Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need some Help with a Rootkit!


  • This topic is locked This topic is locked
48 replies to this topic

#1 pavmsk

pavmsk

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 04 August 2012 - 02:19 PM

Iam really struggling with this PUP.crossfire virus that wont go away and in my previous thread http://www.bleepingcomputer.com/forums/topic462753.html/page__p__2789937#entry2789937
One of the mods told me i have a rootkit. This computer is fairly new so i cant afford for it to get ruined, thanks!

The MOD told me not to post a GMR log but i will if needed.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 06 August 2012 - 11:49 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pavmsk

pavmsk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 07 August 2012 - 05:29 PM

COMBO FIX LOG


ComboFix 12-08-07.03 - Peter Jr 08/07/2012 11:04:55.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3334 [GMT -6:00]
Running from: c:\users\Peter Jr\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120807001358.109999
c:\programdata\boost_interprocess\20120807001358.109999\Nobu64AgentService
c:\programdata\boost_interprocess\20120807001358.109999\Nobu64TrayIcon
c:\programdata\boost_interprocess\20120807081343.660650
c:\programdata\boost_interprocess\20120807081343.660650\Nobu64AgentService
c:\programdata\boost_interprocess\20120807081343.660650\Nobu64TrayIcon
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 17:13 . 2012-08-07 17:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 17:13 . 2012-08-07 17:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-07 17:13 . 2012-08-07 17:13 -------- d-----w- c:\users\Programmer\AppData\Local\temp
2012-08-07 17:13 . 2012-08-07 17:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-07 16:51 . 2012-08-07 16:51 -------- d-----w- c:\users\Peter Jr\AppData\Roaming\Apple Computer
2012-08-06 08:19 . 2012-08-06 08:19 -------- d-----w- c:\users\Programmer\AppData\Local\Amazon
2012-08-06 05:25 . 2011-05-29 15:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-08-06 05:25 . 2012-07-03 19:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 20:41 . 2011-08-16 12:57 1505104 ----a-w- c:\windows\SysWow64\msvcr100d.dll
2012-08-04 20:41 . 2011-08-16 12:57 743760 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2012-08-04 20:41 . 2011-08-16 12:57 103760 ----a-w- c:\windows\SysWow64\mfcm100d.dll
2012-08-04 20:41 . 2011-08-16 12:57 7055696 ----a-w- c:\windows\SysWow64\mfc100d.dll
2012-08-04 20:41 . 2011-08-16 12:57 7124304 ----a-w- c:\windows\SysWow64\mfc100ud.dll
2012-08-04 20:41 . 2011-08-16 12:57 105296 ----a-w- c:\windows\SysWow64\mfcm100ud.dll
2012-08-04 20:41 . 2008-11-08 22:09 428544 ----a-w- c:\windows\AutoReseal.exe
2012-08-04 20:41 . 2007-11-15 01:13 423936 ----a-w- c:\windows\Reseal64.exe
2012-08-01 04:53 . 2012-08-01 04:53 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-07-31 22:25 . 2012-07-31 22:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-07-26 22:18 . 2012-07-26 22:18 -------- d-----w- c:\program files\CCleaner
2012-07-26 19:37 . 2012-07-26 19:37 -------- d-----w- c:\program files (x86)\ESET
2012-07-26 18:26 . 2012-07-26 18:26 -------- d-----w- c:\users\Programmer\AppData\Roaming\Malwarebytes
2012-07-26 18:10 . 2012-07-26 18:10 -------- d-----w- c:\users\Peter Jr\AppData\Roaming\Malwarebytes
2012-07-26 18:10 . 2012-07-26 18:10 -------- d-----w- c:\programdata\Malwarebytes
2012-07-25 21:19 . 2012-07-29 19:49 -------- d-----w- c:\users\Programmer\AppData\Local\Windows Live
2012-07-25 20:25 . 2012-07-25 20:25 -------- d-----w- c:\users\Programmer\AppData\Local\Programs
2012-07-25 16:47 . 2012-08-07 17:01 -------- d-s---w- c:\users\Programmer\Google Drive
2012-07-25 16:45 . 2012-07-25 16:46 -------- d-----w- c:\program files (x86)\Google
2012-07-25 02:53 . 2012-07-25 02:53 -------- d-----w- c:\users\Programmer\AppData\Local\Samsung
2012-07-23 06:11 . 2012-07-23 06:11 -------- d-----w- c:\users\Programmer\AppData\Local\Macromedia
2012-07-23 06:04 . 2012-07-23 06:04 -------- d-----w- c:\users\Programmer\AppData\Local\Mozilla
2012-07-23 06:04 . 2012-07-23 06:04 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-22 21:26 . 2012-07-22 21:26 96376 ----a-w- c:\windows\system32\drivers\SMR300.SYS
2012-07-22 19:15 . 2012-07-22 19:15 -------- d-----w- c:\users\Programmer\AppData\Local\Apple
2012-07-22 09:29 . 2012-07-23 07:58 -------- d-----w- c:\users\Programmer\AppData\Local\Adobe
2012-07-21 21:52 . 1999-11-10 18:05 86016 ----a-w- c:\windows\unvise32qt.exe
2012-07-21 21:50 . 2012-07-21 22:03 -------- d-----w- c:\programdata\QuickTime
2012-07-21 21:44 . 2012-07-21 21:44 -------- d-----w- c:\users\Programmer\AppData\Roaming\PowerISO
2012-07-21 21:37 . 2012-07-21 21:37 -------- d--h--w- c:\programdata\Common Files
2012-07-21 07:31 . 2012-07-21 07:31 -------- d-----w- c:\users\Programmer\AppData\Roaming\dBpoweramp
2012-07-20 22:15 . 2012-07-20 22:15 -------- d-----w- c:\program files (x86)\DSP-worx
2012-07-20 21:41 . 2012-07-20 21:41 -------- d-----w- c:\users\Peter Jr\AppData\Roaming\AccurateRip
2012-07-20 21:40 . 2012-07-20 21:45 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-07-19 15:27 . 2012-07-19 15:27 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2012-07-19 15:27 . 2012-07-19 15:27 -------- d-----w- c:\users\Guest\AppData\Local\Power2Go
2012-07-18 20:04 . 2012-07-19 00:31 -------- d-----w- c:\users\Programmer\AppData\Roaming\Apple Computer
2012-07-18 20:04 . 2012-07-18 20:04 -------- d-----w- c:\users\Programmer\AppData\Local\Apple Computer
2012-07-18 20:04 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-18 20:04 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-18 20:04 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 20:02 . 2012-07-18 20:02 -------- d-----w- c:\program files\iPod
2012-07-18 20:02 . 2012-07-18 20:04 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-07-18 20:02 . 2012-07-18 20:04 -------- d-----w- c:\program files\iTunes
2012-07-18 20:02 . 2012-07-18 20:04 -------- d-----w- c:\program files (x86)\iTunes
2012-07-18 20:02 . 2012-07-18 20:02 -------- d-----w- c:\programdata\Apple Computer
2012-07-18 20:01 . 2012-07-18 20:01 -------- d-----w- c:\users\Peter Jr\AppData\Local\Apple
2012-07-18 20:01 . 2012-07-18 20:01 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\program files\Common Files\Apple
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\program files (x86)\Bonjour
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\program files\Bonjour
2012-07-18 20:00 . 2012-07-18 20:02 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-07-18 20:00 . 2012-07-18 20:01 -------- d-----w- c:\programdata\Apple
2012-07-17 23:30 . 2012-08-07 01:19 -------- d-----w- c:\users\Programmer\AppData\Roaming\uTorrent
2012-07-17 05:00 . 2012-07-25 02:44 -------- d-----w- c:\users\Programmer\AppData\Roaming\CyberLink
2012-07-17 05:00 . 2012-07-20 23:59 -------- d-----w- c:\users\Programmer\AppData\Local\CyberLink
2012-07-16 20:28 . 2012-08-03 04:16 -------- d-----w- c:\users\Programmer\AppData\Local\CrashDumps
2012-07-12 23:05 . 2012-07-31 00:30 -------- d-----w- c:\users\Programmer\AppData\Local\Diagnostics
2012-07-12 17:58 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 16:57 . 2012-07-01 20:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 16:57 . 2012-07-01 20:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 17:53 . 2012-06-18 18:11 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-23 23:25 . 2012-06-23 23:25 25600 ----a-r- c:\users\Peter Jr\AppData\Roaming\Microsoft\Installer\{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}\python_icon.exe
2012-06-23 23:23 . 2012-06-23 23:25 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-06-22 22:01 . 2012-06-22 22:01 25600 ----a-r- c:\users\Programmer\AppData\Roaming\Microsoft\Installer\{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}\python_icon.exe
2012-06-02 22:19 . 2012-06-21 15:02 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:02 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:02 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:02 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:02 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:02 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-21 15:02 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:15 . 2012-06-21 15:02 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 21:56 . 2012-05-30 04:26 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-05-29 17:06 . 2011-03-28 09:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-29 17:00 . 2012-05-29 17:00 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GoogleChromeAutoLaunch_FA1446F9ADF051B019FC7082BA275B27"="c:\users\Peter Jr\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-06-28 1250328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\users\Programmer\Desktop\New folder (3)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 116648]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-04 25960]
S0 SMR300;Symantec SMR Utility Service 3.0.0;c:\windows\System32\drivers\SMR300.SYS [2012-07-22 96376]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120803.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120807.001\IDSvia64.sys [2012-06-14 509088]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2011-08-16 13824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\users\Programmer\Desktop\New folder (3)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-04 1997416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [2011-04-11 7680]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-01 138912]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 16:57]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 16:45]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 16:45]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753184094-2554180761-3416680913-1001Core.job
- c:\users\Peter Jr\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 04:33]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753184094-2554180761-3416680913-1001UA.job
- c:\users\Peter Jr\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 04:33]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753184094-2554180761-3416680913-1003Core.job
- c:\users\Programmer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 21:30]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753184094-2554180761-3416680913-1003UA.job
- c:\users\Programmer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 21:30]
.
2012-08-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4de7f948-9081-4a56-a0e2-ce011b7ac99b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d9331032-56ef-4139-bc13-edca3a1dcf38.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-03 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-03 417560]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={24101638-5B3E-4940-9022-C3D005F5B9B3}&mid=854d3c74c58747d0ab82591a686b9eca-6f3ab3ee5fed93d8af03e057b842845e785859cb&lang=en&ds=st011&pr=sa&d=2012-07-21 15:38&v=12.1.0.20&sap=hp
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\users\Peter Jr\Downloads\uTorrent.exe
SafeBoot-29509664.sys
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-07 11:17:41
ComboFix-quarantined-files.txt 2012-08-07 17:17
.
Pre-Run: 781,774,848 bytes free
Post-Run: 2,281,619,456 bytes free
.
- - End Of File - - 44D04A449C8E6BC7625A77ECDE2558C0

