Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SmartPCFix Infection, Unable to run DDS


  • This topic is locked This topic is locked
14 replies to this topic

#1 Punkrulz

Punkrulz

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 02 July 2013 - 03:55 PM

One post, one problem.

 

Hey guys,

 

I have been on a computer that has recently been infected with FBI Ransomware. With the help of the forum post I made located here, I was able to remove the FBI Ransomware and have since been able to use the account that was previously infected. However since removing the FBI Ransomware I can now see that SmartPCFix is installed. Per the aforementioned guide, the items that were used were:

 

RKill that didn't seem to complete.

TDSSKiller that found nothing.

MBAM

Super Antispyware

MBAR.

Rogue Killer was recommended however due to reading the forum notices first I know that was not recommended to be posted by a new member due to requiring instruction to use.

 

While making this post I have been attempting to run DDS, however this has taken well over 20 minutes to complete and is still going... so I don't have any logs for you. I would greatly appreciate any help you guys can provide and will answer any questions I can.

 

Thank you in advance!

 

UPDATE

 

DDS finally completed. Attached are the logs.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521
Run by Christine at 16:31:32 on 2013-07-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2304 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Christine\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spool\drivers\x64\3\E_FATIBPA.EXE
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uProxyOverride = 192.168.*.*;*.local
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Christine\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [EPSON Stylus Photo RX580 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_FATIBPA.EXE /FU "C:\Windows\TEMP\E_S6EE1.tmp" /EF "HKCU"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19H4219H05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
uRun: [Spotify] "C:\Users\Christine\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{455A293E-DE1E-4369-BCFE-E369AF1BFF3A} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-6 45856]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\Windows\System32\drivers\NSTx64\0200000.010\ccSetx64.sys [2012-1-16 167048]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-7-18 146816]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Christine\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-5-11 107520]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-10-31 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-10-31 128512]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-2 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-2 701512]
R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2012-1-16 138760]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-2 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-29 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2008-4-1 24576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-6-30 32000]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2010-1-20 40320]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-7-2 36680]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
.
=============== Created Last 30 ================
.
2013-07-02 07:52:13 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-02 07:51:58 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-07-02 07:26:42 -------- d-----w- C:\Users\Christine\AppData\Roaming\Malwarebytes
2013-07-02 07:26:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-02 07:26:34 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-02 07:26:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 07:26:25 -------- d-----w- C:\Users\Christine\AppData\Local\Programs
2013-07-01 03:55:32 32000 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-07-01 03:48:34 -------- d-----w- C:\Program Files\HitmanPro
2013-07-01 01:46:23 -------- d-----w- C:\ProgramData\HitmanPro
2013-06-26 13:03:35 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-06-03 13:46:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-03 13:46:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-03 13:46:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-03 13:46:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-03 13:46:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-03 13:44:21 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-03 13:44:21 -------- d-----w- C:\Program Files\iTunes
2013-06-03 13:44:21 -------- d-----w- C:\Program Files\iPod
2013-06-03 13:44:21 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2013-06-26 13:03:29 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 16:59:18.96 ===============
 

 

Attached Files


Edited by Punkrulz, 02 July 2013 - 04:06 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 07 July 2013 - 09:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

  • Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Link 1
    Link 2

    IMPORTANT !!! Save ComboFix.exe to your Desktop

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Do not install any other programs until this if fixed.


    How to : Disable Anti-virus and Firewall...
    http://www.bleepingcomputer.com/forums/topic114351.html

    Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review. I suggest you restart the computer before running this tool.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
    ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#3 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 07 July 2013 - 07:06 PM

nasdaq, Thank you for your reply! Here are the following logs that you have requested:

 

RogueKiller

 

RogueKiller V8.6.2 _x64_ [Jul  2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Christine [Admin rights]
Mode : Remove -- Date : 07/07/2013 19:17:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 :  (C:\Users\CHRIST~1\AppData\Local\Temp\sqxojsu\srptqio\wow64.dll [-]) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Scheduled tasks : 97 ¤¤¤
[V1][SUSP PATH] At18.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At17.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At16.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At15.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At14.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At13.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At12.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At11.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At10.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At1.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At27.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At26.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At25.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At24.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At23.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At22.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At21.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At20.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At2.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At19.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At36.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At35.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At34.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At33.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At32.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At31.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At30.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At3.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At29.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At28.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At45.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At44.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At43.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At42.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At41.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At40.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At4.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At39.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At38.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At37.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At9.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At8.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At7.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At6.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At5.job : C:\ProgramData\ir27M8kF.exe [-] -> DELETED
[V1][SUSP PATH] At48.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At47.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V1][SUSP PATH] At46.job : C:\ProgramData\ir27M8kF.exe_ [x] -> DELETED
[V2][ROGUE ST] 4817 : wscript.exe - C:\Users\CHRIST~1\AppData\Local\Temp\launchie.vbs //B -> DELETED
[V2][SUSP PATH] At1 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At10 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At11 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At12 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At13 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At14 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At15 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At16 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At17 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At18 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At19 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At2 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At20 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At21 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At22 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At23 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At24 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At25 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At26 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At27 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At28 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At29 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At3 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At30 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At31 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At32 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At33 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At34 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At35 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At36 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At37 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At38 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At39 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At4 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At40 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At41 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At42 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At43 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At44 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At45 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At46 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At47 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At48 : C:\ProgramData\ir27M8kF.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At5 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At6 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At7 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At8 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK
[V2][SUSP PATH] At9 : C:\ProgramData\ir27M8kF.exe [-] -> ERROR DELETING TASK

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++
--- User ---
[MBR] ca9f07da9ccdeb7d2e26ea031a0e4322
[BSP] 9fb27e9bfa67abcf9247bb6f67e180c9 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 701990 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: ST375052 8AS SCSI Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: ST375052 8AS SCSI Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: ST375052 8AS SCSI Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: ST375052 8AS SCSI Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_07072013_191740.txt >>
RKreport[0]_S_07072013_191633.txt

 

 

 

ADWCleaner

 

 

# AdwCleaner v2.304 - Logfile created 07/07/2013 at 19:21:37
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Christine - CHRISTINE-PC
# Boot Mode : Normal
# Running from : C:\Users\Christine\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Client
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Christine\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [368 octets] - [07/07/2013 19:21:25]
AdwCleaner[S2].txt - [7629 octets] - [07/07/2013 19:21:37]

########## EOF - C:\AdwCleaner[S2].txt - [7689 octets] ##########

 

 

Junkware Removal Tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Christine on Sun 07/07/2013 at 19:24:39.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{149443FC-D80D-4878-AAE9-62058772E491}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D83D77CC-9325-4438-A454-3D093D4DCD85}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{e96c5f76-de61-4e1d-b5ff-ba880fba541c}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{e96c5f76-de61-4e1d-b5ff-ba880fba541c}

 

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/07/2013 at 19:29:27.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

ComboFix

 

ComboFix 13-07-08.02 - Christine 07/07/2013  19:43:45.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2441 [GMT -4:00]
Running from: c:\users\Christine\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Microsoft\Windows\DRM\355E.tmp
c:\programdata\Microsoft\Windows\DRM\6BD5.tmp
c:\users\Christine\AppData\Roaming\047a8b96-bde4-4e0e-9eb4-0f2587d30dce
c:\users\Christine\AppData\Roaming\6616.41B
c:\users\Christine\AppData\Roaming\BC64A7
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-07 to 2013-07-07  )))))))))))))))))))))))))))))))
.
.
2013-07-07 23:53 . 2013-07-07 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-07 23:26 . 2013-07-07 23:26 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{906233B3-D881-4167-96AE-717F6BF9B203}\offreg.dll
2013-07-07 23:24 . 2013-07-07 23:24 -------- d-----w- c:\windows\ERUNT
2013-07-07 23:24 . 2013-07-07 23:24 -------- d-----w- C:\JRT
2013-07-07 23:14 . 2013-06-17 06:10 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{906233B3-D881-4167-96AE-717F6BF9B203}\mpengine.dll
2013-07-04 01:23 . 2013-07-04 01:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-04 01:23 . 2013-07-04 01:23 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-04 01:23 . 2013-07-04 01:23 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-03 07:44 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-07-03 07:44 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-07-03 07:44 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-07-03 07:44 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-07-03 07:14 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-07-03 07:14 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-07-03 07:14 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-07-03 07:14 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-07-03 07:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-07-03 07:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-07-03 07:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-07-03 07:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-07-03 07:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-07-03 07:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-07-03 07:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-07-03 07:07 . 2013-07-03 07:07 -------- d-----w- c:\program files\Microsoft Silverlight
2013-07-03 07:07 . 2013-07-03 07:07 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-07-03 04:09 . 2013-07-03 04:09 -------- d-----w- c:\program files\iPod
2013-07-03 04:09 . 2013-07-03 04:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-03 04:09 . 2013-07-03 04:09 -------- d-----w- c:\program files\iTunes
2013-07-03 04:09 . 2013-07-03 04:09 -------- d-----w- c:\program files (x86)\iTunes
2013-07-02 21:09 . 2013-07-02 21:09 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-07-02 21:09 . 2013-07-02 21:09 -------- d-----w- c:\program files\NVIDIA Corporation
2013-07-02 20:54 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-02 20:53 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-07-02 20:52 . 2012-12-07 11:20 30720 ----a-w- c:\windows\system32\usk.rs
2013-07-02 20:51 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-07-02 20:50 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-07-02 20:38 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-07-02 20:38 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-07-02 07:52 . 2013-07-02 08:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-02 07:51 . 2013-07-02 07:51 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-07-02 07:26 . 2013-07-02 07:26 -------- d-----w- c:\users\Christine\AppData\Roaming\Malwarebytes
2013-07-02 07:26 . 2013-07-02 07:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-02 07:26 . 2013-07-02 07:26 -------- d-----w- c:\programdata\Malwarebytes
2013-07-02 07:26 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-02 07:26 . 2013-07-02 07:26 -------- d-----w- c:\users\Christine\AppData\Local\Programs
2013-07-01 03:48 . 2013-07-01 03:48 -------- d-----w- c:\program files\HitmanPro
2013-07-01 01:56 . 2013-07-01 01:56 -------- d-----w- c:\users\Anthony\AppData\Roaming\SUPERAntiSpyware.com
2013-07-01 01:46 . 2013-07-01 02:55 -------- d-----w- c:\programdata\HitmanPro
2013-06-26 13:03 . 2013-07-01 01:44 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-06-13 18:30 . 2013-06-13 18:30 -------- d-----w- c:\users\Anthony\AppData\Local\AVG SafeGuard toolbar
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-04 01:23 . 2011-06-01 03:29 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-02 20:59 . 2010-09-29 20:14 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-07-02 20:42 . 2010-11-28 18:42 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-07-02 20:38 . 2010-11-28 18:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-06-26 13:03 . 2013-05-06 17:21 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-02 21:11 . 2011-10-09 22:34 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 06:06 . 2010-02-12 22:04 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-07-02 20:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-07-02 20:54 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-07-02 20:54 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 05:49 . 2013-07-02 20:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 04:45 . 2013-07-02 20:54 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-07-02 20:54 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 2672488]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-03-04 250016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R1 qubnnmlt;qubnnmlt;c:\windows\system32\drivers\qubnnmlt.sys;c:\windows\SYSNATIVE\drivers\qubnnmlt.sys [x]
R1 rirfsvbp;rirfsvbp;c:\windows\system32\drivers\rirfsvbp.sys;c:\windows\SYSNATIVE\drivers\rirfsvbp.sys [x]
R1 wwbgnhga;wwbgnhga;c:\windows\system32\drivers\wwbgnhga.sys;c:\windows\SYSNATIVE\drivers\wwbgnhga.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys;c:\windows\SYSNATIVE\DRIVERS\motport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\0200000.010\ccSetx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 22:04]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 22:04]
.
2013-07-05 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-05-06 17:47]
.
2013-07-03 c:\windows\Tasks\Norton Security Scan for Christine.job
- c:\progra~2\NORTON~2\Engine\360~1.31\Nss.exe [2011-11-11 15:22]
.
2013-07-07 c:\windows\Tasks\SmartPCFix Task.job
- c:\program files (x86)\SmartPCFix\SmartPCFix.exe [2013-05-06 03:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Spotify - c:\users\Christine\AppData\Roaming\Spotify\Spotify.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mbamchameleon
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}"=hex:51,66,7a,6c,4c,1d,38,12,cc,ed,dd,
   34,70,79,8a,05,fa,cb,c2,6b,f4,95,fc,29
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F0DA78E9-6B60-42FB-BC26-EF2CFB8C8FF3}"=hex:51,66,7a,6c,4c,1d,38,12,87,7b,c9,
   f4,52,25,95,07,c3,30,ac,6c,fe,d2,cb,e7
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:88,35,ed,49,32,1e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,7b,16,5f,c3,42,5e,45,a4,ef,7e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,7b,16,5f,c3,42,5e,45,a4,ef,7e,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-07  19:56:25
ComboFix-quarantined-files.txt  2013-07-07 23:56
.
Pre-Run: 616,316,923,904 bytes free
Post-Run: 616,540,487,680 bytes free
.
- - End Of File - - E0342E7AE5CB74FC5169816DD08EF343
A36C5E4F47E84449FF07ED3517B43A31

 

Security Check

 

 Results of screen317's Security Check version 0.99.68 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton Internet Security  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 25 
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

 

 

Result

 

Unfortunately after rebooting the computer, SmartPCFix still appears to load up and run. The problem has not been resolved. :( Please let me know what you feel the next step would be or if I did anything wrong!

