-12-30 06:26   515584   ----a-w-   c:\windows\system32\timedate.cpl
2012-02-15 03:47 . 2011-12-30 05:27   478720   ----a-w-   c:\windows\SysWow64\timedate.cpl
2012-02-15 03:47 . 2012-01-14 04:06   3145728   ----a-w-   c:\windows\system32\win32k.sys
2012-02-15 03:47 . 2011-12-28 03:59   498688   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-02-15 03:47 . 2011-12-16 08:46   634880   ----a-w-   c:\windows\system32\msvcrt.dll
2012-02-15 03:47 . 2011-12-16 07:52   690688   ----a-w-   c:\windows\SysWow64\msvcrt.dll
2012-02-10 20:49 . 2012-02-10 20:49   --------   d-----w-   C:\AMD
2012-02-01 03:15 . 2012-02-10 20:50   25160   ----a-w-   c:\windows\system32\drivers\hitmanpro36.sys
2012-02-01 03:13 . 2012-02-01 03:15   --------   d-----w-   c:\program files\HitmanPro
2012-02-01 03:12 . 2012-02-01 03:15   --------   d-----w-   c:\programdata\HitmanPro
2012-01-31 06:39 . 2012-01-31 06:39   --------   d-----w-   c:\users\Caleb\AppData\Roaming\SUPERAntiSpyware.com
2012-01-31 06:38 . 2012-01-31 06:39   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-01-31 06:38 . 2012-01-31 06:38   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-01-31 06:35 . 2012-01-31 06:35   388096   ----a-r-   c:\users\Caleb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-31 06:35 . 2012-01-31 06:35   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-01-31 01:05 . 2012-01-31 01:05   --------   d-----w-   C:\cinject_0.4.3
2012-01-31 00:40 . 2012-01-31 00:40   --------   d-----w-   c:\program files (x86)\Safari
2012-01-30 04:40 . 2012-02-18 06:31   --------   d-----w-   c:\users\Caleb\AppData\Local\Spotify
2012-01-30 04:40 . 2012-02-18 06:16   --------   d-----w-   c:\users\Caleb\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 20:43 . 2011-03-01 23:10   87456   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll
2012-02-10 20:43 . 2011-03-01 23:10   34688   ----a-w-   c:\windows\system32\LMIport.dll
2012-02-10 20:43 . 2011-03-01 23:10   80768   ----a-w-   c:\windows\system32\LMIinit.dll
2012-01-29 11:10 . 2010-11-21 03:27   279656   ------w-   c:\windows\system32\MpSigStub.exe
2012-01-17 10:24 . 2012-01-17 10:24   91648   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2012-01-17 10:24 . 2012-01-17 10:24   89088   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2012-01-17 10:24 . 2012-01-17 10:24   86528   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2012-01-17 10:24 . 2012-01-17 10:24   85504   ----a-w-   c:\windows\system32\iesetup.dll
2012-01-17 10:24 . 2012-01-17 10:24   76800   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-17 10:24 . 2012-01-17 10:24   76800   ----a-w-   c:\windows\system32\tdc.ocx
2012-01-17 10:24 . 2012-01-17 10:24   74752   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-17 10:24 . 2012-01-17 10:24   74752   ----a-w-   c:\windows\SysWow64\iesetup.dll
2012-01-17 10:24 . 2012-01-17 10:24   63488   ----a-w-   c:\windows\SysWow64\tdc.ocx
2012-01-17 10:24 . 2012-01-17 10:24   603648   ----a-w-   c:\windows\system32\vbscript.dll
2012-01-17 10:24 . 2012-01-17 10:24   49664   ----a-w-   c:\windows\system32\imgutil.dll
2012-01-17 10:24 . 2012-01-17 10:24   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2012-01-17 10:24 . 2012-01-17 10:24   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2012-01-17 10:24 . 2012-01-17 10:24   448512   ----a-w-   c:\windows\system32\html.iec
2012-01-17 10:24 . 2012-01-17 10:24   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2012-01-17 10:24 . 2012-01-17 10:24   367104   ----a-w-   c:\windows\SysWow64\html.iec
2012-01-17 10:24 . 2012-01-17 10:24   35840   ----a-w-   c:\windows\SysWow64\imgutil.dll
2012-01-17 10:24 . 2012-01-17 10:24   30720   ----a-w-   c:\windows\system32\licmgr10.dll
2012-01-17 10:24 . 2012-01-17 10:24   23552   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2012-01-17 10:24 . 2012-01-17 10:24   222208   ----a-w-   c:\windows\system32\msls31.dll
2012-01-17 10:24 . 2012-01-17 10:24   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-01-17 10:24 . 2012-01-17 10:24   165888   ----a-w-   c:\windows\system32\iexpress.exe
2012-01-17 10:24 . 2012-01-17 10:24   161792   ----a-w-   c:\windows\SysWow64\msls31.dll
2012-01-17 10:24 . 2012-01-17 10:24   160256   ----a-w-   c:\windows\system32\wextract.exe
2012-01-17 10:24 . 2012-01-17 10:24   152064   ----a-w-   c:\windows\SysWow64\wextract.exe
2012-01-17 10:24 . 2012-01-17 10:24   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2012-01-17 10:24 . 2012-01-17 10:24   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2012-01-17 10:24 . 2012-01-17 10:24   135168   ----a-w-   c:\windows\system32\IEAdvpack.dll
2012-01-17 10:24 . 2012-01-17 10:24   12288   ----a-w-   c:\windows\system32\mshta.exe
2012-01-17 10:24 . 2012-01-17 10:24   11776   ----a-w-   c:\windows\SysWow64\mshta.exe
2012-01-17 10:24 . 2012-01-17 10:24   114176   ----a-w-   c:\windows\system32\admparse.dll
2012-01-17 10:24 . 2012-01-17 10:24   111616   ----a-w-   c:\windows\system32\iesysprep.dll
2012-01-17 10:24 . 2012-01-17 10:24   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2012-01-17 10:24 . 2012-01-17 10:24   101888   ----a-w-   c:\windows\SysWow64\admparse.dll
2012-01-01 19:03 . 2011-05-17 16:28   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-18 06:04 . 2011-03-01 23:10   87456   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-18 06:04 . 2011-03-01 23:10   80768   ----a-w-   c:\windows\system32\LMIinit.dll.000.bak
2011-12-10 21:24 . 2011-04-02 06:48   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2011-02-26 01:11   256960   ----a-w-   c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"FILE NAME"="c:\program files (x86)\Razer\Nostromo\t2Hid.exe" [2011-02-21 254976]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-07 9936000]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"FastFox"="c:\program files (x86)\NCH Software\FastFox\fastfox.exe" [2012-01-30 721412]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteDir[B64] WIPE_B64.TMP"="RD" [X]
"DeleteDir[B82] Alien Arena 7_50"="RD" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-29 240288]
.
c:\users\Caleb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Caleb\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-9-21 4142448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 1079584]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys

R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2009-05-28 43704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dualshock3;SIXAXIS/DUALSHOCK3 (USB) Beta;c:\windows\system32\DRIVERS\dualshock3_x64.sys
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-02-01 105800]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSIC0C7.tmp [2011-07-02 102400]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-10 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
R2 S3D Service (Win32);S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-03-19 360960]
R2 S3D Service (Win64);S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-03-19 614400]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
R2 uvnc_service_gs;uvnc_service_gs;c:\program files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe [2010-06-12 1587536]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 MegaSR1;MegaSR1;c:\windows\system32\drivers\MegaSR1.sys
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys
R3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\DRIVERS\PTQHBUS.sys
R3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\DRIVERS\PTQHMDM.sys
R3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\DRIVERS\PTQHVSP.sys
R3 rtl8190pn64;Realtek RTL8190 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl8190p.sys
R3 Si3124r5;Si3124r5;c:\windows\system32\drivers\Si3124r5.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge64.sys
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys
S3 T2Fltr;Razer Nostromo;c:\windows\system32\drivers\T2Fltr.sys
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys
S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;c:\windows\system32\DRIVERS\VJoystick.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 48823194
*Deregistered* - 48823194
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 02:52]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 02:52]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821527708-2350592380-21829395-1000Core.job
- c:\users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 01:04]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821527708-2350592380-21829395-1000UA.job
- c:\users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 01:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelContextmenu"="del" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi5"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ilasm266.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20111012
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111012&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSIC0C7.tmp\" -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
.
[HKEY_USERS\S-1-5-21-2821527708-2350592380-21829395-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,1e,45,aa,f8,44,39,70,f2,eb,9b,c8,c7,1c,4e,b1,42,b3,8d,0c,bb,67,34,
b8,6f,b0,75,26,f7,7a,52,ca,c0,63,03,e5,ac,ae,6c,cd,0a,24,dd,0f,f4,d3,26,be,\
"??"=hex:3a,77,22,69,6d,c5,c6,1c,be,d9,b0,24,93,d3,99,26
.
[HKEY_USERS\S-1-5-21-2821527708-2350592380-21829395-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,a3,52,82,2e,11,c6,f7,44,b3,89,ba,e0,2d,2d,2e,02,0c,dc,71,02,
5d,33,4c,94,3d,f3,29,72,6b,59,11,e6,57,66,67,92,f1,dc,6b,17,d9,8c,ce,10,32,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Completion time: 2012-02-25 22:36:41
ComboFix-quarantined-files.txt 2012-02-26 04:36
ComboFix2.txt 2012-02-22 22:37
.
Pre-Run: 670,557,683,712 bytes free
Post-Run: 670,514,630,656 bytes free
.
- - End Of File - - 0EFC8C9E1DA7E9E147DEE964B7F84897