SECURITY LOG (After Combo Fix)

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Norton AntiVirus Engine 19.7.1.5 ccSvcHst.exe
Symantec Norton Online Backup NOBuClient.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````


MALWARE BYTES LOG


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Programmer :: PETERJR-PC [limited]

Protection: Enabled

8/7/2012 4:18:48 PM
Important

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196009
Time elapsed: 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


There weren't really problems before it was just that Malware Bytes was blocking alot of things especially when i opened utorrent and there was nothing going on over there. There was also two PUP.cross fire viruses that were TWO registry keys that MBAM always caught but wouldn't be able to delete. They were able to also make themselves on the ignore list of Malware Bytes. After ComboFix there's still one registry key so i am still worried about the safety of my computer.

Thanks Man

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 07 August 2012 - 07:32 PM

Greetings

There weren't really problems before it was just that Malware Bytes was blocking alot of things especially when i opened utorrent and there was nothing going on over there

,This is normal and can't change it, as longs as Utorrent is started you will get these blocks


I want you to run these next
tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pavmsk

pavmsk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 07 August 2012 - 09:53 PM

TDSS LOG

20:46:36.0544 9184 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:46:37.0226 9184 ============================================================
20:46:37.0226 9184 Current date / time: 2012/08/07 20:46:37.0226
20:46:37.0226 9184 SystemInfo:
20:46:37.0226 9184
20:46:37.0226 9184 OS Version: 6.1.7601 ServicePack: 1.0
20:46:37.0226 9184 Product type: Workstation
20:46:37.0227 9184 ComputerName: PETERJR-PC
20:46:37.0227 9184 UserName: Peter Jr
20:46:37.0227 9184 Windows directory: C:\windows
20:46:37.0227 9184 System windows directory: C:\windows
20:46:37.0227 9184 Running under WOW64
20:46:37.0228 9184 Processor architecture: Intel x64
20:46:37.0228 9184 Number of processors: 4
20:46:37.0228 9184 Page size: 0x1000
20:46:37.0228 9184 Boot type: Normal boot
20:46:37.0228 9184 ============================================================
20:46:38.0052 9184 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:38.0066 9184 ============================================================
20:46:38.0067 9184 \Device\Harddisk0\DR0:
20:46:38.0067 9184 MBR partitions:
20:46:38.0067 9184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:46:38.0067 9184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16600000
20:46:38.0089 9184 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x16633000, BlocksNum 0x2161D800
20:46:38.0089 9184 ============================================================
20:46:38.0158 9184 C: <-> \Device\Harddisk0\DR0\Partition1
20:46:38.0268 9184 D: <-> \Device\Harddisk0\DR0\Partition2
20:46:38.0268 9184 ============================================================
20:46:38.0268 9184 Initialize success
20:46:38.0268 9184 ============================================================
20:46:42.0450 6148 ============================================================
20:46:42.0450 6148 Scan started
20:46:42.0450 6148 Mode: Manual; SigCheck; TDLFS;
20:46:42.0450 6148 ============================================================
20:46:43.0020 6148 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:46:43.0160 6148 !SASCORE - ok
20:46:43.0463 6148 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:46:43.0512 6148 1394ohci - ok
20:46:43.0591 6148 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:46:43.0633 6148 ACPI - ok
20:46:43.0674 6148 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:46:43.0716 6148 AcpiPmi - ok
20:46:43.0807 6148 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:46:43.0835 6148 AdobeARMservice - ok
20:46:44.0056 6148 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:46:44.0091 6148 AdobeFlashPlayerUpdateSvc - ok
20:46:44.0193 6148 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
20:46:44.0243 6148 adp94xx - ok
20:46:44.0332 6148 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
20:46:44.0373 6148 adpahci - ok
20:46:44.0422 6148 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
20:46:44.0458 6148 adpu320 - ok
20:46:44.0563 6148 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
20:46:44.0665 6148 AeLookupSvc - ok
20:46:44.0748 6148 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
20:46:44.0796 6148 AFD - ok
20:46:44.0844 6148 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:46:44.0874 6148 agp440 - ok
20:46:44.0964 6148 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
20:46:45.0007 6148 ALG - ok
20:46:45.0044 6148 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:46:45.0075 6148 aliide - ok
20:46:45.0102 6148 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:46:45.0132 6148 amdide - ok
20:46:45.0159 6148 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
20:46:45.0199 6148 AmdK8 - ok
20:46:45.0218 6148 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
20:46:45.0259 6148 AmdPPM - ok
20:46:45.0315 6148 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:46:45.0348 6148 amdsata - ok
20:46:45.0405 6148 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
20:46:45.0445 6148 amdsbs - ok
20:46:45.0489 6148 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:46:45.0520 6148 amdxata - ok
20:46:45.0609 6148 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:46:45.0704 6148 AppID - ok
20:46:45.0733 6148 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
20:46:45.0829 6148 AppIDSvc - ok
20:46:45.0868 6148 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
20:46:45.0965 6148 Appinfo - ok
20:46:46.0133 6148 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:46.0161 6148 Apple Mobile Device - ok
20:46:46.0292 6148 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
20:46:46.0323 6148 arc - ok
20:46:46.0352 6148 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
20:46:46.0383 6148 arcsas - ok
20:46:46.0543 6148 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:46:46.0571 6148 aspnet_state - ok
20:46:46.0602 6148 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:46:46.0696 6148 AsyncMac - ok
20:46:46.0720 6148 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:46:46.0750 6148 atapi - ok
20:46:46.0838 6148 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:46:46.0956 6148 AudioEndpointBuilder - ok
20:46:46.0972 6148 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:46:47.0083 6148 AudioSrv - ok
20:46:47.0127 6148 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
20:46:47.0178 6148 AxInstSV - ok
20:46:47.0264 6148 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
20:46:47.0365 6148 b06bdrv - ok
20:46:47.0425 6148 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:46:47.0466 6148 b57nd60a - ok
20:46:47.0517 6148 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
20:46:47.0556 6148 BDESVC - ok
20:46:47.0592 6148 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:46:47.0691 6148 Beep - ok
20:46:47.0785 6148 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
20:46:47.0899 6148 BFE - ok
20:46:48.0154 6148 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120803.001\BHDrvx64.sys
20:46:48.0254 6148 BHDrvx64 - ok
20:46:48.0484 6148 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
20:46:48.0607 6148 BITS - ok
20:46:48.0736 6148 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:46:48.0772 6148 blbdrive - ok
20:46:49.0021 6148 Bluetooth Device Monitor (0f46d2845bd7ddaca52340ecc2b65da3) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
20:46:49.0089 6148 Bluetooth Device Monitor - ok
20:46:49.0202 6148 Bluetooth Media Service (3341de556ec28252d603277609eef8bf) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
20:46:49.0291 6148 Bluetooth Media Service - ok
20:46:49.0408 6148 Bluetooth OBEX Service (5d5c3ec9be1107dedf0feb55b7f3bd77) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
20:46:49.0476 6148 Bluetooth OBEX Service - ok
20:46:49.0576 6148 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:46:49.0620 6148 Bonjour Service - ok
20:46:49.0816 6148 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:46:49.0850 6148 bowser - ok
20:46:49.0977 6148 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
20:46:50.0018 6148 BrFiltLo - ok
20:46:50.0042 6148 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
20:46:50.0083 6148 BrFiltUp - ok
20:46:50.0161 6148 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
20:46:50.0264 6148 BridgeMP - ok
20:46:50.0332 6148 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
20:46:50.0426 6148 Browser - ok
20:46:50.0469 6148 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:46:50.0510 6148 Brserid - ok
20:46:50.0535 6148 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:46:50.0578 6148 BrSerWdm - ok
20:46:50.0619 6148 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:46:50.0658 6148 BrUsbMdm - ok
20:46:50.0669 6148 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:46:50.0706 6148 BrUsbSer - ok
20:46:50.0775 6148 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
20:46:50.0809 6148 BthEnum - ok
20:46:50.0853 6148 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
20:46:50.0894 6148 BTHMODEM - ok
20:46:50.0946 6148 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:46:50.0989 6148 BthPan - ok
20:46:51.0089 6148 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
20:46:51.0136 6148 BTHPORT - ok
20:46:51.0183 6148 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
20:46:51.0285 6148 bthserv - ok
20:46:51.0332 6148 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
20:46:51.0365 6148 BTHUSB - ok
20:46:51.0458 6148 btmaux (ab0a33001fe7ebb209d9d52ced11be1a) C:\windows\system32\DRIVERS\btmaux.sys
20:46:51.0490 6148 btmaux - ok
20:46:51.0553 6148 btmhsf (5ba4c6f82a5ca3307c0579d9f7b36e28) C:\windows\system32\DRIVERS\btmhsf.sys
20:46:51.0586 6148 btmhsf - ok
20:46:51.0617 6148 catchme - ok
20:46:51.0782 6148 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys
20:46:51.0818 6148 ccSet_NAV - ok
20:46:51.0870 6148 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:46:51.0968 6148 cdfs - ok
20:46:52.0023 6148 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
20:46:52.0061 6148 cdrom - ok
20:46:52.0139 6148 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:46:52.0232 6148 CertPropSvc - ok