 

Thanks!!!


Edited by Punkrulz, 08 July 2013 - 01:58 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 08 July 2013 - 06:50 AM

Lets check your master boot record.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#5 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 08 July 2013 - 09:29 PM

Nasdaq, here are the logs that you requested. I hope they help!

 

TDSSKiller

 

14:34:47.0880 3464  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:34:48.0317 3464  ============================================================
14:34:48.0317 3464  Current date / time: 2013/07/08 14:34:48.0317
14:34:48.0317 3464  SystemInfo:
14:34:48.0317 3464 
14:34:48.0317 3464  OS Version: 6.1.7601 ServicePack: 1.0
14:34:48.0317 3464  Product type: Workstation
14:34:48.0317 3464  ComputerName: CHRISTINE-PC
14:34:48.0317 3464  UserName: Christine
14:34:48.0317 3464  Windows directory: C:\Windows
14:34:48.0317 3464  System windows directory: C:\Windows
14:34:48.0317 3464  Running under WOW64
14:34:48.0317 3464  Processor architecture: Intel x64
14:34:48.0317 3464  Number of processors: 2
14:34:48.0317 3464  Page size: 0x1000
14:34:48.0317 3464  Boot type: Normal boot
14:34:48.0317 3464  ============================================================
14:34:49.0940 3464  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:34:49.0956 3464  ============================================================
14:34:49.0956 3464  \Device\Harddisk0\DR0:
14:34:49.0956 3464  MBR partitions:
14:34:49.0956 3464  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
14:34:49.0956 3464  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x55B13000
14:34:49.0956 3464  ============================================================
14:34:49.0971 3464  C: <-> \Device\Harddisk0\DR0\Partition2
14:34:49.0971 3464  ============================================================
14:34:49.0971 3464  Initialize success
14:34:49.0971 3464  ============================================================
14:35:11.0156 2608  ============================================================
14:35:11.0156 2608  Scan started
14:35:11.0156 2608  Mode: Manual; SigCheck; TDLFS;
14:35:11.0156 2608  ============================================================
14:35:11.0889 2608  ================ Scan system memory ========================
14:35:11.0889 2608  System memory - ok
14:35:11.0889 2608  ================ Scan services =============================
14:35:11.0952 2608  [ 6B9A496ED67631DA8ADB802461876C36 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:35:12.0030 2608  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
14:35:12.0030 2608  !SASCORE - detected UnsignedFile.Multi.Generic (1)
14:35:12.0170 2608  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:35:12.0248 2608  1394ohci - ok
14:35:12.0295 2608  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:35:12.0326 2608  ACPI - ok
14:35:12.0357 2608  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:35:12.0420 2608  AcpiPmi - ok
14:35:12.0451 2608  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:35:12.0466 2608  adp94xx - ok
14:35:12.0513 2608  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:35:12.0529 2608  adpahci - ok
14:35:12.0544 2608  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:35:12.0576 2608  adpu320 - ok
14:35:12.0607 2608  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:35:12.0732 2608  AeLookupSvc - ok
14:35:12.0810 2608  [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
14:35:12.0841 2608  Afc - ok
14:35:12.0903 2608  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:35:12.0981 2608  AFD - ok
14:35:13.0028 2608  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:35:13.0044 2608  agp440 - ok
14:35:13.0059 2608  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:35:13.0137 2608  ALG - ok
14:35:13.0153 2608  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:35:13.0168 2608  aliide - ok
14:35:13.0184 2608  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:35:13.0200 2608  amdide - ok
14:35:13.0215 2608  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:35:13.0293 2608  AmdK8 - ok
14:35:13.0309 2608  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:35:13.0356 2608  AmdPPM - ok
14:35:13.0371 2608  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:35:13.0402 2608  amdsata - ok
14:35:13.0434 2608  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:35:13.0434 2608  amdsbs - ok
14:35:13.0465 2608  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:35:13.0480 2608  amdxata - ok
14:35:13.0512 2608  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:35:13.0636 2608  AppID - ok
14:35:13.0668 2608  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:35:13.0714 2608  AppIDSvc - ok
14:35:13.0761 2608  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
14:35:13.0808 2608  Appinfo - ok
14:35:13.0917 2608  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:35:13.0948 2608  Apple Mobile Device - ok
14:35:13.0980 2608  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:35:13.0995 2608  arc - ok
14:35:14.0011 2608  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:35:14.0026 2608  arcsas - ok
14:35:14.0058 2608  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:35:14.0104 2608  AsyncMac - ok
14:35:14.0136 2608  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:35:14.0151 2608  atapi - ok
14:35:14.0182 2608  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:35:14.0260 2608  AudioEndpointBuilder - ok
14:35:14.0276 2608  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:35:14.0307 2608  AudioSrv - ok
14:35:14.0370 2608  [ A2DC9FEB5466F8EAD9C06527EF464A05 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
14:35:14.0385 2608  avgtp - ok
14:35:14.0416 2608  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:35:14.0494 2608  AxInstSV - ok
14:35:14.0526 2608  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:35:14.0588 2608  b06bdrv - ok
14:35:14.0604 2608  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:35:14.0666 2608  b57nd60a - ok
14:35:14.0744 2608  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
14:35:14.0760 2608  BBSvc - ok
14:35:14.0791 2608  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
14:35:14.0806 2608  BBUpdate - ok
14:35:14.0822 2608  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:35:14.0884 2608  BDESVC - ok
14:35:14.0900 2608  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:35:14.0962 2608  Beep - ok
14:35:15.0025 2608  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:35:15.0087 2608  BFE - ok
14:35:15.0134 2608  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
14:35:15.0196 2608  BITS - ok
14:35:15.0212 2608  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:35:15.0228 2608  blbdrive - ok
14:35:15.0274 2608  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:35:15.0290 2608  Bonjour Service - ok
14:35:15.0321 2608  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:35:15.0368 2608  bowser - ok
14:35:15.0384 2608  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:35:15.0477 2608  BrFiltLo - ok
14:35:15.0477 2608  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:35:15.0508 2608  BrFiltUp - ok
14:35:15.0524 2608  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:35:15.0555 2608  BridgeMP - ok
14:35:15.0602 2608  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:35:15.0618 2608  Browser - ok
14:35:15.0649 2608  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:35:15.0680 2608  Brserid - ok
14:35:15.0696 2608  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:35:15.0727 2608  BrSerWdm - ok
14:35:15.0742 2608  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:35:15.0789 2608  BrUsbMdm - ok
14:35:15.0789 2608  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:35:15.0805 2608  BrUsbSer - ok
14:35:15.0836 2608  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:35:15.0852 2608  BTHMODEM - ok
14:35:15.0883 2608  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:35:15.0961 2608  bthserv - ok
14:35:15.0992 2608  catchme - ok
14:35:16.0039 2608  [ A8AD33C9DD88C810CAC00ACC7F4329FB ] ccSet_NST       C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys
14:35:16.0039 2608  ccSet_NST - ok
14:35:16.0054 2608  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:35:16.0117 2608  cdfs - ok
14:35:16.0164 2608  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:35:16.0179 2608  cdrom - ok
14:35:16.0210 2608  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:35:16.0242 2608  CertPropSvc - ok
14:35:16.0257 2608  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:35:16.0273 2608  circlass - ok
14:35:16.0288 2608  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:35:16.0304 2608  CLFS - ok
14:35:16.0366 2608  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:35:16.0382 2608  clr_optimization_v2.0.50727_32 - ok
14:35:16.0429 2608  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:35:16.0429 2608  clr_optimization_v2.0.50727_64 - ok
14:35:16.0522 2608  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:35:16.0569 2608  clr_optimization_v4.0.30319_32 - ok
14:35:16.0616 2608  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:35:16.0632 2608  clr_optimization_v4.0.30319_64 - ok
14:35:16.0647 2608  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:35:16.0694 2608  CmBatt - ok
14:35:16.0710 2608  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:35:16.0725 2608  cmdide - ok
14:35:16.0756 2608  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:35:16.0803 2608  CNG - ok
14:35:16.0819 2608  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:35:16.0834 2608  Compbatt - ok
14:35:16.0850 2608  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:35:16.0881 2608  CompositeBus - ok
14:35:16.0881 2608  COMSysApp - ok
14:35:16.0912 2608  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:35:16.0912 2608  crcdisk - ok
14:35:16.0959 2608  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:35:17.0006 2608  CryptSvc - ok
14:35:17.0053 2608  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:35:17.0100 2608  DcomLaunch - ok
14:35:17.0115 2608  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:35:17.0178 2608  defragsvc - ok
14:35:17.0209 2608  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:35:17.0271 2608  DfsC - ok
14:35:17.0287 2608  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:35:17.0396 2608  Dhcp - ok
14:35:17.0427 2608  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:35:17.0490 2608  discache - ok
14:35:17.0521 2608  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:35:17.0536 2608  Disk - ok
14:35:17.0599 2608  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:35:17.0661 2608  Dnscache - ok
14:35:17.0692 2608  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:35:17.0739 2608  dot3svc - ok
14:35:17.0786 2608  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:35:17.0848 2608  DPS - ok
14:35:17.0864 2608  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:35:17.0895 2608  drmkaud - ok
14:35:17.0973 2608  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:35:18.0004 2608  DXGKrnl - ok
14:35:18.0036 2608  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:35:18.0082 2608  EapHost - ok
14:35:18.0176 2608  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:35:18.0285 2608  ebdrv - ok
14:35:18.0348 2608  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:35:18.0410 2608  EFS - ok
14:35:18.0504 2608  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:35:18.0550 2608  ehRecvr - ok
14:35:18.0566 2608  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:35:18.0597 2608  ehSched - ok
14:35:18.0660 2608  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:35:18.0675 2608  elxstor - ok
14:35:18.0800 2608  [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
14:35:18.0862 2608  EPSON_EB_RPCV4_04 - ok
14:35:18.0956 2608  [ CDCA791AFA0483F44BBA576DBFAFD04D ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
14:35:19.0018 2608  EPSON_PM_RPCV4_01 - ok
14:35:19.0050 2608  [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
14:35:19.0065 2608  EPSON_PM_RPCV4_04 - ok
14:35:19.0112 2608  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:35:19.0128 2608  ErrDev - ok
14:35:19.0221 2608  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:35:19.0268 2608  EventSystem - ok
14:35:19.0330 2608  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:35:19.0377 2608  exfat - ok
14:35:19.0408 2608  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:35:19.0455 2608  fastfat - ok
14:35:19.0564 2608  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:35:19.0627 2608  Fax - ok
14:35:19.0752 2608  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:35:19.0783 2608  fdc - ok
14:35:19.0798 2608  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:35:19.0845 2608  fdPHost - ok
14:35:19.0861 2608  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:35:19.0908 2608  FDResPub - ok
14:35:19.0923 2608  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:35:19.0939 2608  FileInfo - ok
14:35:19.0954 2608  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:35:20.0032 2608  Filetrace - ok
14:35:20.0064 2608  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:35:20.0079 2608  flpydisk - ok
14:35:20.0095 2608  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:35:20.0110 2608  FltMgr - ok
14:35:20.0173 2608  [ 6CD6BB45BD3E0EEF6CE496BF52854FF1 ] FlyUsb          C:\Windows\system32\DRIVERS\FlyUsb.sys
14:35:20.0235 2608  FlyUsb - ok
14:35:20.0298 2608  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:35:20.0391 2608  FontCache - ok
14:35:20.0454 2608  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:35:20.0469 2608  FontCache3.0.0.0 - ok
14:35:20.0516 2608  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:35:20.0532 2608  FsDepends - ok
14:35:20.0578 2608  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:35:20.0578 2608  Fs_Rec - ok
14:35:20.0625 2608  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:35:20.0641 2608  fvevol - ok
14:35:20.0672 2608  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:35:20.0688 2608  gagp30kx - ok
14:35:20.0828 2608  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:35:20.0844 2608  GamesAppService - ok
14:35:20.0890 2608  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:35:20.0890 2608  GEARAspiWDM - ok
14:35:20.0984 2608  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:35:21.0078 2608  gpsvc - ok
14:35:21.0187 2608  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
14:35:21.0218 2608  Greg_Service - ok
14:35:21.0358 2608  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:35:21.0374 2608  gupdate - ok
14:35:21.0421 2608  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:35:21.0436 2608  gupdatem - ok
14:35:21.0514 2608  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:35:21.0530 2608  gusvc - ok
14:35:21.0577 2608  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:35:22.0123 2608  hcw85cir - ok
14:35:22.0326 2608  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:35:22.0450 2608  HdAudAddService - ok
14:35:22.0482 2608  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:35:22.0497 2608  HDAudBus - ok
14:35:22.0528 2608  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:35:22.0544 2608  HidBatt - ok
14:35:22.0560 2608  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:35:22.0606 2608  HidBth - ok
14:35:22.0638 2608  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:35:22.0653 2608  HidIr - ok
14:35:22.0684 2608  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:35:22.0716 2608  hidserv - ok
14:35:22.0747 2608  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:35:22.0747 2608  HidUsb - ok
14:35:22.0794 2608  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:35:22.0856 2608  hkmsvc - ok
14:35:22.0903 2608  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:35:22.0950 2608  HomeGroupListener - ok
14:35:22.0996 2608  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:35:23.0028 2608  HomeGroupProvider - ok
14:35:23.0059 2608  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:35:23.0059 2608  HpSAMD - ok
14:35:23.0121 2608  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:35:23.0168 2608  HTTP - ok
14:35:23.0199 2608  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:35:23.0215 2608  hwpolicy - ok
14:35:23.0262 2608  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:35:23.0277 2608  i8042prt - ok
14:35:23.0340 2608  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:35:23.0355 2608  iaStorV - ok
14:35:23.0418 2608  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:35:23.0449 2608  idsvc - ok
14:35:23.0496 2608  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:35:23.0511 2608  iirsp - ok
14:35:23.0542 2608  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:35:23.0605 2608  IKEEXT - ok
14:35:23.0698 2608  [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:35:23.0730 2608  IntcAzAudAddService - ok
14:35:23.0792 2608  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:35:23.0808 2608  intelide - ok
14:35:23.0854 2608  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:35:23.0870 2608  intelppm - ok
14:35:23.0901 2608  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:35:23.0948 2608  IPBusEnum - ok
14:35:24.0010 2608  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:35:24.0073 2608  IpFilterDriver - ok
14:35:24.0135 2608  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:35:24.0198 2608  iphlpsvc - ok
14:35:24.0229 2608  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:35:24.0260 2608  IPMIDRV - ok
14:35:24.0276 2608  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:35:24.0322 2608  IPNAT - ok
14:35:24.0416 2608  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:35:24.0447 2608  iPod Service - ok
14:35:24.0463 2608  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:35:24.0494 2608  IRENUM - ok
14:35:24.0510 2608  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:35:24.0525 2608  isapnp - ok
14:35:24.0541 2608  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:35:24.0556 2608  iScsiPrt - ok
14:35:24.0572 2608  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:35:24.0588 2608  kbdclass - ok
14:35:24.0603 2608  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:35:24.0650 2608  kbdhid - ok
14:35:24.0666 2608  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:35:24.0681 2608  KeyIso - ok
14:35:24.0728 2608  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:35:24.0744 2608  KSecDD - ok
14:35:24.0744 2608  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:35:24.0759 2608  KSecPkg - ok
14:35:24.0775 2608  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:35:24.0806 2608  ksthunk - ok
14:35:24.0853 2608  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:35:24.0900 2608  KtmRm - ok
14:35:24.0931 2608  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:35:24.0978 2608  LanmanServer - ok
14:35:25.0024 2608  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:35:25.0056 2608  LanmanWorkstation - ok
14:35:25.0508 2608  [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
14:35:25.0680 2608  LeapFrog Connect Device Service - ok
14:35:25.0758 2608  [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys
14:35:25.0789 2608  Leapfrog-USBLAN - ok
14:35:25.0820 2608  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:35:25.0867 2608  lltdio - ok
14:35:25.0929 2608  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:35:25.0992 2608  lltdsvc - ok
14:35:26.0007 2608  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:35:26.0038 2608  lmhosts - ok
14:35:26.0085 2608  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:35:26.0116 2608  LSI_FC - ok
14:35:26.0132 2608  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:35:26.0148 2608  LSI_SAS - ok
14:35:26.0179 2608  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:35:26.0179 2608  LSI_SAS2 - ok
14:35:26.0226 2608  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:35:26.0226 2608  LSI_SCSI - ok
14:35:26.0241 2608  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:35:26.0288 2608  luafv - ok
14:35:26.0335 2608  [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
14:35:26.0350 2608  mbamchameleon - ok
14:35:26.0382 2608  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:35:26.0382 2608  MBAMProtector - ok
14:35:26.0413 2608  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:35:26.0428 2608  MBAMScheduler - ok
14:35:26.0538 2608  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:35:26.0569 2608  MBAMService - ok
14:35:26.0662 2608  [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
14:35:26.0678 2608  McComponentHostService - ok
14:35:26.0725 2608  MCSTRM - ok
14:35:26.0756 2608  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:35:26.0772 2608  Mcx2Svc - ok
14:35:26.0803 2608  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:35:26.0818 2608  megasas - ok
14:35:26.0850 2608  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:35:26.0881 2608  MegaSR - ok
14:35:26.0912 2608  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:35:26.0943 2608  MMCSS - ok
14:35:26.0959 2608  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:35:27.0006 2608  Modem - ok
14:35:27.0037 2608  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:35:27.0068 2608  monitor - ok
14:35:27.0068 2608  motccgp - ok
14:35:27.0084 2608  motccgpfl - ok
14:35:27.0099 2608  motmodem - ok
14:35:27.0115 2608  motport - ok
14:35:27.0130 2608  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:35:27.0146 2608  mouclass - ok
14:35:27.0162 2608  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:35:27.0177 2608  mouhid - ok
14:35:27.0208 2608  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:35:27.0224 2608  mountmgr - ok
14:35:27.0271 2608  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:35:27.0286 2608  mpio - ok
14:35:27.0302 2608  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:35:27.0349 2608  mpsdrv - ok
14:35:27.0396 2608  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:35:27.0442 2608  MpsSvc - ok
14:35:27.0505 2608  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:35:27.0567 2608  MRxDAV - ok
14:35:27.0598 2608  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:35:27.0645 2608  mrxsmb - ok
14:35:27.0692 2608  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:35:27.0723 2608  mrxsmb10 - ok
14:35:27.0770 2608  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:35:27.0801 2608  mrxsmb20 - ok
14:35:27.0817 2608  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:35:27.0817 2608  msahci - ok
14:35:27.0864 2608  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:35:27.0864 2608  msdsm - ok
14:35:27.0895 2608  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:35:27.0926 2608  MSDTC - ok
14:35:27.0957 2608  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:35:27.0988 2608  Msfs - ok
14:35:28.0020 2608  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:35:28.0066 2608  mshidkmdf - ok
14:35:28.0113 2608  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:35:28.0129 2608  msisadrv - ok
14:35:28.0191 2608  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:35:28.0269 2608  MSiSCSI - ok
14:35:28.0285 2608  msiserver - ok
14:35:28.0300 2608  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:35:28.0347 2608  MSKSSRV - ok
14:35:28.0363 2608  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:35:28.0410 2608  MSPCLOCK - ok
14:35:28.0425 2608  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:35:28.0472 2608  MSPQM - ok
14:35:28.0503 2608  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:35:28.0519 2608  MsRPC - ok
14:35:28.0534 2608  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:35:28.0550 2608  mssmbios - ok
14:35:28.0550 2608  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:35:28.0597 2608  MSTEE - ok
14:35:28.0612 2608  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:35:28.0628 2608  MTConfig - ok
14:35:28.0644 2608  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:35:28.0659 2608  Mup - ok