Corrine · February 27, 2012, 12:38:34 AM

Why was ComboFix run in Safe Mode? You had been using Normal Mode previously.

I don't care for this from the log, although ComboFix has it deregistered.

Quote--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 48823194
*Deregistered* - 48823194

Please do a new ESET scan, as instructed above

cspence2393 · February 27, 2012, 07:56:29 AM

Combofix ran in reduced functionality mode because it wasnt the latest version any more as far as I can tell. I had it in normal mode before because it was the latest version. I didn't choose for it to do any of that and I didn't deregister it. I understand if I need to get a new version but you didn't mention it so I did what you said. Ill start the eset scan tonight and post the log later.

Corrine · February 27, 2012, 02:41:07 PM

Hi, cspence2393.

If ComboFix prompted you to update, you most definitely should have done so.

cspence2393 · February 27, 2012, 10:50:21 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6dbaaa35ad59614988e5bafb443d821a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-24 05:52:46
# local_time=2012-02-23 11:52:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 81602525 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=337117
# found=3
# cleaned=0
# scan_time=3690
C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll   a variant of Win32/Packed.VMProtect.AAD trojan (unable to clean)   00000000000000000000000000000000   I
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll   a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean)   00000000000000000000000000000000   I
C:\Users\Caleb\Downloads\BestUninstallTool_Setup.exe   a variant of Win32/PerfectUninstaller application (unable to clean)   00000000000000000000000000000000   I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6dbaaa35ad59614988e5bafb443d821a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-27 09:08:27
# local_time=2012-02-27 03:08:27 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 81872899 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=332861
# found=3
# cleaned=0
# scan_time=4258
C:\Users\Caleb\Documents\sdcopy\App_Manager\App_Backups\user_apps\com.inoxapps.finger_security1.apk   a variant of Android/Adware.AirPush.A application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Caleb\Documents\sdcopy\App_Manager\App_Backups\user_apps\net.ponury.faceniff.apk   Android/HackTool.FaceNiff.A application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Caleb\Downloads\BestUninstallTool_Setup.exe   a variant of Win32/PerfectUninstaller application (unable to clean)   00000000000000000000000000000000   I

Corrine · February 28, 2012, 03:00:10 AM

I don't know what to tell you. It appears that you are getting more malware rather than getting cleaned! One file in the new ESET scan is still on your computer from the previous scan but the other two are new, apparently backed up from your phone. Thus, I suggest you check the Android store for your phone for an antivirus software. If you know what apps you recently installed, I suggest removing them.

At this point, I suggest that you go to your downloads folder and delete BestUninstallTool_Setup.exe. My research confirms it is a trojan.

It is also recommended that you delete the following two files and remove them from your phone as well:

C:\Users\Caleb\Documents\sdcopy\App_Manager\App_Backups\user_apps\com.inoxapps.finger_security1.apk
C:\Users\Caleb\Documents\sdcopy\App_Manager\App_Backups\user_apps\net.ponury.faceniff.apk

What symptoms remain?

cspence2393 · February 28, 2012, 11:17:18 PM

I think I forgot to check to scan archives last time which would account for those two apk files. They're just from a copy of my sd card from when I got a new one. I can delete them if necessary but I have them on my phone on purpose, and they aren't going to be executing anything on windows 7. They're not from a recent install, and phone is safe and sound.
As for the symptoms, I don't haven't tried to boot out of safe mode but once, and I had a black screen of death as expected. I know how to fix that, but have to repeat the process. I can check programs not running problem later tonight when I'm home.