20:46:52.0277 6148 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
20:46:52.0320 6148 circlass - ok
20:46:52.0386 6148 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:46:52.0432 6148 CLFS - ok
20:46:52.0501 6148 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:52.0531 6148 clr_optimization_v2.0.50727_32 - ok
20:46:52.0624 6148 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:46:52.0654 6148 clr_optimization_v2.0.50727_64 - ok
20:46:52.0767 6148 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:46:52.0801 6148 clr_optimization_v4.0.30319_32 - ok
20:46:52.0868 6148 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:46:52.0899 6148 clr_optimization_v4.0.30319_64 - ok
20:46:52.0944 6148 clwvd (e13a438f9e51dd034730678e33b73290) C:\windows\system32\DRIVERS\clwvd.sys
20:46:52.0977 6148 clwvd - ok
20:46:53.0001 6148 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:46:53.0037 6148 CmBatt - ok
20:46:53.0065 6148 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:46:53.0096 6148 cmdide - ok
20:46:53.0179 6148 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
20:46:53.0251 6148 CNG - ok
20:46:53.0361 6148 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:46:53.0393 6148 Compbatt - ok
20:46:53.0429 6148 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
20:46:53.0472 6148 CompositeBus - ok
20:46:53.0489 6148 COMSysApp - ok
20:46:53.0516 6148 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
20:46:53.0548 6148 crcdisk - ok
20:46:53.0617 6148 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
20:46:53.0658 6148 CryptSvc - ok
20:46:53.0824 6148 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:46:53.0890 6148 cvhsvc - ok
20:46:53.0987 6148 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:46:54.0097 6148 DcomLaunch - ok
20:46:54.0148 6148 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
20:46:54.0264 6148 defragsvc - ok
20:46:54.0329 6148 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:46:54.0435 6148 DfsC - ok
20:46:54.0518 6148 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
20:46:54.0628 6148 Dhcp - ok
20:46:54.0650 6148 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:46:54.0747 6148 discache - ok
20:46:54.0799 6148 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
20:46:54.0831 6148 Disk - ok
20:46:54.0923 6148 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
20:46:54.0963 6148 Dnscache - ok
20:46:55.0010 6148 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
20:46:55.0111 6148 dot3svc - ok
20:46:55.0146 6148 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
20:46:55.0243 6148 DPS - ok
20:46:55.0288 6148 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:46:55.0329 6148 drmkaud - ok
20:46:55.0445 6148 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:46:55.0518 6148 DXGKrnl - ok
20:46:55.0565 6148 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
20:46:55.0666 6148 EapHost - ok
20:46:55.0922 6148 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
20:46:56.0043 6148 ebdrv - ok
20:46:56.0179 6148 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:46:56.0227 6148 eeCtrl - ok
20:46:56.0359 6148 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
20:46:56.0401 6148 EFS - ok
20:46:56.0562 6148 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
20:46:56.0621 6148 ehRecvr - ok
20:46:56.0652 6148 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
20:46:56.0691 6148 ehSched - ok
20:46:56.0793 6148 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
20:46:56.0843 6148 elxstor - ok
20:46:57.0010 6148 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:46:57.0042 6148 EraserUtilRebootDrv - ok
20:46:57.0058 6148 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:46:57.0094 6148 ErrDev - ok
20:46:57.0186 6148 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
20:46:57.0295 6148 EventSystem - ok
20:46:57.0548 6148 EvtEng (57e61dc4f7980d57c0b162fc5b9f0b38) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:46:57.0644 6148 EvtEng - ok
20:46:57.0846 6148 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:46:57.0947 6148 exfat - ok
20:46:57.0989 6148 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:46:58.0090 6148 fastfat - ok
20:46:58.0176 6148 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
20:46:58.0233 6148 Fax - ok
20:46:58.0262 6148 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
20:46:58.0297 6148 fdc - ok
20:46:58.0350 6148 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
20:46:58.0447 6148 fdPHost - ok
20:46:58.0470 6148 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
20:46:58.0605 6148 FDResPub - ok
20:46:58.0641 6148 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:46:58.0675 6148 FileInfo - ok
20:46:58.0706 6148 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:46:58.0801 6148 Filetrace - ok
20:46:58.0818 6148 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
20:46:58.0853 6148 flpydisk - ok
20:46:58.0890 6148 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:46:58.0932 6148 FltMgr - ok
20:46:59.0046 6148 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
20:46:59.0114 6148 FontCache - ok
20:46:59.0208 6148 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:46:59.0234 6148 FontCache3.0.0.0 - ok
20:46:59.0341 6148 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:46:59.0372 6148 FsDepends - ok
20:46:59.0400 6148 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
20:46:59.0431 6148 Fs_Rec - ok
20:46:59.0478 6148 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:46:59.0527 6148 fvevol - ok
20:46:59.0557 6148 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
20:46:59.0588 6148 gagp30kx - ok
20:46:59.0704 6148 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
20:46:59.0737 6148 GameConsoleService - ok
20:46:59.0785 6148 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:46:59.0809 6148 GEARAspiWDM - ok
20:46:59.0897 6148 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
20:47:00.0011 6148 gpsvc - ok
20:47:00.0100 6148 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:47:00.0134 6148 gupdate - ok
20:47:00.0199 6148 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:47:00.0228 6148 gupdatem - ok
20:47:00.0265 6148 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:47:00.0302 6148 hcw85cir - ok
20:47:00.0373 6148 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:47:00.0425 6148 HdAudAddService - ok
20:47:00.0470 6148 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:47:00.0513 6148 HDAudBus - ok
20:47:00.0547 6148 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
20:47:00.0582 6148 HidBatt - ok
20:47:00.0607 6148 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
20:47:00.0652 6148 HidBth - ok
20:47:00.0747 6148 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
20:47:00.0788 6148 HidIr - ok
20:47:00.0828 6148 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
20:47:00.0923 6148 hidserv - ok
20:47:00.0971 6148 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
20:47:01.0005 6148 HidUsb - ok
20:47:01.0040 6148 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
20:47:01.0136 6148 hkmsvc - ok
20:47:01.0169 6148 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
20:47:01.0233 6148 HomeGroupListener - ok
20:47:01.0287 6148 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
20:47:01.0331 6148 HomeGroupProvider - ok
20:47:01.0377 6148 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:47:01.0410 6148 HpSAMD - ok
20:47:01.0489 6148 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:47:01.0603 6148 HTTP - ok
20:47:01.0630 6148 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:47:01.0664 6148 hwpolicy - ok
20:47:01.0702 6148 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:47:01.0739 6148 i8042prt - ok
20:47:01.0804 6148 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys
20:47:01.0852 6148 iaStor - ok
20:47:01.0938 6148 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:47:01.0983 6148 iaStorV - ok
20:47:02.0051 6148 iBtFltCoex (806422f30df9ce8307457485779c77b7) C:\windows\system32\DRIVERS\iBtFltCoex.sys
20:47:02.0081 6148 iBtFltCoex - ok
20:47:02.0477 6148 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:47:02.0559 6148 idsvc - ok
20:47:02.0828 6148 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120807.001\IDSvia64.sys
20:47:02.0880 6148 IDSVia64 - ok
20:47:04.0155 6148 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\windows\system32\DRIVERS\igdkmd64.sys
20:47:04.0638 6148 igfx - ok
20:47:04.0784 6148 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
20:47:04.0813 6148 iirsp - ok
20:47:04.0918 6148 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
20:47:05.0043 6148 IKEEXT - ok
20:47:05.0113 6148 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
20:47:05.0141 6148 intaud_WaveExtensible - ok
20:47:05.0397 6148 IntcAzAudAddService (8e05adb4b809b478b2ec65a1a1633deb) C:\windows\system32\drivers\RTKVHD64.sys
20:47:05.0538 6148 IntcAzAudAddService - ok
20:47:05.0725 6148 IntcDAud (ae594cc17c33ac146739494615e14851) C:\windows\system32\DRIVERS\IntcDAud.sys
20:47:05.0745 6148 IntcDAud ( UnsignedFile.Multi.Generic ) - warning
20:47:05.0745 6148 IntcDAud - detected UnsignedFile.Multi.Generic (1)
20:47:05.0774 6148 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:47:05.0807 6148 intelide - ok
20:47:05.0834 6148 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:47:05.0868 6148 intelppm - ok
20:47:05.0936 6148 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
20:47:06.0036 6148 IPBusEnum - ok
20:47:06.0077 6148 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:47:06.0176 6148 IpFilterDriver - ok
20:47:06.0275 6148 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
20:47:06.0389 6148 iphlpsvc - ok
20:47:06.0422 6148 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:47:06.0458 6148 IPMIDRV - ok
20:47:06.0492 6148 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:47:06.0592 6148 IPNAT - ok
20:47:06.0729 6148 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
20:47:06.0796 6148 iPod Service - ok
20:47:06.0820 6148 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:47:06.0869 6148 IRENUM - ok
20:47:06.0905 6148 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:47:06.0934 6148 isapnp - ok
20:47:06.0987 6148 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:47:07.0025 6148 iScsiPrt - ok
20:47:07.0102 6148 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
20:47:07.0129 6148 iwdbus - ok
20:47:07.0153 6148 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:47:07.0188 6148 kbdclass - ok
20:47:07.0240 6148 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