14:35:28.0706 2608  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:35:28.0768 2608  napagent - ok
14:35:28.0815 2608  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:35:28.0878 2608  NativeWifiP - ok
14:35:28.0940 2608  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:35:28.0971 2608  NDIS - ok
14:35:29.0002 2608  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:35:29.0034 2608  NdisCap - ok
14:35:29.0049 2608  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:35:29.0080 2608  NdisTapi - ok
14:35:29.0127 2608  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:35:29.0190 2608  Ndisuio - ok
14:35:29.0252 2608  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:35:29.0330 2608  NdisWan - ok
14:35:29.0377 2608  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:35:29.0439 2608  NDProxy - ok
14:35:29.0704 2608  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:35:29.0767 2608  Nero BackItUp Scheduler 4.0 - ok
14:35:29.0814 2608  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:35:29.0892 2608  NetBIOS - ok
14:35:29.0954 2608  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:35:30.0016 2608  NetBT - ok
14:35:30.0032 2608  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:35:30.0048 2608  Netlogon - ok
14:35:30.0079 2608  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:35:30.0126 2608  Netman - ok
14:35:30.0204 2608  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:35:30.0282 2608  netprofm - ok
14:35:30.0313 2608  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:35:30.0328 2608  NetTcpPortSharing - ok
14:35:30.0360 2608  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:35:30.0375 2608  nfrd960 - ok
14:35:30.0422 2608  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:35:30.0453 2608  NlaSvc - ok
14:35:30.0500 2608  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:35:30.0531 2608  Npfs - ok
14:35:30.0547 2608  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:35:30.0609 2608  nsi - ok
14:35:30.0640 2608  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:35:30.0672 2608  nsiproxy - ok
14:35:30.0796 2608  [ E127420B7FEB65C7F279EAAC183BBC0E ] NSL             C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
14:35:30.0812 2608  NSL - ok
14:35:30.0984 2608  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:35:31.0062 2608  Ntfs - ok
14:35:31.0093 2608  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:35:31.0155 2608  Null - ok
14:35:32.0138 2608  [ 8E6247F418B4C8AE9EEB0B532CABCC21 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:35:32.0341 2608  nvlddmkm - ok
14:35:32.0388 2608  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:35:32.0403 2608  nvraid - ok
14:35:32.0419 2608  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:35:32.0434 2608  nvstor - ok
14:35:32.0466 2608  [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
14:35:32.0481 2608  nvstor64 - ok
14:35:32.0544 2608  [ 59DD481E0063F8F7EA8B9F149FCACF32 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:35:32.0575 2608  nvsvc - ok
14:35:32.0606 2608  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:35:32.0637 2608  nv_agp - ok
14:35:32.0746 2608  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:35:32.0778 2608  odserv - ok
14:35:32.0824 2608  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:35:32.0840 2608  ohci1394 - ok
14:35:32.0887 2608  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:35:32.0918 2608  ose - ok
14:35:32.0965 2608  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:35:32.0996 2608  p2pimsvc - ok
14:35:33.0043 2608  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:35:33.0058 2608  p2psvc - ok
14:35:33.0105 2608  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:35:33.0121 2608  Parport - ok
14:35:33.0152 2608  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:35:33.0168 2608  partmgr - ok
14:35:33.0199 2608  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:35:33.0246 2608  PcaSvc - ok
14:35:33.0261 2608  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:35:33.0277 2608  pci - ok
14:35:33.0324 2608  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:35:33.0339 2608  pciide - ok
14:35:33.0386 2608  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:35:33.0417 2608  pcmcia - ok
14:35:33.0433 2608  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:35:33.0448 2608  pcw - ok
14:35:33.0542 2608  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:35:33.0636 2608  PEAUTH - ok
14:35:34.0104 2608  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:35:34.0182 2608  PerfHost - ok
14:35:34.0275 2608  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:35:34.0384 2608  pla - ok
14:35:34.0431 2608  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:35:34.0494 2608  PlugPlay - ok
14:35:34.0509 2608  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:35:34.0525 2608  PNRPAutoReg - ok
14:35:34.0556 2608  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:35:34.0572 2608  PNRPsvc - ok
14:35:34.0634 2608  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:35:34.0743 2608  PolicyAgent - ok
14:35:34.0759 2608  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:35:34.0821 2608  Power - ok
14:35:34.0868 2608  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:35:34.0962 2608  PptpMiniport - ok
14:35:34.0993 2608  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:35:35.0024 2608  Processor - ok
14:35:35.0055 2608  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:35:35.0118 2608  ProfSvc - ok
14:35:35.0164 2608  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:35:35.0164 2608  ProtectedStorage - ok
14:35:35.0227 2608  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:35:35.0320 2608  Psched - ok
14:35:35.0445 2608  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:35:35.0523 2608  ql2300 - ok
14:35:35.0554 2608  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:35:35.0570 2608  ql40xx - ok
14:35:35.0601 2608  qubnnmlt - ok
14:35:35.0664 2608  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:35:35.0679 2608  QWAVE - ok
14:35:35.0710 2608  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:35:35.0820 2608  QWAVEdrv - ok
14:35:35.0835 2608  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:35:35.0882 2608  RasAcd - ok
14:35:35.0898 2608  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:35:35.0929 2608  RasAgileVpn - ok
14:35:35.0944 2608  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:35:35.0991 2608  RasAuto - ok
14:35:36.0038 2608  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:35:36.0116 2608  Rasl2tp - ok
14:35:36.0163 2608  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:35:36.0225 2608  RasMan - ok
14:35:36.0272 2608  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:35:36.0350 2608  RasPppoe - ok
14:35:36.0381 2608  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:35:36.0459 2608  RasSstp - ok
14:35:36.0506 2608  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:35:36.0553 2608  rdbss - ok
14:35:36.0568 2608  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:35:36.0600 2608  rdpbus - ok
14:35:36.0615 2608  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:35:36.0709 2608  RDPCDD - ok
14:35:36.0709 2608  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:35:36.0787 2608  RDPENCDD - ok
14:35:36.0818 2608  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:35:36.0849 2608  RDPREFMP - ok
14:35:36.0896 2608  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:35:36.0974 2608  RDPWD - ok
14:35:37.0005 2608  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:35:37.0036 2608  rdyboost - ok
14:35:37.0083 2608  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:35:37.0177 2608  RemoteAccess - ok
14:35:37.0317 2608  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:35:37.0395 2608  RemoteRegistry - ok
14:35:37.0442 2608  rirfsvbp - ok
14:35:37.0504 2608  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:35:37.0832 2608  RpcEptMapper - ok
14:35:37.0910 2608  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:35:37.0972 2608  RpcLocator - ok
14:35:38.0175 2608  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:35:38.0238 2608  RpcSs - ok
14:35:38.0347 2608  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:35:38.0440 2608  rspndr - ok
14:35:38.0581 2608  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:35:38.0659 2608  RTL8167 - ok
14:35:38.0690 2608  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:35:38.0721 2608  SamSs - ok
14:35:39.0033 2608  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:35:39.0064 2608  SASDIFSV - ok
14:35:39.0096 2608  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:35:39.0111 2608  SASKUTIL - ok
14:35:39.0267 2608  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:35:39.0283 2608  sbp2port - ok
14:35:39.0330 2608  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:35:39.0376 2608  SCardSvr - ok
14:35:39.0408 2608  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:35:39.0470 2608  scfilter - ok
14:35:39.0517 2608  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:35:39.0595 2608  Schedule - ok
14:35:39.0642 2608  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:35:39.0673 2608  SCPolicySvc - ok
14:35:39.0688 2608  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:35:39.0735 2608  SDRSVC - ok
14:35:39.0766 2608  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:35:39.0844 2608  secdrv - ok
14:35:39.0891 2608  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:35:39.0969 2608  seclogon - ok
14:35:40.0000 2608  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
14:35:40.0032 2608  SENS - ok
14:35:40.0094 2608  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:35:40.0188 2608  SensrSvc - ok
14:35:40.0203 2608  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:35:40.0234 2608  Serenum - ok
14:35:40.0266 2608  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:35:40.0281 2608  Serial - ok
14:35:40.0328 2608  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:35:40.0375 2608  sermouse - ok
14:35:40.0437 2608  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:35:40.0500 2608  SessionEnv - ok
14:35:40.0546 2608  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:35:40.0578 2608  sffdisk - ok
14:35:40.0609 2608  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:35:40.0640 2608  sffp_mmc - ok
14:35:40.0671 2608  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:35:40.0702 2608  sffp_sd - ok
14:35:40.0718 2608  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:35:40.0780 2608  sfloppy - ok
14:35:40.0890 2608  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:35:40.0952 2608  SharedAccess - ok
14:35:41.0046 2608  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:35:41.0124 2608  ShellHWDetection - ok
14:35:41.0155 2608  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:35:41.0170 2608  SiSRaid2 - ok
14:35:41.0202 2608  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:35:41.0217 2608  SiSRaid4 - ok
14:35:41.0233 2608  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:35:41.0264 2608  Smb - ok
14:35:41.0295 2608  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:35:41.0311 2608  SNMPTRAP - ok
14:35:41.0342 2608  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:35:41.0358 2608  spldr - ok
14:35:41.0467 2608  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:35:41.0514 2608  Spooler - ok
14:35:41.0794 2608  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:35:41.0919 2608  sppsvc - ok
14:35:41.0950 2608  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:35:41.0982 2608  sppuinotify - ok
14:35:42.0028 2608  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:35:42.0075 2608  srv - ok
14:35:42.0216 2608  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:35:42.0294 2608  srv2 - ok
14:35:42.0294 2608  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:35:42.0340 2608  srvnet - ok
14:35:42.0356 2608  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:35:42.0403 2608  SSDPSRV - ok
14:35:42.0450 2608  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:35:42.0496 2608  SstpSvc - ok
14:35:42.0543 2608  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:35:42.0543 2608  stexstor - ok
14:35:42.0574 2608  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
14:35:42.0621 2608  StillCam - ok
14:35:42.0684 2608  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:35:42.0746 2608  stisvc - ok
14:35:42.0808 2608  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:35:42.0824 2608  swenum - ok
14:35:42.0855 2608  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:35:42.0902 2608  swprv - ok
14:35:43.0027 2608  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:35:43.0136 2608  SysMain - ok
14:35:43.0167 2608  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:35:43.0214 2608  TabletInputService - ok
14:35:43.0323 2608  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:35:43.0386 2608  TapiSrv - ok
14:35:43.0417 2608  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:35:43.0448 2608  TBS - ok
14:35:43.0760 2608  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:35:43.0869 2608  Tcpip - ok
14:35:43.0947 2608  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:35:43.0978 2608  TCPIP6 - ok
14:35:44.0041 2608  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:35:44.0072 2608  tcpipreg - ok
14:35:44.0103 2608  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:35:44.0150 2608  TDPIPE - ok
14:35:44.0197 2608  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:35:44.0244 2608  TDTCP - ok
14:35:44.0275 2608  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:35:44.0322 2608  tdx - ok
14:35:44.0353 2608  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:35:44.0353 2608  TermDD - ok
14:35:44.0384 2608  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:35:44.0493 2608  TermService - ok
14:35:44.0524 2608  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:35:44.0556 2608  Themes - ok
14:35:44.0571 2608  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:35:44.0602 2608  THREADORDER - ok
14:35:44.0618 2608  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:35:44.0665 2608  TrkWks - ok
14:35:44.0712 2608  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:35:44.0774 2608  TrustedInstaller - ok
14:35:44.0805 2608  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:35:44.0868 2608  tssecsrv - ok
14:35:44.0914 2608  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:35:44.0961 2608  TsUsbFlt - ok
14:35:45.0008 2608  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:35:45.0070 2608  tunnel - ok
14:35:45.0102 2608  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:35:45.0117 2608  uagp35 - ok
14:35:45.0164 2608  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:35:45.0242 2608  udfs - ok
14:35:45.0273 2608  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:35:45.0289 2608  UI0Detect - ok
14:35:45.0304 2608  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:35:45.0320 2608  uliagpkx - ok
14:35:45.0351 2608  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
14:35:45.0382 2608  umbus - ok
14:35:45.0398 2608  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:35:45.0414 2608  UmPass - ok
14:35:45.0492 2608  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
14:35:45.0507 2608  Updater Service - ok
14:35:45.0538 2608  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:35:45.0616 2608  upnphost - ok
14:35:45.0663 2608  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:35:45.0726 2608  USBAAPL64 - ok
14:35:45.0757 2608  [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus          C:\Windows\system32\DRIVERS\lgx64bus.sys
14:35:45.0788 2608  usbbus - ok
14:35:45.0819 2608  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:35:45.0850 2608  usbccgp - ok
14:35:45.0882 2608  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:35:45.0897 2608  usbcir - ok
14:35:45.0944 2608  [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag         C:\Windows\system32\DRIVERS\lgx64diag.sys
14:35:45.0975 2608  UsbDiag - ok
14:35:46.0006 2608  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:35:46.0069 2608  usbehci - ok
14:35:46.0100 2608  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:35:46.0131 2608  usbhub - ok
14:35:46.0162 2608  [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem        C:\Windows\system32\DRIVERS\lgx64modem.sys
14:35:46.0162 2608  USBModem - ok
14:35:46.0194 2608  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:35:46.0225 2608  usbohci - ok
14:35:46.0240 2608  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:35:46.0287 2608  usbprint - ok
14:35:46.0303 2608  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:35:46.0334 2608  usbscan - ok
14:35:46.0350 2608  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:35:46.0412 2608  USBSTOR - ok
14:35:46.0428 2608  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:35:46.0443 2608  usbuhci - ok
14:35:46.0474 2608  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:35:46.0537 2608  UxSms - ok
14:35:46.0568 2608  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:35:46.0568 2608  VaultSvc - ok
14:35:46.0599 2608  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:35:46.0615 2608  vdrvroot - ok
14:35:46.0662 2608  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:35:46.0708 2608  vds - ok
14:35:46.0724 2608  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:35:46.0740 2608  vga - ok
14:35:46.0755 2608  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:35:46.0818 2608  VgaSave - ok
14:35:46.0833 2608  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:35:46.0849 2608  vhdmp - ok
14:35:46.0864 2608  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:35:46.0880 2608  viaide - ok
14:35:46.0880 2608  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:35:46.0896 2608  volmgr - ok
14:35:46.0942 2608  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:35:46.0974 2608  volmgrx - ok
14:35:47.0005 2608  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:35:47.0020 2608  volsnap - ok
14:35:47.0052 2608  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:35:47.0067 2608  vsmraid - ok
14:35:47.0176 2608  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:35:47.0286 2608  VSS - ok
14:35:47.0504 2608  [ 654D358F8DC18167F31A01166B4CA9D6 ] vToolbarUpdater15.3.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
14:35:47.0551 2608  vToolbarUpdater15.3.0 - ok
14:35:47.0582 2608  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:35:47.0598 2608  vwifibus - ok
14:35:47.0644 2608  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:35:47.0676 2608  W32Time - ok
14:35:47.0707 2608  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:35:47.0738 2608  WacomPen - ok
14:35:47.0769 2608  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:35:47.0816 2608  WANARP - ok
14:35:47.0816 2608  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:35:47.0847 2608  Wanarpv6 - ok
14:35:47.0910 2608  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:35:47.0956 2608  WatAdminSvc - ok
14:35:48.0019 2608  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:35:48.0066 2608  wbengine - ok
14:35:48.0097 2608  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:35:48.0112 2608  WbioSrvc - ok
14:35:48.0159 2608  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:35:48.0206 2608  wcncsvc - ok
14:35:48.0222 2608  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:35:48.0284 2608  WcsPlugInService - ok
14:35:48.0300 2608  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:35:48.0315 2608  Wd - ok
14:35:48.0346 2608  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:35:48.0362 2608  Wdf01000 - ok
14:35:48.0378 2608  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:35:48.0487 2608  WdiServiceHost - ok
14:35:48.0487 2608  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:35:48.0502 2608  WdiSystemHost - ok
14:35:48.0549 2608  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:35:48.0596 2608  WebClient - ok
14:35:48.0612 2608  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:35:48.0658 2608  Wecsvc - ok
14:35:48.0690 2608  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:35:48.0736 2608  wercplsupport - ok
14:35:48.0783 2608  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:35:48.0830 2608  WerSvc - ok
14:35:48.0846 2608  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:35:48.0877 2608  WfpLwf - ok
14:35:48.0892 2608  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:35:48.0892 2608  WIMMount - ok
14:35:48.0924 2608  WinDefend - ok
14:35:48.0939 2608  WinHttpAutoProxySvc - ok
14:35:48.0986 2608  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:35:49.0017 2608  Winmgmt - ok
14:35:49.0251 2608  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:35:49.0345 2608  WinRM - ok
14:35:49.0392 2608  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:35:49.0438 2608  WinUsb - ok
14:35:49.0470 2608  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:35:49.0501 2608  Wlansvc - ok
14:35:49.0516 2608  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:35:49.0532 2608  WmiAcpi - ok
14:35:49.0563 2608  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:35:49.0610 2608  wmiApSrv - ok
14:35:49.0626 2608  WMPNetworkSvc - ok
14:35:49.0657 2608  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:35:49.0688 2608  WPCSvc - ok
14:35:49.0719 2608  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:35:49.0735 2608  WPDBusEnum - ok
14:35:49.0766 2608  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:35:49.0797 2608  ws2ifsl - ok
14:35:49.0828 2608  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:35:49.0860 2608  wscsvc - ok
14:35:49.0860 2608  WSearch - ok
14:35:49.0969 2608  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:35:50.0031 2608  wuauserv - ok
14:35:50.0062 2608  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:35:50.0109 2608  WudfPf - ok
14:35:50.0156 2608  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:35:50.0172 2608  WUDFRd - ok
14:35:50.0203 2608  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:35:50.0234 2608  wudfsvc - ok
14:35:50.0281 2608  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:35:50.0312 2608  WwanSvc - ok
14:35:50.0343 2608  wwbgnhga - ok
14:35:50.0359 2608  ================ Scan global ===============================
14:35:50.0390 2608  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:35:50.0452 2608  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:35:50.0452 2608  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:35:50.0484 2608  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:35:50.0530 2608  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:35:50.0530 2608  [Global] - ok
14:35:50.0546 2608  ================ Scan MBR ==================================
14:35:50.0562 2608  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:35:51.0686 2608  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:35:51.0686 2608  \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:35:51.0686 2608  ================ Scan VBR ==================================
14:35:51.0701 2608  [ 2B0645963850A52BBB55A3562AABD749 ] \Device\Harddisk0\DR0\Partition1
14:35:51.0701 2608  \Device\Harddisk0\DR0\Partition1 - ok
14:35:51.0733 2608  [ 9E06B3DF05DA8E3DB83398B5CC6FAE57 ] \Device\Harddisk0\DR0\Partition2
14:35:51.0748 2608  \Device\Harddisk0\DR0\Partition2 - ok
14:35:51.0748 2608  ============================================================
14:35:51.0748 2608  Scan finished
14:35:51.0748 2608  ============================================================
14:35:51.0764 3500  Detected object count: 2
14:35:51.0764 3500  Actual detected object count: 2
14:36:24.0977 3500  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
14:36:24.0977 3500  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:36:24.0977 3500  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:36:24.0977 3500  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:37:58.0993 3652  Deinitialize success
 

 

aswMBR

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-08 19:13:03
-----------------------------
19:13:03.755    OS Version: Windows x64 6.1.7601 Service Pack 1
19:13:03.755    Number of processors: 2 586 0x170A
19:13:03.755    ComputerName: CHRISTINE-PC  UserName: Christine
19:13:04.831    Initialize success
19:13:20.166    AVAST engine defs: 13070800
19:13:26.749    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
19:13:26.749    Disk 0 Vendor: ST375052 CC44 Size: 715404MB BusType: 3
19:13:26.858    Disk 0 MBR read successfully
19:13:26.858    Disk 0 MBR scan
19:13:26.858    Disk 0 Windows 7 default MBR code
19:13:26.874    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
19:13:26.890    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27265024
19:13:26.921    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       701990 MB offset 27469824
19:13:26.936    Disk 0 scanning C:\Windows\system32\drivers
19:13:37.061    Service scanning
19:13:59.962    Modules scanning
19:13:59.962    Disk 0 trace - called modules:
19:13:59.993    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:14:00.008    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bbc680]
19:14:00.008    3 CLASSPNP.SYS[fffff8800148b43f] -> nt!IofCallDriver -> [0xfffffa800485ec10]
19:14:00.024    5 ACPI.sys[fffff88000f0f7a1] -> nt!IofCallDriver -> \Device\00000059[0xfffffa8004852060]
19:14:08.089    AVAST engine scan C:\Windows
19:14:16.092    AVAST engine scan C:\Windows\system32
19:17:14.043    AVAST engine scan C:\Windows\system32\drivers
19:17:35.322    AVAST engine scan C:\Users\Christine
19:36:31.228    AVAST engine scan C:\ProgramData
19:38:24.390    Scan finished successfully
22:25:23.245    Disk 0 MBR has been saved successfully to "C:\Users\Christine\Desktop\MBR.dat"
22:25:23.245    The log file has been saved successfully to "C:\Users\Christine\Desktop\aswMBR.txt"

 

 

Attached Files

  • Attached File  MBR.zip   565bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 09 July 2013 - 08:40 AM

Run TDSSKiller again. When you see this >> \Device\Harddisk0\DR0 ( TDSS File System ) be sure to delete it. Attach the log that is created to your next reply

#7 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 09 July 2013 - 02:19 PM

Nasdaq, I've followed your instructions and deleted \Device\Harddisk0\DR0. Attached is the most recent TDSS Log.

 

Edit: Tried to attach however file is too big. Sorry to have to post it in the post.

 