20:47:07.0277 6148 kbdhid - ok
20:47:07.0309 6148 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:47:07.0345 6148 KeyIso - ok
20:47:07.0382 6148 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
20:47:07.0420 6148 KSecDD - ok
20:47:07.0483 6148 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
20:47:07.0518 6148 KSecPkg - ok
20:47:07.0561 6148 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:47:07.0656 6148 ksthunk - ok
20:47:07.0724 6148 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
20:47:07.0833 6148 KtmRm - ok
20:47:07.0896 6148 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
20:47:07.0998 6148 LanmanServer - ok
20:47:08.0036 6148 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
20:47:08.0135 6148 LanmanWorkstation - ok
20:47:08.0176 6148 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:47:08.0276 6148 lltdio - ok
20:47:08.0326 6148 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
20:47:08.0437 6148 lltdsvc - ok
20:47:08.0463 6148 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
20:47:08.0563 6148 lmhosts - ok
20:47:08.0732 6148 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:47:08.0777 6148 LMS - ok
20:47:08.0827 6148 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
20:47:08.0861 6148 LSI_FC - ok
20:47:08.0900 6148 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
20:47:08.0933 6148 LSI_SAS - ok
20:47:08.0968 6148 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
20:47:09.0000 6148 LSI_SAS2 - ok
20:47:09.0054 6148 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
20:47:09.0087 6148 LSI_SCSI - ok
20:47:09.0110 6148 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:47:09.0215 6148 luafv - ok
20:47:09.0273 6148 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\windows\system32\drivers\mbam.sys
20:47:09.0304 6148 MBAMProtector - ok
20:47:09.0682 6148 MBAMService (43683e970f008c93c9429ef428147a54) C:\Users\Programmer\Desktop\New folder (3)\Malwarebytes' Anti-Malware\mbamservice.exe
20:47:09.0738 6148 MBAMService - ok
20:47:09.0772 6148 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
20:47:09.0810 6148 Mcx2Svc - ok
20:47:09.0846 6148 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
20:47:09.0878 6148 megasas - ok
20:47:09.0942 6148 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
20:47:09.0983 6148 MegaSR - ok
20:47:10.0024 6148 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
20:47:10.0053 6148 MEIx64 - ok
20:47:10.0087 6148 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:47:10.0191 6148 MMCSS - ok
20:47:10.0211 6148 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:47:10.0312 6148 Modem - ok
20:47:10.0351 6148 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:47:10.0396 6148 monitor - ok
20:47:10.0467 6148 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:47:10.0497 6148 mouclass - ok
20:47:10.0545 6148 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:47:10.0582 6148 mouhid - ok
20:47:10.0649 6148 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:47:10.0692 6148 mountmgr - ok
20:47:10.0853 6148 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:47:10.0883 6148 MozillaMaintenance - ok
20:47:10.0936 6148 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:47:10.0971 6148 mpio - ok
20:47:11.0010 6148 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:47:11.0114 6148 mpsdrv - ok
20:47:11.0208 6148 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
20:47:11.0331 6148 MpsSvc - ok
20:47:11.0367 6148 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:47:11.0420 6148 MRxDAV - ok
20:47:11.0467 6148 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:47:11.0506 6148 mrxsmb - ok
20:47:11.0548 6148 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:47:11.0592 6148 mrxsmb10 - ok
20:47:11.0618 6148 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:47:11.0656 6148 mrxsmb20 - ok
20:47:11.0692 6148 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:47:11.0729 6148 msahci - ok
20:47:11.0763 6148 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:47:11.0800 6148 msdsm - ok
20:47:11.0841 6148 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
20:47:11.0886 6148 MSDTC - ok
20:47:11.0934 6148 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:47:12.0032 6148 Msfs - ok
20:47:12.0042 6148 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:47:12.0155 6148 mshidkmdf - ok
20:47:12.0171 6148 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:47:12.0203 6148 msisadrv - ok
20:47:12.0255 6148 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
20:47:12.0368 6148 MSiSCSI - ok
20:47:12.0374 6148 msiserver - ok
20:47:12.0407 6148 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:47:12.0507 6148 MSKSSRV - ok
20:47:12.0530 6148 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:47:12.0766 6148 MSPCLOCK - ok
20:47:12.0793 6148 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:47:12.0915 6148 MSPQM - ok
20:47:12.0987 6148 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:47:13.0030 6148 MsRPC - ok
20:47:13.0067 6148 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:47:13.0096 6148 mssmbios - ok
20:47:13.0119 6148 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:47:13.0214 6148 MSTEE - ok
20:47:13.0240 6148 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
20:47:13.0273 6148 MTConfig - ok
20:47:13.0291 6148 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:47:13.0324 6148 Mup - ok
20:47:13.0577 6148 MyWiFiDHCPDNS (50b99d53bc013458381c6476d790c9f3) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:47:13.0616 6148 MyWiFiDHCPDNS - ok
20:47:13.0694 6148 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
20:47:13.0845 6148 napagent - ok
20:47:13.0926 6148 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:47:14.0015 6148 NativeWifiP - ok
20:47:14.0378 6148 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
20:47:14.0412 6148 NAV - ok
20:47:14.0653 6148 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120807.002\ENG64.SYS
20:47:14.0684 6148 NAVENG - ok
20:47:14.0896 6148 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120807.002\EX64.SYS
20:47:15.0018 6148 NAVEX15 - ok
20:47:15.0189 6148 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
20:47:15.0267 6148 NDIS - ok
20:47:15.0318 6148 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:47:15.0414 6148 NdisCap - ok
20:47:15.0444 6148 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:47:15.0540 6148 NdisTapi - ok
20:47:15.0558 6148 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:47:15.0650 6148 Ndisuio - ok
20:47:15.0676 6148 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:47:15.0779 6148 NdisWan - ok
20:47:15.0829 6148 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:47:15.0930 6148 NDProxy - ok
20:47:15.0963 6148 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:47:16.0062 6148 NetBIOS - ok
20:47:16.0117 6148 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:47:16.0219 6148 NetBT - ok
20:47:16.0250 6148 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:47:16.0284 6148 Netlogon - ok
20:47:16.0417 6148 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
20:47:16.0524 6148 Netman - ok
20:47:16.0716 6148 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:16.0747 6148 NetMsmqActivator - ok
20:47:16.0755 6148 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:16.0784 6148 NetPipeActivator - ok
20:47:16.0861 6148 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
20:47:16.0975 6148 netprofm - ok
20:47:16.0986 6148 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:17.0017 6148 NetTcpActivator - ok
20:47:17.0025 6148 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:17.0057 6148 NetTcpPortSharing - ok
20:47:17.0645 6148 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\windows\system32\DRIVERS\NETwNs64.sys
20:47:18.0016 6148 NETwNs64 - ok
20:47:18.0163 6148 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
20:47:18.0193 6148 nfrd960 - ok
20:47:18.0304 6148 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
20:47:18.0407 6148 NlaSvc - ok
20:47:18.0855 6148 NOBU (320b4e93d733fac1afe53f53a1a12354) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
20:47:19.0190 6148 NOBU - ok
20:47:19.0323 6148 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:47:19.0419 6148 Npfs - ok
20:47:19.0450 6148 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
20:47:19.0549 6148 nsi - ok
20:47:19.0560 6148 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:47:19.0656 6148 nsiproxy - ok
20:47:19.0807 6148 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:47:19.0910 6148 Ntfs - ok
20:47:20.0103 6148 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:47:20.0200 6148 Null - ok
20:47:21.0108 6148 nvlddmkm (70e89a21827b2669af906b703c7c48b5) C:\windows\system32\DRIVERS\nvlddmkm.sys
20:47:21.0659 6148 nvlddmkm - ok
20:47:21.0896 6148 nvpciflt (4b9c0c2bf78289513101eb0d44834701) C:\windows\system32\DRIVERS\nvpciflt.sys
20:47:21.0922 6148 nvpciflt - ok
20:47:21.0968 6148 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:47:22.0001 6148 nvraid - ok
20:47:22.0044 6148 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:47:22.0081 6148 nvstor - ok
20:47:22.0181 6148 NVSvc (e04fce1d149cf05c3449e3171f9c3e41) C:\windows\system32\nvvsvc.exe
20:47:22.0249 6148 NVSvc - ok
20:47:22.0602 6148 nvUpdatusService (d96ddea6c699a99832e0186057801971) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:47:22.0714 6148 nvUpdatusService - ok
20:47:22.0944 6148 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:47:22.0977 6148 nv_agp - ok
20:47:23.0005 6148 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:47:23.0046 6148 ohci1394 - ok
20:47:23.0193 6148 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:23.0224 6148 ose - ok
20:47:23.0883 6148 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:47:24.0160 6148 osppsvc - ok
20:47:24.0381 6148 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:47:24.0453 6148 p2pimsvc - ok
20:47:24.0531 6148 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
20:47:24.0577 6148 p2psvc - ok
20:47:24.0677 6148 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
20:47:24.0713 6148 Parport - ok
20:47:24.0777 6148 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
20:47:24.0808 6148 partmgr - ok
20:47:24.0912 6148 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
20:47:24.0966 6148 PcaSvc - ok
20:47:25.0010 6148 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:47:25.0044 6148 pci - ok
20:47:25.0065 6148 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:47:25.0093 6148 pciide - ok
20:47:25.0155 6148 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