15:13:16.0946 3556  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:13:17.0367 3556  ============================================================
15:13:17.0367 3556  Current date / time: 2013/07/09 15:13:17.0367
15:13:17.0367 3556  SystemInfo:
15:13:17.0367 3556 
15:13:17.0367 3556  OS Version: 6.1.7601 ServicePack: 1.0
15:13:17.0367 3556  Product type: Workstation
15:13:17.0367 3556  ComputerName: CHRISTINE-PC
15:13:17.0383 3556  UserName: Christine
15:13:17.0383 3556  Windows directory: C:\Windows
15:13:17.0383 3556  System windows directory: C:\Windows
15:13:17.0383 3556  Running under WOW64
15:13:17.0383 3556  Processor architecture: Intel x64
15:13:17.0383 3556  Number of processors: 2
15:13:17.0383 3556  Page size: 0x1000
15:13:17.0383 3556  Boot type: Normal boot
15:13:17.0383 3556  ============================================================
15:13:19.0146 3556  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:13:19.0161 3556  ============================================================
15:13:19.0161 3556  \Device\Harddisk0\DR0:
15:13:19.0161 3556  MBR partitions:
15:13:19.0161 3556  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
15:13:19.0161 3556  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x55B13000
15:13:19.0161 3556  ============================================================
15:13:19.0193 3556  C: <-> \Device\Harddisk0\DR0\Partition2
15:13:19.0193 3556  ============================================================
15:13:19.0193 3556  Initialize success
15:13:19.0193 3556  ============================================================
15:13:27.0024 3828  ============================================================
15:13:27.0024 3828  Scan started
15:13:27.0024 3828  Mode: Manual; SigCheck; TDLFS;
15:13:27.0024 3828  ============================================================
15:13:28.0584 3828  ================ Scan system memory ========================
15:13:28.0584 3828  System memory - ok
15:13:28.0584 3828  ================ Scan services =============================
15:13:28.0740 3828  [ 6B9A496ED67631DA8ADB802461876C36 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:13:28.0865 3828  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
15:13:28.0865 3828  !SASCORE - detected UnsignedFile.Multi.Generic (1)
15:13:29.0379 3828  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:13:29.0457 3828  1394ohci - ok
15:13:29.0598 3828  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:13:29.0629 3828  ACPI - ok
15:13:29.0660 3828  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:13:29.0847 3828  AcpiPmi - ok
15:13:29.0894 3828  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:13:29.0941 3828  adp94xx - ok
15:13:30.0019 3828  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:13:30.0066 3828  adpahci - ok
15:13:30.0081 3828  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:13:30.0097 3828  adpu320 - ok
15:13:30.0144 3828  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:13:30.0877 3828  AeLookupSvc - ok
15:13:31.0251 3828  [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
15:13:31.0283 3828  Afc - ok
15:13:31.0314 3828  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:13:31.0423 3828  AFD - ok
15:13:31.0454 3828  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:13:31.0485 3828  agp440 - ok
15:13:31.0501 3828  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:13:31.0626 3828  ALG - ok
15:13:31.0641 3828  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:13:31.0673 3828  aliide - ok
15:13:31.0704 3828  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:13:31.0719 3828  amdide - ok
15:13:31.0751 3828  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:13:31.0813 3828  AmdK8 - ok
15:13:31.0844 3828  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:13:31.0938 3828  AmdPPM - ok
15:13:31.0953 3828  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:13:31.0985 3828  amdsata - ok
15:13:32.0031 3828  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:13:32.0047 3828  amdsbs - ok
15:13:32.0078 3828  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:13:32.0078 3828  amdxata - ok
15:13:32.0125 3828  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:13:32.0858 3828  AppID - ok
15:13:32.0921 3828  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:13:33.0030 3828  AppIDSvc - ok
15:13:33.0061 3828  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
15:13:33.0123 3828  Appinfo - ok
15:13:33.0295 3828  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:13:33.0295 3828  Apple Mobile Device - ok
15:13:33.0326 3828  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:13:33.0342 3828  arc - ok
15:13:33.0357 3828  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:13:33.0373 3828  arcsas - ok
15:13:33.0404 3828  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:13:33.0451 3828  AsyncMac - ok
15:13:33.0498 3828  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:13:33.0498 3828  atapi - ok
15:13:33.0607 3828  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:13:33.0701 3828  AudioEndpointBuilder - ok
15:13:33.0716 3828  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:13:33.0747 3828  AudioSrv - ok
15:13:33.0810 3828  [ A2DC9FEB5466F8EAD9C06527EF464A05 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
15:13:33.0825 3828  avgtp - ok
15:13:33.0888 3828  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:13:33.0966 3828  AxInstSV - ok
15:13:34.0013 3828  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:13:34.0075 3828  b06bdrv - ok
15:13:34.0122 3828  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:13:34.0184 3828  b57nd60a - ok
15:13:34.0325 3828  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
15:13:34.0356 3828  BBSvc - ok
15:13:34.0387 3828  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
15:13:34.0403 3828  BBUpdate - ok
15:13:34.0449 3828  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:13:34.0512 3828  BDESVC - ok
15:13:34.0527 3828  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:13:34.0605 3828  Beep - ok
15:13:34.0668 3828  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:13:34.0715 3828  BFE - ok
15:13:34.0761 3828  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
15:13:34.0824 3828  BITS - ok
15:13:34.0839 3828  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:13:34.0886 3828  blbdrive - ok
15:13:34.0933 3828  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:13:34.0964 3828  Bonjour Service - ok
15:13:34.0980 3828  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:13:35.0027 3828  bowser - ok
15:13:35.0042 3828  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:13:35.0136 3828  BrFiltLo - ok
15:13:35.0151 3828  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:13:35.0167 3828  BrFiltUp - ok
15:13:35.0198 3828  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:13:35.0245 3828  BridgeMP - ok
15:13:35.0307 3828  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:13:35.0339 3828  Browser - ok
15:13:35.0370 3828  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:13:35.0401 3828  Brserid - ok
15:13:35.0432 3828  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:13:35.0479 3828  BrSerWdm - ok
15:13:35.0495 3828  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:13:35.0541 3828  BrUsbMdm - ok
15:13:35.0541 3828  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:13:35.0557 3828  BrUsbSer - ok
15:13:35.0588 3828  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:13:35.0635 3828  BTHMODEM - ok
15:13:35.0682 3828  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:13:35.0760 3828  bthserv - ok
15:13:35.0775 3828  catchme - ok
15:13:35.0822 3828  [ A8AD33C9DD88C810CAC00ACC7F4329FB ] ccSet_NST       C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys
15:13:35.0838 3828  ccSet_NST - ok
15:13:35.0853 3828  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:13:35.0916 3828  cdfs - ok
15:13:35.0963 3828  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:13:35.0978 3828  cdrom - ok
15:13:36.0009 3828  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:13:36.0072 3828  CertPropSvc - ok
15:13:36.0087 3828  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:13:36.0134 3828  circlass - ok
15:13:36.0165 3828  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:13:36.0181 3828  CLFS - ok
15:13:36.0228 3828  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:13:36.0275 3828  clr_optimization_v2.0.50727_32 - ok
15:13:36.0321 3828  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:13:36.0368 3828  clr_optimization_v2.0.50727_64 - ok
15:13:36.0462 3828  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:13:36.0509 3828  clr_optimization_v4.0.30319_32 - ok
15:13:36.0555 3828  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:13:36.0571 3828  clr_optimization_v4.0.30319_64 - ok
15:13:36.0602 3828  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:13:36.0665 3828  CmBatt - ok
15:13:36.0696 3828  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:13:36.0711 3828  cmdide - ok
15:13:36.0774 3828  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:13:36.0805 3828  CNG - ok
15:13:36.0821 3828  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:13:36.0836 3828  Compbatt - ok
15:13:36.0867 3828  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:13:36.0899 3828  CompositeBus - ok
15:13:36.0899 3828  COMSysApp - ok
15:13:36.0930 3828  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:13:36.0945 3828  crcdisk - ok
15:13:36.0977 3828  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:13:37.0039 3828  CryptSvc - ok
15:13:37.0070 3828  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:13:37.0117 3828  DcomLaunch - ok
15:13:37.0164 3828  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:13:37.0242 3828  defragsvc - ok
15:13:37.0289 3828  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:13:37.0382 3828  DfsC - ok
15:13:37.0429 3828  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:13:37.0476 3828  Dhcp - ok
15:13:37.0507 3828  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:13:37.0569 3828  discache - ok
15:13:37.0601 3828  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:13:37.0616 3828  Disk - ok
15:13:37.0663 3828  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:13:37.0725 3828  Dnscache - ok
15:13:37.0803 3828  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:13:37.0850 3828  dot3svc - ok
15:13:37.0881 3828  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:13:37.0928 3828  DPS - ok
15:13:37.0959 3828  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:13:37.0975 3828  drmkaud - ok
15:13:38.0006 3828  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:13:38.0037 3828  DXGKrnl - ok
15:13:38.0084 3828  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:13:38.0147 3828  EapHost - ok
15:13:38.0412 3828  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:13:38.0521 3828  ebdrv - ok
15:13:38.0568 3828  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:13:38.0646 3828  EFS - ok
15:13:38.0724 3828  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:13:38.0802 3828  ehRecvr - ok
15:13:38.0817 3828  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:13:38.0849 3828  ehSched - ok
15:13:38.0880 3828  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:13:38.0895 3828  elxstor - ok
15:13:38.0973 3828  [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
15:13:39.0005 3828  EPSON_EB_RPCV4_04 - ok
15:13:39.0083 3828  [ CDCA791AFA0483F44BBA576DBFAFD04D ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
15:13:39.0145 3828  EPSON_PM_RPCV4_01 - ok
15:13:39.0161 3828  [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
15:13:39.0176 3828  EPSON_PM_RPCV4_04 - ok
15:13:39.0223 3828  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:13:39.0254 3828  ErrDev - ok
15:13:39.0317 3828  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:13:39.0363 3828  EventSystem - ok
15:13:39.0379 3828  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:13:39.0426 3828  exfat - ok
15:13:39.0457 3828  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:13:39.0488 3828  fastfat - ok
15:13:39.0551 3828  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:13:39.0613 3828  Fax - ok
15:13:39.0629 3828  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:13:39.0644 3828  fdc - ok
15:13:39.0675 3828  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:13:39.0707 3828  fdPHost - ok
15:13:39.0753 3828  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:13:39.0785 3828  FDResPub - ok
15:13:39.0816 3828  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:13:39.0831 3828  FileInfo - ok
15:13:39.0847 3828  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:13:39.0894 3828  Filetrace - ok
15:13:39.0909 3828  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:13:39.0925 3828  flpydisk - ok
15:13:39.0956 3828  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:13:39.0972 3828  FltMgr - ok
15:13:40.0019 3828  [ 6CD6BB45BD3E0EEF6CE496BF52854FF1 ] FlyUsb          C:\Windows\system32\DRIVERS\FlyUsb.sys
15:13:40.0081 3828  FlyUsb - ok
15:13:40.0143 3828  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:13:40.0206 3828  FontCache - ok
15:13:40.0268 3828  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:13:40.0284 3828  FontCache3.0.0.0 - ok
15:13:40.0299 3828  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:13:40.0315 3828  FsDepends - ok
15:13:40.0346 3828  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:13:40.0362 3828  Fs_Rec - ok
15:13:40.0409 3828  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:13:40.0440 3828  fvevol - ok
15:13:40.0455 3828  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:13:40.0455 3828  gagp30kx - ok
15:13:40.0549 3828  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:13:40.0580 3828  GamesAppService - ok
15:13:40.0611 3828  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:13:40.0627 3828  GEARAspiWDM - ok
15:13:40.0705 3828  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:13:40.0799 3828  gpsvc - ok
15:13:40.0892 3828  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
15:13:40.0939 3828  Greg_Service - ok
15:13:41.0001 3828  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:13:41.0017 3828  gupdate - ok
15:13:41.0033 3828  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:13:41.0048 3828  gupdatem - ok
15:13:41.0095 3828  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:13:41.0095 3828  gusvc - ok
15:13:41.0126 3828  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:13:41.0173 3828  hcw85cir - ok
15:13:41.0204 3828  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:13:41.0267 3828  HdAudAddService - ok
15:13:41.0282 3828  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:13:41.0298 3828  HDAudBus - ok
15:13:41.0313 3828  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:13:41.0329 3828  HidBatt - ok
15:13:41.0360 3828  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:13:41.0407 3828  HidBth - ok
15:13:41.0423 3828  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:13:41.0485 3828  HidIr - ok
15:13:41.0532 3828  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:13:41.0610 3828  hidserv - ok
15:13:41.0641 3828  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:13:41.0657 3828  HidUsb - ok
15:13:41.0672 3828  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:13:41.0766 3828  hkmsvc - ok
15:13:41.0797 3828  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:13:41.0875 3828  HomeGroupListener - ok
15:13:41.0906 3828  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:13:41.0953 3828  HomeGroupProvider - ok
15:13:41.0969 3828  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:13:41.0984 3828  HpSAMD - ok
15:13:42.0125 3828  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:13:42.0218 3828  HTTP - ok
15:13:42.0249 3828  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:13:42.0265 3828  hwpolicy - ok
15:13:42.0296 3828  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:13:42.0312 3828  i8042prt - ok
15:13:42.0343 3828  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:13:42.0359 3828  iaStorV - ok