20:47:25.0194 6148 pcmcia - ok
20:47:25.0212 6148 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:47:25.0247 6148 pcw - ok
20:47:25.0311 6148 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:47:25.0430 6148 PEAUTH - ok
20:47:25.0530 6148 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
20:47:25.0569 6148 PerfHost - ok
20:47:25.0710 6148 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
20:47:25.0851 6148 pla - ok
20:47:25.0915 6148 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
20:47:25.0960 6148 PlugPlay - ok
20:47:25.0983 6148 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
20:47:26.0018 6148 PNRPAutoReg - ok
20:47:26.0064 6148 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:47:26.0107 6148 PNRPsvc - ok
20:47:26.0179 6148 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
20:47:26.0289 6148 PolicyAgent - ok
20:47:26.0352 6148 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
20:47:26.0451 6148 Power - ok
20:47:26.0522 6148 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:47:26.0622 6148 PptpMiniport - ok
20:47:26.0649 6148 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
20:47:26.0684 6148 Processor - ok
20:47:26.0729 6148 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
20:47:26.0769 6148 ProfSvc - ok
20:47:26.0822 6148 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:47:26.0861 6148 ProtectedStorage - ok
20:47:26.0912 6148 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:47:27.0011 6148 Psched - ok
20:47:27.0151 6148 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
20:47:27.0240 6148 ql2300 - ok
20:47:27.0425 6148 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
20:47:27.0458 6148 ql40xx - ok
20:47:27.0501 6148 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
20:47:27.0557 6148 QWAVE - ok
20:47:27.0589 6148 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:47:27.0635 6148 QWAVEdrv - ok
20:47:27.0659 6148 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:47:27.0754 6148 RasAcd - ok
20:47:27.0792 6148 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:47:27.0901 6148 RasAgileVpn - ok
20:47:27.0943 6148 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
20:47:28.0043 6148 RasAuto - ok
20:47:28.0094 6148 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:47:28.0193 6148 Rasl2tp - ok
20:47:28.0303 6148 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
20:47:28.0408 6148 RasMan - ok
20:47:28.0440 6148 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:47:28.0543 6148 RasPppoe - ok
20:47:28.0581 6148 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:47:28.0681 6148 RasSstp - ok
20:47:28.0719 6148 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:47:28.0826 6148 rdbss - ok
20:47:28.0857 6148 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
20:47:28.0900 6148 rdpbus - ok
20:47:28.0934 6148 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:47:29.0031 6148 RDPCDD - ok
20:47:29.0066 6148 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:47:29.0165 6148 RDPENCDD - ok
20:47:29.0195 6148 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:47:29.0291 6148 RDPREFMP - ok
20:47:29.0337 6148 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
20:47:29.0374 6148 RDPWD - ok
20:47:29.0436 6148 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:47:29.0474 6148 rdyboost - ok
20:47:29.0679 6148 RegSrvc (18505d90fee940ee9eae4c5b421f22b4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:47:29.0737 6148 RegSrvc - ok
20:47:29.0774 6148 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
20:47:29.0872 6148 RemoteAccess - ok
20:47:29.0911 6148 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
20:47:30.0012 6148 RemoteRegistry - ok
20:47:30.0070 6148 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:47:30.0114 6148 RFCOMM - ok
20:47:30.0152 6148 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
20:47:30.0249 6148 RpcEptMapper - ok
20:47:30.0273 6148 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
20:47:30.0311 6148 RpcLocator - ok
20:47:30.0357 6148 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:47:30.0464 6148 RpcSs - ok
20:47:30.0494 6148 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:47:30.0592 6148 rspndr - ok
20:47:30.0682 6148 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\windows\system32\DRIVERS\Rt64win7.sys
20:47:30.0725 6148 RTL8167 - ok
20:47:30.0823 6148 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
20:47:30.0852 6148 rtport - ok
20:47:30.0885 6148 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
20:47:30.0914 6148 SABI - ok
20:47:30.0949 6148 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:47:30.0983 6148 SamSs - ok
20:47:31.0067 6148 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:47:31.0093 6148 SASDIFSV - ok
20:47:31.0151 6148 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:47:31.0176 6148 SASKUTIL - ok
20:47:31.0204 6148 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:47:31.0236 6148 sbp2port - ok
20:47:31.0284 6148 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
20:47:31.0388 6148 SCardSvr - ok
20:47:31.0408 6148 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:47:31.0501 6148 scfilter - ok
20:47:31.0624 6148 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
20:47:31.0756 6148 Schedule - ok
20:47:31.0797 6148 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:47:31.0894 6148 SCPolicySvc - ok
20:47:31.0942 6148 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
20:47:31.0981 6148 SDRSVC - ok
20:47:32.0120 6148 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:47:32.0215 6148 secdrv - ok
20:47:32.0242 6148 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
20:47:32.0338 6148 seclogon - ok
20:47:32.0363 6148 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
20:47:32.0464 6148 SENS - ok
20:47:32.0490 6148 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
20:47:32.0523 6148 SensrSvc - ok
20:47:32.0556 6148 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
20:47:32.0590 6148 Serenum - ok
20:47:32.0627 6148 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
20:47:32.0663 6148 Serial - ok
20:47:32.0731 6148 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
20:47:32.0766 6148 sermouse - ok
20:47:32.0820 6148 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
20:47:32.0917 6148 SessionEnv - ok
20:47:32.0938 6148 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:47:32.0978 6148 sffdisk - ok
20:47:32.0998 6148 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:47:33.0044 6148 sffp_mmc - ok
20:47:33.0070 6148 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:47:33.0110 6148 sffp_sd - ok
20:47:33.0132 6148 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
20:47:33.0168 6148 sfloppy - ok
20:47:33.0274 6148 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
20:47:33.0327 6148 Sftfs - ok
20:47:33.0462 6148 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:47:33.0508 6148 sftlist - ok
20:47:33.0555 6148 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:47:33.0591 6148 Sftplay - ok
20:47:33.0641 6148 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:47:33.0666 6148 Sftredir - ok
20:47:33.0674 6148 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
20:47:33.0698 6148 Sftvol - ok
20:47:33.0743 6148 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:47:33.0776 6148 sftvsa - ok
20:47:33.0853 6148 SGDrv (2fe1cd3aa602414841db10ad96c95a5e) C:\windows\system32\DRIVERS\SGdrv64.sys
20:47:33.0880 6148 SGDrv - ok
20:47:33.0939 6148 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
20:47:34.0050 6148 SharedAccess - ok
20:47:34.0114 6148 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
20:47:34.0222 6148 ShellHWDetection - ok
20:47:34.0264 6148 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
20:47:34.0293 6148 SiSRaid2 - ok
20:47:34.0320 6148 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
20:47:34.0352 6148 SiSRaid4 - ok
20:47:34.0448 6148 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:47:34.0546 6148 Smb - ok
20:47:34.0602 6148 SMR300 (10bc9f077fc149e4e0a40bae1d42a259) C:\windows\system32\drivers\SMR300.SYS
20:47:34.0631 6148 SMR300 - ok
20:47:34.0693 6148 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
20:47:34.0729 6148 SNMPTRAP - ok
20:47:34.0763 6148 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:47:34.0794 6148 spldr - ok
20:47:34.0856 6148 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
20:47:34.0969 6148 Spooler - ok
20:47:35.0259 6148 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
20:47:35.0454 6148 sppsvc - ok
20:47:35.0571 6148 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
20:47:35.0683 6148 sppuinotify - ok
20:47:35.0845 6148 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\System32\Drivers\NAVx64\1307010.005\SRTSP64.SYS
20:47:35.0903 6148 SRTSP - ok
20:47:35.0925 6148 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\NAVx64\1307010.005\SRTSPX64.SYS
20:47:35.0959 6148 SRTSPX - ok
20:47:36.0023 6148 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:47:36.0069 6148 srv - ok
20:47:36.0117 6148 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:47:36.0165 6148 srv2 - ok
20:47:36.0207 6148 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:47:36.0245 6148 srvnet - ok
20:47:36.0296 6148 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
20:47:36.0401 6148 SSDPSRV - ok
20:47:36.0414 6148 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
20:47:36.0513 6148 SstpSvc - ok
20:47:36.0604 6148 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
20:47:36.0633 6148 stexstor - ok
20:47:36.0732 6148 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
20:47:36.0795 6148 stisvc - ok
20:47:36.0809 6148 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:47:36.0842 6148 swenum - ok
20:47:36.0921 6148 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
20:47:37.0036 6148 swprv - ok
20:47:37.0151 6148 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS
20:47:37.0196 6148 SymDS - ok
20:47:37.0286 6148 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS
20:47:37.0363 6148 SymEFA - ok
20:47:37.0401 6148 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
20:47:37.0434 6148 SymEvent - ok
20:47:37.0475 6148 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS
20:47:37.0510 6148 SymIRON - ok
20:47:37.0559 6148 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS
20:47:37.0602 6148 SymNetS - ok
20:47:37.0752 6148 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
20:47:37.0846 6148 SysMain - ok
20:47:37.0978 6148 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