15:13:42.0405 3828  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:13:42.0421 3828  idsvc - ok
15:13:42.0452 3828  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:13:42.0452 3828  iirsp - ok
15:13:42.0483 3828  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:13:42.0546 3828  IKEEXT - ok
15:13:42.0608 3828  [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:13:42.0639 3828  IntcAzAudAddService - ok
15:13:42.0655 3828  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:13:42.0671 3828  intelide - ok
15:13:42.0686 3828  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:13:42.0733 3828  intelppm - ok
15:13:42.0764 3828  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:13:42.0811 3828  IPBusEnum - ok
15:13:42.0842 3828  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:13:42.0873 3828  IpFilterDriver - ok
15:13:42.0920 3828  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:13:42.0983 3828  iphlpsvc - ok
15:13:43.0014 3828  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:13:43.0045 3828  IPMIDRV - ok
15:13:43.0076 3828  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:13:43.0139 3828  IPNAT - ok
15:13:43.0248 3828  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:13:43.0279 3828  iPod Service - ok
15:13:43.0295 3828  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:13:43.0341 3828  IRENUM - ok
15:13:43.0357 3828  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:13:43.0357 3828  isapnp - ok
15:13:43.0435 3828  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:13:43.0466 3828  iScsiPrt - ok
15:13:43.0482 3828  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:13:43.0482 3828  kbdclass - ok
15:13:43.0497 3828  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:13:43.0544 3828  kbdhid - ok
15:13:43.0575 3828  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:13:43.0575 3828  KeyIso - ok
15:13:43.0622 3828  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:13:43.0638 3828  KSecDD - ok
15:13:43.0653 3828  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:13:43.0653 3828  KSecPkg - ok
15:13:43.0685 3828  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:13:43.0747 3828  ksthunk - ok
15:13:43.0825 3828  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:13:43.0934 3828  KtmRm - ok
15:13:43.0965 3828  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:13:44.0075 3828  LanmanServer - ok
15:13:44.0121 3828  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:13:44.0184 3828  LanmanWorkstation - ok
15:13:44.0589 3828  [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
15:13:44.0761 3828  LeapFrog Connect Device Service - ok
15:13:44.0808 3828  [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys
15:13:44.0839 3828  Leapfrog-USBLAN - ok
15:13:44.0870 3828  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:13:44.0917 3828  lltdio - ok
15:13:44.0964 3828  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:13:45.0057 3828  lltdsvc - ok
15:13:45.0089 3828  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:13:45.0120 3828  lmhosts - ok
15:13:45.0151 3828  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:13:45.0167 3828  LSI_FC - ok
15:13:45.0182 3828  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:13:45.0198 3828  LSI_SAS - ok
15:13:45.0213 3828  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:13:45.0229 3828  LSI_SAS2 - ok
15:13:45.0260 3828  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:13:45.0276 3828  LSI_SCSI - ok
15:13:45.0291 3828  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:13:45.0338 3828  luafv - ok
15:13:45.0369 3828  [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
15:13:45.0385 3828  mbamchameleon - ok
15:13:45.0416 3828  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:13:45.0416 3828  MBAMProtector - ok
15:13:45.0447 3828  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:13:45.0463 3828  MBAMScheduler - ok
15:13:45.0510 3828  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:13:45.0541 3828  MBAMService - ok
15:13:45.0635 3828  [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
15:13:45.0666 3828  McComponentHostService - ok
15:13:45.0681 3828  MCSTRM - ok
15:13:45.0713 3828  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:13:45.0759 3828  Mcx2Svc - ok
15:13:45.0759 3828  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:13:45.0775 3828  megasas - ok
15:13:45.0822 3828  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:13:45.0822 3828  MegaSR - ok
15:13:45.0869 3828  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:13:45.0900 3828  MMCSS - ok
15:13:45.0915 3828  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:13:45.0962 3828  Modem - ok
15:13:45.0978 3828  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:13:46.0009 3828  monitor - ok
15:13:46.0009 3828  motccgp - ok
15:13:46.0025 3828  motccgpfl - ok
15:13:46.0040 3828  motmodem - ok
15:13:46.0040 3828  motport - ok
15:13:46.0071 3828  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:13:46.0071 3828  mouclass - ok
15:13:46.0103 3828  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:13:46.0103 3828  mouhid - ok
15:13:46.0149 3828  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:13:46.0165 3828  mountmgr - ok
15:13:46.0181 3828  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:13:46.0196 3828  mpio - ok
15:13:46.0212 3828  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:13:46.0243 3828  mpsdrv - ok
15:13:46.0305 3828  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:13:46.0337 3828  MpsSvc - ok
15:13:46.0415 3828  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:13:46.0461 3828  MRxDAV - ok
15:13:46.0524 3828  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:13:46.0571 3828  mrxsmb - ok
15:13:46.0617 3828  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:13:46.0664 3828  mrxsmb10 - ok
15:13:46.0695 3828  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:13:46.0711 3828  mrxsmb20 - ok
15:13:46.0727 3828  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:13:46.0727 3828  msahci - ok
15:13:46.0773 3828  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:13:46.0789 3828  msdsm - ok
15:13:46.0820 3828  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:13:46.0851 3828  MSDTC - ok
15:13:46.0883 3828  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:13:46.0914 3828  Msfs - ok
15:13:46.0929 3828  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:13:46.0976 3828  mshidkmdf - ok
15:13:47.0007 3828  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:13:47.0007 3828  msisadrv - ok
15:13:47.0023 3828  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:13:47.0085 3828  MSiSCSI - ok
15:13:47.0101 3828  msiserver - ok
15:13:47.0132 3828  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:13:47.0195 3828  MSKSSRV - ok
15:13:47.0210 3828  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:13:47.0288 3828  MSPCLOCK - ok
15:13:47.0319 3828  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:13:47.0366 3828  MSPQM - ok
15:13:47.0460 3828  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:13:47.0491 3828  MsRPC - ok
15:13:47.0507 3828  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:13:47.0522 3828  mssmbios - ok
15:13:47.0538 3828  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:13:47.0569 3828  MSTEE - ok
15:13:47.0585 3828  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:13:47.0631 3828  MTConfig - ok
15:13:47.0647 3828  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:13:47.0663 3828  Mup - ok
15:13:47.0678 3828  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:13:47.0741 3828  napagent - ok
15:13:47.0772 3828  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:13:47.0803 3828  NativeWifiP - ok
15:13:47.0865 3828  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:13:47.0912 3828  NDIS - ok
15:13:47.0959 3828  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:13:47.0990 3828  NdisCap - ok
15:13:48.0006 3828  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:13:48.0084 3828  NdisTapi - ok
15:13:48.0131 3828  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:13:48.0177 3828  Ndisuio - ok
15:13:48.0240 3828  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:13:48.0302 3828  NdisWan - ok
15:13:48.0365 3828  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:13:48.0396 3828  NDProxy - ok
15:13:48.0567 3828  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:13:48.0645 3828  Nero BackItUp Scheduler 4.0 - ok
15:13:48.0692 3828  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:13:48.0739 3828  NetBIOS - ok
15:13:48.0770 3828  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:13:48.0833 3828  NetBT - ok
15:13:48.0848 3828  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:13:48.0879 3828  Netlogon - ok
15:13:48.0957 3828  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:13:49.0020 3828  Netman - ok
15:13:49.0051 3828  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:13:49.0098 3828  netprofm - ok
15:13:49.0145 3828  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:13:49.0160 3828  NetTcpPortSharing - ok
15:13:49.0176 3828  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:13:49.0191 3828  nfrd960 - ok
15:13:49.0269 3828  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:13:49.0316 3828  NlaSvc - ok
15:13:49.0347 3828  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:13:49.0379 3828  Npfs - ok
15:13:49.0410 3828  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:13:49.0472 3828  nsi - ok
15:13:49.0503 3828  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:13:49.0535 3828  nsiproxy - ok
15:13:49.0628 3828  [ E127420B7FEB65C7F279EAAC183BBC0E ] NSL             C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
15:13:49.0659 3828  NSL - ok
15:13:49.0909 3828  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:13:49.0987 3828  Ntfs - ok
15:13:50.0003 3828  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:13:50.0065 3828  Null - ok
15:13:50.0845 3828  [ 8E6247F418B4C8AE9EEB0B532CABCC21 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:13:51.0048 3828  nvlddmkm - ok
15:13:51.0110 3828  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:13:51.0126 3828  nvraid - ok
15:13:51.0141 3828  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:13:51.0157 3828  nvstor - ok
15:13:51.0188 3828  [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
15:13:51.0204 3828  nvstor64 - ok
15:13:51.0235 3828  [ 59DD481E0063F8F7EA8B9F149FCACF32 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:13:51.0251 3828  nvsvc - ok
15:13:51.0282 3828  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:13:51.0313 3828  nv_agp - ok
15:13:51.0375 3828  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:13:51.0391 3828  odserv - ok
15:13:51.0469 3828  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:13:51.0485 3828  ohci1394 - ok
15:13:51.0531 3828  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:13:51.0563 3828  ose - ok
15:13:51.0578 3828  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:13:51.0609 3828  p2pimsvc - ok
15:13:51.0625 3828  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:13:51.0656 3828  p2psvc - ok
15:13:51.0687 3828  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:13:51.0703 3828  Parport - ok
15:13:51.0734 3828  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:13:51.0750 3828  partmgr - ok
15:13:51.0797 3828  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:13:51.0812 3828  PcaSvc - ok
15:13:51.0828 3828  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:13:51.0843 3828  pci - ok
15:13:51.0890 3828  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:13:51.0890 3828  pciide - ok
15:13:51.0921 3828  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:13:51.0921 3828  pcmcia - ok
15:13:51.0937 3828  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:13:51.0953 3828  pcw - ok
15:13:51.0984 3828  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:13:52.0031 3828  PEAUTH - ok
15:13:52.0499 3828  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:13:52.0545 3828  PerfHost - ok
15:13:52.0655 3828  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:13:52.0779 3828  pla - ok
15:13:52.0842 3828  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:13:52.0889 3828  PlugPlay - ok
15:13:52.0920 3828  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:13:52.0935 3828  PNRPAutoReg - ok
15:13:52.0951 3828  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:13:52.0967 3828  PNRPsvc - ok
15:13:53.0013 3828  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:13:53.0076 3828  PolicyAgent - ok
15:13:53.0107 3828  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:13:53.0169 3828  Power - ok
15:13:53.0216 3828  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:13:53.0263 3828  PptpMiniport - ok
15:13:53.0294 3828  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:13:53.0325 3828  Processor - ok
15:13:53.0372 3828  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:13:53.0450 3828  ProfSvc - ok
15:13:53.0466 3828  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:13:53.0481 3828  ProtectedStorage - ok
15:13:53.0513 3828  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:13:53.0559 3828  Psched - ok
15:13:53.0606 3828  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:13:53.0653 3828  ql2300 - ok
15:13:53.0669 3828  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:13:53.0669 3828  ql40xx - ok
15:13:53.0700 3828  qubnnmlt - ok
15:13:53.0731 3828  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:13:53.0762 3828  QWAVE - ok
15:13:53.0778 3828  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:13:53.0840 3828  QWAVEdrv - ok
15:13:53.0871 3828  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:13:53.0903 3828  RasAcd - ok
15:13:53.0934 3828  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:13:53.0965 3828  RasAgileVpn - ok
15:13:53.0981 3828  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:13:54.0012 3828  RasAuto - ok
15:13:54.0059 3828  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:13:54.0105 3828  Rasl2tp - ok
15:13:54.0168 3828  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:13:54.0199 3828  RasMan - ok
15:13:54.0215 3828  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:13:54.0277 3828  RasPppoe - ok
15:13:54.0308 3828  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:13:54.0355 3828  RasSstp - ok
15:13:54.0449 3828  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:13:54.0527 3828  rdbss - ok
15:13:54.0542 3828  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:13:54.0589 3828  rdpbus - ok
15:13:54.0620 3828  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:13:54.0667 3828  RDPCDD - ok
15:13:54.0683 3828  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:13:54.0761 3828  RDPENCDD - ok
15:13:54.0792 3828  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:13:54.0823 3828  RDPREFMP - ok
15:13:54.0854 3828  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:13:54.0885 3828  RDPWD - ok
15:13:54.0932 3828  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:13:54.0948 3828  rdyboost - ok
15:13:54.0979 3828  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:13:55.0041 3828  RemoteAccess - ok
15:13:55.0073 3828  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:13:55.0119 3828  RemoteRegistry - ok
15:13:55.0135 3828  rirfsvbp - ok
15:13:55.0166 3828  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:13:55.0229 3828  RpcEptMapper - ok
15:13:55.0291 3828  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:13:55.0338 3828  RpcLocator - ok
15:13:55.0385 3828  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:13:55.0431 3828  RpcSs - ok
15:13:55.0463 3828  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:13:55.0525 3828  rspndr - ok
15:13:55.0587 3828  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:13:55.0650 3828  RTL8167 - ok
15:13:55.0665 3828  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:13:55.0681 3828  SamSs - ok
15:13:55.0728 3828  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:13:55.0743 3828  SASDIFSV - ok
15:13:55.0759 3828  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:13:55.0775 3828  SASKUTIL - ok
15:13:55.0806 3828  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:13:55.0821 3828  sbp2port - ok
15:13:55.0853 3828  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:13:55.0884 3828  SCardSvr - ok
15:13:55.0915 3828  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:13:55.0977 3828  scfilter - ok
15:13:56.0040 3828  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:13:56.0102 3828  Schedule - ok
15:13:56.0149 3828  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:13:56.0180 3828  SCPolicySvc - ok
15:13:56.0211 3828  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:13:56.0274 3828  SDRSVC - ok
15:13:56.0305 3828  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:13:56.0367 3828  secdrv - ok
15:13:56.0399 3828  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:13:56.0492 3828  seclogon - ok
15:13:56.0539 3828  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:13:56.0586 3828  SENS - ok
15:13:56.0601 3828  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:13:56.0664 3828  SensrSvc - ok
15:13:56.0679 3828  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:13:56.0711 3828  Serenum - ok
15:13:56.0742 3828  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:13:56.0757 3828  Serial - ok
15:13:56.0789 3828  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:13:56.0835 3828  sermouse - ok
15:13:56.0898 3828  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:13:56.0929 3828  SessionEnv - ok
15:13:56.0960 3828  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:13:57.0007 3828  sffdisk - ok
15:13:57.0023 3828  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:13:57.0085 3828  sffp_mmc - ok
15:13:57.0085 3828  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:13:57.0132 3828  sffp_sd - ok
15:13:57.0147 3828  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:13:57.0194 3828  sfloppy - ok
15:13:57.0241 3828  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:13:57.0272 3828  SharedAccess - ok
15:13:57.0335 3828  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:13:57.0397 3828  ShellHWDetection - ok
15:13:57.0428 3828  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:13:57.0444 3828  SiSRaid2 - ok
15:13:57.0459 3828  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:13:57.0475 3828  SiSRaid4 - ok
15:13:57.0506 3828  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:13:57.0537 3828  Smb - ok
15:13:57.0584 3828  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:13:57.0631 3828  SNMPTRAP - ok
15:13:57.0662 3828  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:13:57.0678 3828  spldr - ok
15:13:57.0725 3828  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:13:57.0756 3828  Spooler - ok
15:13:58.0037 3828  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:13:58.0146 3828  sppsvc - ok
15:13:58.0161 3828  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:13:58.0208 3828  sppuinotify - ok
15:13:58.0255 3828  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:13:58.0302 3828  srv - ok
15:13:58.0333 3828  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:13:58.0380 3828  srv2 - ok
15:13:58.0427 3828  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:13:58.0458 3828  srvnet - ok
15:13:58.0489 3828  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:13:58.0567 3828  SSDPSRV - ok
15:13:58.0598 3828  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:13:58.0629 3828  SstpSvc - ok
15:13:58.0661 3828  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:13:58.0692 3828  stexstor - ok
15:13:58.0739 3828  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:13:58.0754 3828  StillCam - ok
15:13:58.0801 3828  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:13:58.0832 3828  stisvc - ok
15:13:58.0879 3828  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:13:58.0895 3828  swenum - ok
15:13:58.0910 3828  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:13:58.0957 3828  swprv - ok
15:13:59.0051 3828  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:13:59.0129 3828  SysMain - ok
15:13:59.0160 3828  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:13:59.0175 3828  TabletInputService - ok
15:13:59.0207 3828  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:13:59.0238 3828  TapiSrv - ok
15:13:59.0269 3828  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:13:59.0300 3828  TBS - ok
15:13:59.0519 3828  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:13:59.0597 3828  Tcpip - ok
15:13:59.0643 3828  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:13:59.0690 3828  TCPIP6 - ok
15:13:59.0737 3828  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:13:59.0784 3828  tcpipreg - ok
15:13:59.0831 3828  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:13:59.0893 3828  TDPIPE - ok
15:13:59.0909 3828  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:13:59.0940 3828  TDTCP - ok
15:13:59.0987 3828  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:14:00.0033 3828  tdx - ok
15:14:00.0080 3828  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:14:00.0096 3828  TermDD - ok
15:14:00.0127 3828  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:14:00.0189 3828  TermService - ok
15:14:00.0252 3828  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:14:00.0283 3828  Themes - ok
15:14:00.0314 3828  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:14:00.0361 3828  THREADORDER - ok
15:14:00.0377 3828  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:14:00.0423 3828  TrkWks - ok
15:14:00.0564 3828  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:14:00.0611 3828  TrustedInstaller - ok
15:14:00.0673 3828  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:14:00.0735 3828  tssecsrv - ok
15:14:00.0798 3828  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:14:00.0860 3828  TsUsbFlt - ok
15:14:00.0891 3828  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:14:00.0938 3828  tunnel - ok
15:14:00.0985 3828  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:14:01.0001 3828  uagp35 - ok
15:14:01.0047 3828  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:14:01.0094 3828  udfs - ok
15:14:01.0172 3828  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:14:01.0188 3828  UI0Detect - ok
15:14:01.0203 3828  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:14:01.0219 3828  uliagpkx - ok
15:14:01.0250 3828  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
15:14:01.0313 3828  umbus - ok
15:14:01.0328 3828  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:14:01.0359 3828  UmPass - ok
15:14:01.0422 3828  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
15:14:01.0437 3828  Updater Service - ok
15:14:01.0469 3828  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:14:01.0531 3828  upnphost - ok
15:14:01.0547 3828  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:14:01.0609 3828  USBAAPL64 - ok
15:14:01.0640 3828  [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus          C:\Windows\system32\DRIVERS\lgx64bus.sys
15:14:01.0704 3828  usbbus - ok
15:14:01.0704 3828  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:14:01.0750 3828  usbccgp - ok
15:14:01.0782 3828  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:14:01.0813 3828  usbcir - ok
15:14:01.0860 3828  [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag         C:\Windows\system32\DRIVERS\lgx64diag.sys
15:14:01.0891 3828  UsbDiag - ok
15:14:01.0938 3828  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:14:02.0000 3828  usbehci - ok
15:14:02.0016 3828  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:14:02.0062 3828  usbhub - ok
15:14:02.0078 3828  [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem        C:\Windows\system32\DRIVERS\lgx64modem.sys
15:14:02.0109 3828  USBModem - ok
15:14:02.0125 3828  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:14:02.0172 3828  usbohci - ok
15:14:02.0203 3828  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:14:02.0250 3828  usbprint - ok
15:14:02.0265 3828  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:14:02.0312 3828  usbscan - ok
15:14:02.0328 3828  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:14:02.0390 3828  USBSTOR - ok
15:14:02.0406 3828  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:14:02.0452 3828  usbuhci - ok
15:14:02.0484 3828  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:14:02.0577 3828  UxSms - ok
15:14:02.0593 3828  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:14:02.0608 3828  VaultSvc - ok
15:14:02.0608 3828  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:14:02.0624 3828  vdrvroot - ok
15:14:02.0702 3828  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:14:02.0764 3828  vds - ok
15:14:02.0780 3828  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:14:02.0796 3828  vga - ok
15:14:02.0811 3828  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:14:02.0874 3828  VgaSave - ok
15:14:02.0889 3828  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:14:02.0905 3828  vhdmp - ok
15:14:02.0936 3828  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:14:02.0952 3828  viaide - ok
15:14:02.0952 3828  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:14:02.0967 3828  volmgr - ok
15:14:02.0998 3828  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:14:03.0014 3828  volmgrx - ok
15:14:03.0045 3828  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:14:03.0076 3828  volsnap - ok
15:14:03.0108 3828  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:14:03.0123 3828  vsmraid - ok
15:14:03.0248 3828  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:14:03.0357 3828  VSS - ok
15:14:03.0607 3828  [ 654D358F8DC18167F31A01166B4CA9D6 ] vToolbarUpdater15.3.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
15:14:03.0669 3828  vToolbarUpdater15.3.0 - ok
15:14:03.0685 3828  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:14:03.0732 3828  vwifibus - ok
15:14:03.0778 3828  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:14:03.0810 3828  W32Time - ok
15:14:03.0841 3828  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:14:03.0888 3828  WacomPen - ok
15:14:03.0934 3828  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:14:03.0997 3828  WANARP - ok
15:14:04.0012 3828  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:14:04.0044 3828  Wanarpv6 - ok
15:14:04.0122 3828  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:14:04.0168 3828  WatAdminSvc - ok
15:14:04.0231 3828  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:14:04.0324 3828  wbengine - ok
15:14:04.0356 3828  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:14:04.0371 3828  WbioSrvc - ok
15:14:04.0418 3828  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:14:04.0480 3828  wcncsvc - ok
15:14:04.0496 3828  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:14:04.0558 3828  WcsPlugInService - ok
15:14:04.0590 3828  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:14:04.0605 3828  Wd - ok
15:14:04.0636 3828  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:14:04.0652 3828  Wdf01000 - ok
15:14:04.0668 3828  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:14:04.0777 3828  WdiServiceHost - ok
15:14:04.0777 3828  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:14:04.0792 3828  WdiSystemHost - ok
15:14:04.0855 3828  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:14:04.0902 3828  WebClient - ok
15:14:04.0933 3828  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:14:04.0980 3828  Wecsvc - ok
15:14:04.0995 3828  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:14:05.0058 3828  wercplsupport - ok
15:14:05.0073 3828  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:14:05.0120 3828  WerSvc - ok
15:14:05.0151 3828  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:14:05.0182 3828  WfpLwf - ok
15:14:05.0198 3828  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:14:05.0214 3828  WIMMount - ok
15:14:05.0229 3828  WinDefend - ok
15:14:05.0245 3828  WinHttpAutoProxySvc - ok
15:14:05.0292 3828  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:14:05.0354 3828  Winmgmt - ok
15:14:05.0557 3828  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:14:05.0682 3828  WinRM - ok
15:14:05.0728 3828  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:14:05.0775 3828  WinUsb - ok
15:14:05.0806 3828  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:14:05.0822 3828  Wlansvc - ok
15:14:05.0853 3828  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:14:05.0869 3828  WmiAcpi - ok
15:14:05.0884 3828  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:14:05.0900 3828  wmiApSrv - ok
15:14:05.0916 3828  WMPNetworkSvc - ok
15:14:05.0931 3828  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:14:05.0962 3828  WPCSvc - ok
15:14:05.0994 3828  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:14:06.0009 3828  WPDBusEnum - ok
15:14:06.0040 3828  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:14:06.0072 3828  ws2ifsl - ok
15:14:06.0118 3828  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:14:06.0150 3828  wscsvc - ok
15:14:06.0165 3828  WSearch - ok
15:14:06.0306 3828  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:14:06.0384 3828  wuauserv - ok
15:14:06.0415 3828  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:14:06.0462 3828  WudfPf - ok
15:14:06.0493 3828  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:14:06.0493 3828  WUDFRd - ok
15:14:06.0524 3828  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:14:06.0540 3828  wudfsvc - ok
15:14:06.0649 3828  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:14:06.0883 3828  WwanSvc - ok
15:14:06.0914 3828  wwbgnhga - ok
15:14:06.0930 3828  ================ Scan global ===============================
15:14:07.0101 3828  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:14:07.0148 3828  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:14:07.0164 3828  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:14:07.0210 3828  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:14:07.0273 3828  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:14:07.0273 3828  [Global] - ok
15:14:07.0288 3828  ================ Scan MBR ==================================
15:14:07.0304 3828  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:14:08.0162 3828  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:14:08.0162 3828  \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:14:08.0162 3828  ================ Scan VBR ==================================
15:14:08.0193 3828  [ 2B0645963850A52BBB55A3562AABD749 ] \Device\Harddisk0\DR0\Partition1
15:14:08.0193 3828  \Device\Harddisk0\DR0\Partition1 - ok
15:14:08.0209 3828  [ 9E06B3DF05DA8E3DB83398B5CC6FAE57 ] \Device\Harddisk0\DR0\Partition2
15:14:08.0209 3828  \Device\Harddisk0\DR0\Partition2 - ok
15:14:08.0209 3828  ============================================================
15:14:08.0209 3828  Scan finished
15:14:08.0209 3828  ============================================================
15:14:08.0240 3800  Detected object count: 2
15:14:08.0240 3800  Actual detected object count: 2
15:16:48.0703 3800  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:48.0703 3800  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:48.0749 3800  \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:16:48.0781 3800  \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:16:48.0796 3800  \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:16:48.0796 3800  \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:16:48.0796 3800  \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:16:48.0812 3800  \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:16:48.0812 3800  \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:16:48.0812 3800  \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:16:48.0812 3800  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:16:48.0812 3800  \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:16:48.0827 3800  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:16:48.0827 3800  \Device\Harddisk0\DR0\TDLFS - deleted
15:16:48.0827 3800  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
15:17:04.0880 3528  Deinitialize success
 