20:47:38.0027 6148 TabletInputService - ok
20:47:38.0068 6148 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
20:47:38.0169 6148 TapiSrv - ok
20:47:38.0229 6148 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
20:47:38.0326 6148 TBS - ok
20:47:38.0611 6148 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
20:47:38.0728 6148 Tcpip - ok
20:47:39.0089 6148 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
20:47:39.0194 6148 TCPIP6 - ok
20:47:39.0323 6148 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:47:39.0417 6148 tcpipreg - ok
20:47:39.0440 6148 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:47:39.0472 6148 TDPIPE - ok
20:47:39.0504 6148 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
20:47:39.0537 6148 TDTCP - ok
20:47:39.0561 6148 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:47:39.0655 6148 tdx - ok
20:47:39.0692 6148 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
20:47:39.0722 6148 TermDD - ok
20:47:39.0796 6148 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
20:47:39.0905 6148 TermService - ok
20:47:39.0933 6148 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
20:47:39.0982 6148 Themes - ok
20:47:40.0017 6148 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:47:40.0116 6148 THREADORDER - ok
20:47:40.0162 6148 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
20:47:40.0261 6148 TrkWks - ok
20:47:40.0327 6148 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
20:47:40.0425 6148 TrustedInstaller - ok
20:47:40.0444 6148 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:47:40.0543 6148 tssecsrv - ok
20:47:40.0582 6148 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:47:40.0618 6148 TsUsbFlt - ok
20:47:40.0655 6148 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
20:47:40.0686 6148 TsUsbGD - ok
20:47:40.0739 6148 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:47:40.0836 6148 tunnel - ok
20:47:40.0872 6148 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
20:47:40.0903 6148 uagp35 - ok
20:47:40.0947 6148 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:47:41.0048 6148 udfs - ok
20:47:41.0092 6148 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
20:47:41.0130 6148 UI0Detect - ok
20:47:41.0182 6148 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:47:41.0213 6148 uliagpkx - ok
20:47:41.0231 6148 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
20:47:41.0264 6148 umbus - ok
20:47:41.0291 6148 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
20:47:41.0324 6148 UmPass - ok
20:47:41.0591 6148 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:47:41.0732 6148 UNS - ok
20:47:41.0869 6148 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
20:47:41.0989 6148 upnphost - ok
20:47:42.0073 6148 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
20:47:42.0086 6148 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
20:47:42.0086 6148 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
20:47:42.0125 6148 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
20:47:42.0160 6148 usbccgp - ok
20:47:42.0205 6148 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:47:42.0247 6148 usbcir - ok
20:47:42.0283 6148 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
20:47:42.0315 6148 usbehci - ok
20:47:42.0356 6148 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:47:42.0396 6148 usbhub - ok
20:47:42.0430 6148 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
20:47:42.0462 6148 usbohci - ok
20:47:42.0500 6148 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
20:47:42.0539 6148 usbprint - ok
20:47:42.0567 6148 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:47:42.0600 6148 USBSTOR - ok
20:47:42.0619 6148 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
20:47:42.0650 6148 usbuhci - ok
20:47:42.0706 6148 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
20:47:42.0752 6148 usbvideo - ok
20:47:42.0779 6148 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
20:47:42.0876 6148 UxSms - ok
20:47:42.0908 6148 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:47:42.0941 6148 VaultSvc - ok
20:47:42.0977 6148 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:47:43.0006 6148 vdrvroot - ok
20:47:43.0080 6148 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
20:47:43.0187 6148 vds - ok
20:47:43.0226 6148 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:47:43.0266 6148 vga - ok
20:47:43.0291 6148 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:47:43.0384 6148 VgaSave - ok
20:47:43.0431 6148 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:47:43.0466 6148 vhdmp - ok
20:47:43.0486 6148 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:47:43.0518 6148 viaide - ok
20:47:43.0549 6148 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:47:43.0579 6148 volmgr - ok
20:47:43.0620 6148 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:47:43.0668 6148 volmgrx - ok
20:47:43.0718 6148 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
20:47:43.0763 6148 volsnap - ok
20:47:43.0813 6148 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
20:47:43.0847 6148 vsmraid - ok
20:47:43.0992 6148 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
20:47:44.0138 6148 VSS - ok
20:47:44.0264 6148 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:47:44.0299 6148 vwifibus - ok
20:47:44.0340 6148 VWiFiFlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
20:47:44.0372 6148 VWiFiFlt - ok
20:47:44.0408 6148 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
20:47:44.0439 6148 vwifimp - ok
20:47:44.0493 6148 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
20:47:44.0602 6148 W32Time - ok
20:47:44.0641 6148 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
20:47:44.0674 6148 WacomPen - ok
20:47:44.0702 6148 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:47:44.0797 6148 WANARP - ok
20:47:44.0803 6148 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:47:44.0900 6148 Wanarpv6 - ok
20:47:45.0061 6148 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
20:47:45.0145 6148 WatAdminSvc - ok
20:47:45.0289 6148 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
20:47:45.0364 6148 wbengine - ok
20:47:45.0498 6148 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
20:47:45.0551 6148 WbioSrvc - ok
20:47:45.0589 6148 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
20:47:45.0649 6148 wcncsvc - ok
20:47:45.0669 6148 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
20:47:45.0704 6148 WcsPlugInService - ok
20:47:45.0769 6148 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
20:47:45.0799 6148 Wd - ok
20:47:45.0874 6148 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:47:45.0932 6148 Wdf01000 - ok
20:47:45.0970 6148 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:47:46.0021 6148 WdiServiceHost - ok
20:47:46.0028 6148 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:47:46.0082 6148 WdiSystemHost - ok
20:47:46.0130 6148 wdkmd (63ce387483e74a0bd79ee4e5eba1fd2e) C:\windows\system32\DRIVERS\WDKMD.sys
20:47:46.0157 6148 wdkmd - ok
20:47:46.0218 6148 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
20:47:46.0272 6148 WebClient - ok
20:47:46.0318 6148 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
20:47:46.0421 6148 Wecsvc - ok
20:47:46.0446 6148 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
20:47:46.0548 6148 wercplsupport - ok
20:47:46.0608 6148 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
20:47:46.0707 6148 WerSvc - ok
20:47:46.0742 6148 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:47:46.0837 6148 WfpLwf - ok
20:47:46.0864 6148 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:47:46.0893 6148 WIMMount - ok
20:47:46.0932 6148 WinDefend - ok
20:47:46.0952 6148 WinHttpAutoProxySvc - ok
20:47:47.0031 6148 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
20:47:47.0135 6148 Winmgmt - ok
20:47:47.0328 6148 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
20:47:47.0480 6148 WinRM - ok
20:47:47.0688 6148 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
20:47:47.0759 6148 Wlansvc - ok
20:47:47.0831 6148 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:47:47.0858 6148 wlcrasvc - ok
20:47:48.0090 6148 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:47:48.0213 6148 wlidsvc - ok
20:47:48.0345 6148 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
20:47:48.0378 6148 WmiAcpi - ok
20:47:48.0449 6148 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
20:47:48.0491 6148 wmiApSrv - ok
20:47:48.0531 6148 WMPNetworkSvc - ok
20:47:48.0561 6148 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
20:47:48.0595 6148 WPCSvc - ok
20:47:48.0617 6148 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
20:47:48.0657 6148 WPDBusEnum - ok
20:47:48.0685 6148 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:47:48.0779 6148 ws2ifsl - ok
20:47:48.0802 6148 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
20:47:48.0851 6148 wscsvc - ok
20:47:48.0858 6148 WSearch - ok
20:47:49.0084 6148 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
20:47:49.0211 6148 wuauserv - ok
20:47:49.0344 6148 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:47:49.0439 6148 WudfPf - ok
20:47:49.0486 6148 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:47:49.0582 6148 WUDFRd - ok
20:47:49.0619 6148 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
20:47:49.0711 6148 wudfsvc - ok
20:47:49.0746 6148 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
20:47:49.0800 6148 WwanSvc - ok
20:47:49.0881 6148 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
20:47:50.0414 6148 \Device\Harddisk0\DR0 - ok
20:47:50.0420 6148 Boot (0x1200) (ed5ef5b873538287e483db8f210d83a9) \Device\Harddisk0\DR0\Partition0
20:47:50.0423 6148 \Device\Harddisk0\DR0\Partition0 - ok
20:47:50.0463 6148 Boot (0x1200) (6dbed84ed07020cab2bcd5e831ed5372) \Device\Harddisk0\DR0\Partition1
20:47:50.0466 6148 \Device\Harddisk0\DR0\Partition1 - ok
20:47:50.0495 6148 Boot (0x1200) (540c6bf25fb74c31583ce44f71db887b) \Device\Harddisk0\DR0\Partition2
20:47:50.0499 6148 \Device\Harddisk0\DR0\Partition2 - ok
20:47:50.0501 6148 ============================================================
20:47:50.0502 6148 Scan finished
20:47:50.0502 6148 ============================================================
20:47:50.0527 1748 Detected object count: 2
20:47:50.0527 1748 Actual detected object count: 2
20:48:12.0261 1748 IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
20:48:12.0262 1748 IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:48:12.0262 1748 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:48:12.0263 1748 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip


ASWMBR LOG

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-07 20:50:09
-----------------------------
20:50:09.554 OS Version: Windows x64 6.1.7601 Service Pack 1
20:50:09.554 Number of processors: 4 586 0x2A07
20:50:09.556 ComputerName: PETERJR-PC UserName: Peter Jr
20:50:10.694 Initialize success
20:50:21.473 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:50:21.478 Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 3
20:50:21.496 Disk 0 MBR read successfully
20:50:21.501 Disk 0 MBR scan
20:50:21.508 Disk 0 unknown MBR code
20:50:21.535 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:50:21.555 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 183296 MB offset 206848
20:50:21.565 Disk 0 Partition - 00 0F Extended LBA 273468 MB offset 375597056
20:50:21.639 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 20075 MB offset 935659520
20:50:21.687 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 273467 MB offset 375599104
20:50:21.733 Disk 0 scanning C:\windows\system32\drivers
20:50:29.279 Service scanning
20:50:48.573 Modules scanning
20:50:48.592 Disk 0 trace - called modules:
20:50:48.973 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:50:48.987 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068a8060]
20:50:49.002 3 CLASSPNP.SYS[fffff88001d7c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80065d8050]
20:50:49.015 Scan finished successfully
20:51:44.954 Disk 0 MBR has been saved successfully to "C:\Users\Programmer\Desktop\MBR.dat"
20:51:44.971 The log file has been saved successfully to "C:\Users\Programmer\Desktop\withTDSS.txt"


Those are the reports.

Peter

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 08 August 2012 - 08:52 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pavmsk

pavmsk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 08 August 2012 - 02:01 PM