 

 

Thanks!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 10 July 2013 - 07:12 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 25

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Please run the ComboFix tool one more time and post the log.

Let me know if the problem persists.

#9 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 10 July 2013 - 09:59 AM

Nasdaq,

 

I have performed the updates and have run ComboFix one more time. Here is the log:

 

ComboFix 13-07-09.01 - Christine 07/10/2013  10:28:14.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2218 [GMT -4:00]
Running from: c:\users\Christine\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-10 to 2013-07-10  )))))))))))))))))))))))))))))))
.
.
2013-07-10 14:43 . 2013-07-10 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-10 14:43 . 2013-07-10 14:43 -------- d-----w- c:\users\Anthony\AppData\Local\temp
2013-07-10 14:31 . 2013-07-10 14:31 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7A2C4DC-F41C-48CE-8E12-726C42160D3C}\offreg.dll
2013-07-10 13:53 . 2013-07-10 13:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-07-10 13:50 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 13:50 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 13:48 . 2013-07-10 13:47 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-10 13:48 . 2013-07-10 13:47 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-10 13:48 . 2013-07-10 13:47 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-10 13:48 . 2013-07-10 13:47 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-10 13:48 . 2013-07-10 13:47 188840 ----a-w- c:\windows\system32\java.exe
2013-07-10 13:43 . 2013-06-17 06:10 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7A2C4DC-F41C-48CE-8E12-726C42160D3C}\mpengine.dll
2013-07-09 19:16 . 2013-07-09 19:16 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-07 23:24 . 2013-07-07 23:24 -------- d-----w- c:\windows\ERUNT
2013-07-07 23:24 . 2013-07-07 23:24 -------- d-----w- C:\JRT
2013-07-04 01:23 . 2013-07-04 01:23 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-03 07:44 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-07-03 07:44 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-07-03 07:44 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-07-03 07:44 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-07-03 07:14 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-07-03 07:14 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-07-03 07:14 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-07-03 07:14 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-07-03 07:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-07-03 07:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-07-03 07:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-07-03 07:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-07-03 07:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-07-03 07:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-07-03 07:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-07-03 07:07 . 2013-07-10 14:13 -------- d-----w- c:\program files\Microsoft Silverlight
2013-07-03 07:07 . 2013-07-10 14:13 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-07-03 04:09 . 2013-07-03 04:09 -------- d-----w- c:\program files\iPod
2013-07-03 04:09 . 2013-07-03 04:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-03 04:09 . 2013-07-03 04:09 -------- d-----w- c:\program files\iTunes
2013-07-03 04:09 . 2013-07-03 04:09 -------- d-----w- c:\program files (x86)\iTunes
2013-07-02 21:09 . 2013-07-02 21:09 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-07-02 21:09 . 2013-07-02 21:09 -------- d-----w- c:\program files\NVIDIA Corporation
2013-07-02 20:54 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-02 20:53 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-07-02 20:52 . 2012-12-07 11:20 30720 ----a-w- c:\windows\system32\usk.rs
2013-07-02 20:51 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-07-02 20:50 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-07-02 20:38 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-07-02 20:38 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-07-02 07:52 . 2013-07-02 08:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-02 07:51 . 2013-07-02 07:51 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-07-02 07:26 . 2013-07-02 07:26 -------- d-----w- c:\users\Christine\AppData\Roaming\Malwarebytes
2013-07-02 07:26 . 2013-07-02 07:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-02 07:26 . 2013-07-02 07:26 -------- d-----w- c:\programdata\Malwarebytes
2013-07-02 07:26 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-02 07:26 . 2013-07-02 07:26 -------- d-----w- c:\users\Christine\AppData\Local\Programs
2013-07-01 03:48 . 2013-07-01 03:48 -------- d-----w- c:\program files\HitmanPro
2013-07-01 01:56 . 2013-07-01 01:56 -------- d-----w- c:\users\Anthony\AppData\Roaming\SUPERAntiSpyware.com
2013-07-01 01:46 . 2013-07-01 02:55 -------- d-----w- c:\programdata\HitmanPro
2013-06-26 13:03 . 2013-07-01 01:44 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-06-13 18:30 . 2013-06-13 18:30 -------- d-----w- c:\users\Anthony\AppData\Local\AVG SafeGuard toolbar
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-10 14:26 . 2011-10-10 13:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 14:07 . 2011-10-09 22:34 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-10 13:47 . 2011-06-01 03:32 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-04 01:23 . 2011-06-01 03:29 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-02 20:59 . 2010-09-29 20:14 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-07-02 20:42 . 2010-11-28 18:42 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-07-02 20:38 . 2010-11-28 18:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-06-26 13:03 . 2013-05-06 17:21 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-05-02 06:06 . 2010-02-12 22:04 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-07-02 20:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-07-02 20:54 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-07-02 20:54 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 05:49 . 2013-07-02 20:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 04:45 . 2013-07-02 20:54 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-07-02 20:54 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 2672488]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R1 qubnnmlt;qubnnmlt;c:\windows\system32\drivers\qubnnmlt.sys;c:\windows\SYSNATIVE\drivers\qubnnmlt.sys [x]
R1 rirfsvbp;rirfsvbp;c:\windows\system32\drivers\rirfsvbp.sys;c:\windows\SYSNATIVE\drivers\rirfsvbp.sys [x]
R1 wwbgnhga;wwbgnhga;c:\windows\system32\drivers\wwbgnhga.sys;c:\windows\SYSNATIVE\drivers\wwbgnhga.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys;c:\windows\SYSNATIVE\DRIVERS\motport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\0200000.010\ccSetx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-10 14:26]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 22:04]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 22:04]
.
2013-07-10 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-05-06 17:47]
.
2013-07-03 c:\windows\Tasks\Norton Security Scan for Christine.job
- c:\progra~2\NORTON~2\Engine\360~1.31\Nss.exe [2011-11-11 15:22]
.
2013-07-10 c:\windows\Tasks\SmartPCFix Task.job
- c:\program files (x86)\SmartPCFix\SmartPCFix.exe [2013-05-06 03:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}"=hex:51,66,7a,6c,4c,1d,38,12,cc,ed,dd,
   34,70,79,8a,05,fa,cb,c2,6b,f4,95,fc,29
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F0DA78E9-6B60-42FB-BC26-EF2CFB8C8FF3}"=hex:51,66,7a,6c,4c,1d,38,12,87,7b,c9,
   f4,52,25,95,07,c3,30,ac,6c,fe,d2,cb,e7
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:88,35,ed,49,32,1e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,7b,16,5f,c3,42,5e,45,a4,ef,7e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,7b,16,5f,c3,42,5e,45,a4,ef,7e,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-10  10:46:35
ComboFix-quarantined-files.txt  2013-07-10 14:46
ComboFix2.txt  2013-07-07 23:56
.
Pre-Run: 612,892,983,296 bytes free
Post-Run: 611,929,550,848 bytes free
.
- - End Of File - - 243E987352FA8F2508F50AC7F01DD226
A36C5E4F47E84449FF07ED3517B43A31
 

Unfortunately SmartPCFix still remains. The only other thing I haven't done is attempt to remove it from add/remove programs because I wasn't sure if it would attempt to install more software or what. Please let me know if you recommend doing that.

 

Thanks!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 10 July 2013 - 11:57 AM

Use the Add/Remove programs to remove it.

Remove the SmartPCFix Task.job file from the Task folder. (if still present)

Delete the folder in bold c:\program files (x86)\SmartPCFix\ (if still present)

Restart the computer normally.

How is it now?

#11 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 10 July 2013 - 12:28 PM

Ugh... I'm so sorry I wasted your time Nasdaq. I uninstalled it from add/remove programs and it seems to have been wiped away successfully. It didn't load back up and on reboot the computer looks fine. The only issue I noticed before hand was randomly on the other account when loading internet explorer it was warning that with the given settings the computer was at risk, but I reset those and it seems fine. I'm going to install Windows Security Essentials and leave it at that. Researching before hand I found it was malware and was terribly afraid of side effects of uninstalling that way.

 

Again, very sorry for wasting your time, but thank you so much for all of the awesome help you have provided!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 10 July 2013 - 01:11 PM

No time was lost on my part.

I know now that the easy way to remove it is with the Add/Remove Progams applet.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#13 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 10 July 2013 - 05:23 PM

Thanks Nasdaq.

 

I've gone ahead and performed the cleanup procedures. I may have had a problem with Combofix uninstalling correctly however I'm not overly worried about it. That program had a strange lag on this computer. I've installed MSE as well as Comodo and WOT. I've hidden icons for IE and have replaced them with Firefox. Thanks for your help!



#14 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 11 July 2013 - 07:02 AM

Delete any folders created by ComboFix.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 PM

Posted 11 July 2013 - 07:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users