ComboFix 12-08-08.01 - Peter Jr 08/08/2012 12:13:51.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3930 [GMT -6:00]
Running from: c:\users\Peter Jr\Downloads\ComboFix.exe
Command switches used :: c:\users\Peter Jr\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120807154355.109999
c:\programdata\boost_interprocess\20120807154355.109999\Nobu64AgentService
c:\programdata\boost_interprocess\20120807154355.109999\Nobu64TrayIcon
c:\programdata\boost_interprocess\20120807230223.679332
c:\programdata\boost_interprocess\20120807230223.679332\Nobu64AgentService
c:\programdata\boost_interprocess\20120807230223.679332\Nobu64TrayIcon
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 18:24 . 2012-08-08 18:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-08 18:24 . 2012-08-08 18:24 -------- d-----w- c:\users\Programmer\AppData\Local\temp
2012-08-08 18:24 . 2012-08-08 18:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 18:24 . 2012-08-08 18:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-08 03:34 . 2012-08-08 03:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-08 03:34 . 2012-06-27 17:58 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 01:11 . 2012-08-08 01:12 -------- d-----w- c:\users\Programmer\AppData\Roaming\calibre
2012-08-08 01:10 . 2012-08-08 01:11 -------- d-----w- c:\program files (x86)\Calibre2
2012-08-07 16:51 . 2012-08-07 16:51 -------- d-----w- c:\users\Peter Jr\AppData\Roaming\Apple Computer
2012-08-06 08:19 . 2012-08-06 08:19 -------- d-----w- c:\users\Programmer\AppData\Local\Amazon
2012-08-04 20:41 . 2011-08-16 12:57 1505104 ----a-w- c:\windows\SysWow64\msvcr100d.dll
2012-08-04 20:41 . 2011-08-16 12:57 743760 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2012-08-04 20:41 . 2011-08-16 12:57 103760 ----a-w- c:\windows\SysWow64\mfcm100d.dll
2012-08-04 20:41 . 2011-08-16 12:57 7055696 ----a-w- c:\windows\SysWow64\mfc100d.dll
2012-08-04 20:41 . 2011-08-16 12:57 7124304 ----a-w- c:\windows\SysWow64\mfc100ud.dll
2012-08-04 20:41 . 2011-08-16 12:57 105296 ----a-w- c:\windows\SysWow64\mfcm100ud.dll
2012-08-04 20:41 . 2008-11-08 22:09 428544 ----a-w- c:\windows\AutoReseal.exe
2012-08-04 20:41 . 2007-11-15 01:13 423936 ----a-w- c:\windows\Reseal64.exe
2012-08-01 04:53 . 2012-08-01 04:53 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-07-31 22:25 . 2012-07-31 22:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-07-26 22:18 . 2012-07-26 22:18 -------- d-----w- c:\program files\CCleaner
2012-07-26 19:37 . 2012-07-26 19:37 -------- d-----w- c:\program files (x86)\ESET
2012-07-26 18:26 . 2012-07-26 18:26 -------- d-----w- c:\users\Programmer\AppData\Roaming\Malwarebytes
2012-07-26 18:10 . 2012-07-26 18:10 -------- d-----w- c:\users\Peter Jr\AppData\Roaming\Malwarebytes
2012-07-26 18:10 . 2012-07-26 18:10 -------- d-----w- c:\programdata\Malwarebytes
2012-07-25 21:19 . 2012-07-29 19:49 -------- d-----w- c:\users\Programmer\AppData\Local\Windows Live
2012-07-25 20:25 . 2012-07-25 20:25 -------- d-----w- c:\users\Programmer\AppData\Local\Programs
2012-07-25 16:47 . 2012-08-07 21:45 -------- d-s---w- c:\users\Programmer\Google Drive
2012-07-25 16:45 . 2012-07-25 16:46 -------- d-----w- c:\program files (x86)\Google
2012-07-25 02:53 . 2012-07-25 02:53 -------- d-----w- c:\users\Programmer\AppData\Local\Samsung
2012-07-23 06:11 . 2012-07-23 06:11 -------- d-----w- c:\users\Programmer\AppData\Local\Macromedia
2012-07-23 06:04 . 2012-07-23 06:04 -------- d-----w- c:\users\Programmer\AppData\Local\Mozilla
2012-07-23 06:04 . 2012-07-23 06:04 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-22 21:26 . 2012-07-22 21:26 96376 ----a-w- c:\windows\system32\drivers\SMR300.SYS
2012-07-22 19:15 . 2012-07-22 19:15 -------- d-----w- c:\users\Programmer\AppData\Local\Apple
2012-07-22 09:29 . 2012-07-23 07:58 -------- d-----w- c:\users\Programmer\AppData\Local\Adobe
2012-07-21 21:52 . 1999-11-10 18:05 86016 ----a-w- c:\windows\unvise32qt.exe
2012-07-21 21:50 . 2012-07-21 22:03 -------- d-----w- c:\programdata\QuickTime
2012-07-21 21:44 . 2012-07-21 21:44 -------- d-----w- c:\users\Programmer\AppData\Roaming\PowerISO
2012-07-21 21:37 . 2012-07-21 21:37 -------- d--h--w- c:\programdata\Common Files
2012-07-21 07:31 . 2012-07-21 07:31 -------- d-----w- c:\users\Programmer\AppData\Roaming\dBpoweramp
2012-07-20 22:15 . 2012-07-20 22:15 -------- d-----w- c:\program files (x86)\DSP-worx
2012-07-20 21:41 . 2012-07-20 21:41 -------- d-----w- c:\users\Peter Jr\AppData\Roaming\AccurateRip
2012-07-20 21:40 . 2012-07-20 21:45 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-07-19 15:27 . 2012-07-19 15:27 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2012-07-19 15:27 . 2012-07-19 15:27 -------- d-----w- c:\users\Guest\AppData\Local\Power2Go
2012-07-18 20:04 . 2012-07-19 00:31 -------- d-----w- c:\users\Programmer\AppData\Roaming\Apple Computer
2012-07-18 20:04 . 2012-07-18 20:04 -------- d-----w- c:\users\Programmer\AppData\Local\Apple Computer
2012-07-18 20:04 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-18 20:04 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-18 20:04 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 20:02 . 2012-07-18 20:02 -------- d-----w- c:\program files\iPod
2012-07-18 20:02 . 2012-07-18 20:04 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-07-18 20:02 . 2012-07-18 20:04 -------- d-----w- c:\program files\iTunes
2012-07-18 20:02 . 2012-07-18 20:04 -------- d-----w- c:\program files (x86)\iTunes
2012-07-18 20:02 . 2012-07-18 20:02 -------- d-----w- c:\programdata\Apple Computer
2012-07-18 20:01 . 2012-07-18 20:01 -------- d-----w- c:\users\Peter Jr\AppData\Local\Apple
2012-07-18 20:01 . 2012-07-18 20:01 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\program files\Common Files\Apple
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\program files (x86)\Bonjour
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\program files\Bonjour
2012-07-18 20:00 . 2012-07-18 20:02 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-07-18 20:00 . 2012-07-18 20:01 -------- d-----w- c:\programdata\Apple
2012-07-17 23:30 . 2012-08-08 18:06 -------- d-----w- c:\users\Programmer\AppData\Roaming\uTorrent
2012-07-17 05:00 . 2012-07-25 02:44 -------- d-----w- c:\users\Programmer\AppData\Roaming\CyberLink
2012-07-17 05:00 . 2012-07-20 23:59 -------- d-----w- c:\users\Programmer\AppData\Local\CyberLink
2012-07-16 20:28 . 2012-08-03 04:16 -------- d-----w- c:\users\Programmer\AppData\Local\CrashDumps
2012-07-12 23:05 . 2012-07-31 00:30 -------- d-----w- c:\users\Programmer\AppData\Local\Diagnostics
2012-07-12 17:58 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 16:57 . 2012-07-01 20:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 16:57 . 2012-07-01 20:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 17:53 . 2012-06-18 18:11 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-23 23:25 . 2012-06-23 23:25 25600 ----a-r- c:\users\Peter Jr\AppData\Roaming\Microsoft\Installer\{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}\python_icon.exe
2012-06-23 23:23 . 2012-06-23 23:25 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-06-22 22:01 . 2012-06-22 22:01 25600 ----a-r- c:\users\Programmer\AppData\Roaming\Microsoft\Installer\{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}\python_icon.exe
2012-06-02 22:19 . 2012-06-21 15:02 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:02 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:02 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:02 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:02 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:02 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-21 15:02 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:15 . 2012-06-21 15:02 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 21:56 . 2012-05-30 04:26 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-05-29 17:06 . 2011-03-28 09:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-29 17:00 . 2012-05-29 17:00 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-07_17.14.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-07 21:43 . 2012-08-07 21:43 13354 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-08-06 08:48 . 2012-08-06 08:48 13354 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 05:10 . 2012-08-07 21:46 38752 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-05-30 02:39 . 2012-08-07 16:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-30 02:39 . 2012-08-08 01:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-05-30 02:39 . 2012-08-07 16:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-05-30 02:39 . 2012-08-08 01:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 16:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-08 01:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-29 17:17 . 2012-08-07 21:46 7160 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3753184094-2554180761-3416680913-1003_UserData.bin
- 2012-08-06 20:25 . 2012-08-07 06:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-07 21:44 . 2012-08-07 21:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-06 20:25 . 2012-08-07 06:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-07 21:44 . 2012-08-07 21:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-15 00:42 . 2012-08-08 17:48 253128 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-08-07 06:19 660770 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-07 21:49 660770 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-07 21:49 121408 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-07 06:19 121408 c:\windows\system32\perfc009.dat
- 2012-08-01 07:27 . 2012-08-06 08:48 146016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-08-01 07:27 . 2012-08-07 21:43 146016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-08-06 08:48 233276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-07 21:43 233276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-29 17:02 . 2012-08-07 21:43 869028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3753184094-2554180761-3416680913-1001-8192.dat
- 2012-05-29 17:02 . 2012-07-22 21:31 869028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3753184094-2554180761-3416680913-1001-8192.dat
+ 2012-06-23 23:29 . 2012-08-07 21:43 2041044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3753184094-2554180761-3416680913-1003-8192.dat
- 2012-06-23 23:29 . 2012-08-06 08:48 2041044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3753184094-2554180761-3416680913-1003-8192.dat
+ 2012-08-08 01:08 . 2012-08-08 01:08 48514048 c:\windows\Installer\bd1950.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GoogleChromeAutoLaunch_FA1446F9ADF051B019FC7082BA275B27"="c:\users\Peter Jr\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-06-28 1250328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 116648]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-04 25960]
S0 SMR300;Symantec SMR Utility Service 3.0.0;c:\windows\System32\drivers\SMR300.SYS [2012-07-22 96376]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120803.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120807.001\IDSvia64.sys [2012-06-14 509088]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2011-08-16 13824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-04 1997416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [2011-04-11 7680]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-01 138912]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]
S4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-06-27 24904]
S4 MBAMService;MBAMService;c:\users\Programmer\Desktop\New folder (3)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 58234717
*NewlyCreated* - 79670009
*NewlyCreated* - WS2IFSL
*Deregistered* - 58234717
*Deregistered* - 79670009
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 16:57]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 16:45]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 16:45]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753184094-2554180761-3416680913-1001Core.job
- c:\users\Peter Jr\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 04:33]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753184094-2554180761-3416680913-1001UA.job
- c:\users\Peter Jr\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 04:33]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753184094-2554180761-3416680913-1003Core.job
- c:\users\Programmer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 21:30]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753184094-2554180761-3416680913-1003UA.job
- c:\users\Programmer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 21:30]
.
2012-08-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4de7f948-9081-4a56-a0e2-ce011b7ac99b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d9331032-56ef-4139-bc13-edca3a1dcf38.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-03 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-03 417560]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={24101638-5B3E-4940-9022-C3D005F5B9B3}&mid=854d3c74c58747d0ab82591a686b9eca-6f3ab3ee5fed93d8af03e057b842845e785859cb&lang=en&ds=st011&pr=sa&d=2012-07-21 15:38&v=12.1.0.20&sap=hp
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-08 12:28:37
ComboFix-quarantined-files.txt 2012-08-08 18:28
ComboFix2.txt 2012-08-07 17:17
.
Pre-Run: 2,372,513,792 bytes free
Post-Run: 2,329,231,360 bytes free
.
- - End Of File - - CC8C23659398D73DB52022952084C69C

My computer is running the same after the run, which means its a bit slow. Did combofix do anything that it didnt do that first time? I ran MalwareBytes again and that same damn PUP.crossfire.sa is still there which surprises me. I feel like ive thrown everything at it and it wont go away ugh and from what ive read its dangerous.

Thanks and sorry for having a very resilient virus.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 08 August 2012 - 02:14 PM

I will take a look at the MBAM report now



Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 pavmsk

pavmsk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 08 August 2012 - 03:47 PM

MALWARE LOG

Malwarebytes Anti-Malware (PRO) 1.62.0.1100
www.malwarebytes.org

Database version: v2012.06.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Programmer :: PETERJR-PC [limited]

Protection: Disabled

8/8/2012 1:39:02 PM
mbam-log-2012-08-08 (13-39-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211063
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



This is What said in the beginning


Your system denied access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.
If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
notepad C:\windows\System32\drivers\etc\hosts
and press enter. Find the lines HiJack this reports and delete them. Save the file as “hosts.” (with quotes), and reboot.



HIJACK LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:50:02 PM, on 8/8/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Programmer\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\Downloads\HijackThis.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
Q:\140066.enu\Office14\WINWORDC.EXE
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
Q:\140066.enu\Office14\OffSpon.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={24101638-5B3E-4940-9022-C3D005F5B9B3}&mid=854d3c74c58747d0ab82591a686b9eca-6f3ab3ee5fed93d8af03e057b842845e785859cb&lang=en&ds=st011&pr=sa&d=2012-07-21 15:38:39&v=12.1.0.20&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Best Buy pc app] C:\Users\Programmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
O4 - HKCU\..\Run: [Google Update] "C:\Users\Programmer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Programmer\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_52EAD4D3046CEEF37BBA13138EB4B094] "C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13102 bytes

The computer is running normally.


As always thanks for helping.

Peter

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 08 August 2012 - 04:09 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
      O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Best Buy pc app] C:\Users\Programmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
      O4 - HKCU\..\Run: [Google Update] "C:\Users\Programmer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [MusicManager] "C:\Users\Programmer\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
      O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_52EAD4D3046CEEF37BBA13138EB4B094] "C:\Users\Programmer\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
      O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 pavmsk

pavmsk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 08 August 2012 - 07:40 PM

I did the optional part and it definetly helped with the speed.
The ESET scanner didnt find anything though.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 08 August 2012 - 07:43 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 pavmsk

pavmsk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 08 August 2012 - 09:22 PM

Should i just ignore the PUP.crossfire.sa virus then?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 08 August 2012 - 09:28 PM

It is not dangerous as it is only a registry key that it is finding and no files, most likely one of the security programs is keeping it in place



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 pavmsk

pavmsk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 09 August 2012 - 09:50 AM

Oh okay sweet. Thanks a ton for helping me Gringo!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users