Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.dropper.bcminer help


  • This topic is locked This topic is locked
20 replies to this topic

#1 iTwAsLucK

iTwAsLucK

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 24 August 2012 - 09:22 PM

Hi, I am running 64bit windows 7 and use firefox as my primary web browser. For the past 10ish days I have been trying to rid myself of this "trojan.dropper.bcminer" which involves google redirects, random pop-ups (sometimes explicit) and overall slowing down my system. MalwareBytes will find TrojanDropper.BCMiner and say it is removed, but after rebooting another scan will find it again. I am not sure how to remove this problem and it's quite annoying as I have online banking / purchasing which I'm scared to perform while my machine is infected.

Please help if possible!
Thanks in advance, Brad

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 PM

Posted 25 August 2012 - 06:29 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 iTwAsLucK

iTwAsLucK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 25 August 2012 - 01:14 PM

Thanks for the reply!



Here is the security check log:

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java™ 6 Update 31
Java version out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````



Here is the dds log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by iTwAsLucK at 11:12:40 on 2012-08-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4095.2837 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
C:\Program Files\Common Files\WireHelpSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar =
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Google Update] "C:\Users\iTwAsLucK\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Free YouTube to MP3 Converter - C:\Users\iTwAsLucK\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68
TCP: Interfaces\{0359148A-E5B4-47A9-9CFB-7DCDE53560DC} : NameServer = 8.8.8.8,8.8.8.8,8.8.4.4
TCP: Interfaces\{0359148A-E5B4-47A9-9CFB-7DCDE53560DC} : DhcpNameServer = 64.59.160.13 64.59.161.68
TCP: Interfaces\{0359148A-E5B4-47A9-9CFB-7DCDE53560DC}\C696E6B6379737 : DhcpNameServer = 64.59.160.13 64.59.160.15 64.59.161.68
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [(Default)]
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
Hosts: 78.46.61.26 www.google-analytics.com.
Hosts: 78.46.61.26 ad-emea.doubleclick.net.
Hosts: 78.46.61.26 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\iTwAsLucK\AppData\Roaming\Mozilla\Firefox\Profiles\48e2ly5f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\iTwAsLucK\AppData\Roaming\Mozilla\Firefox\Profiles\48e2ly5f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\iTwAsLucK\AppData\Roaming\Mozilla\Firefox\Profiles\48e2ly5f.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Users\iTwAsLucK\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ESLWireAC;ESLWireAC;\??\C:\Windows\system32\drivers\ESLWireACD.sys --> C:\Windows\system32\drivers\ESLWireACD.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-18 655944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-19 2337144]
R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-5-4 628040]
R2 WireHelpSvc;WireHelpSvc;C:\Program Files\Common Files\WireHelpSvc.exe [2011-7-7 168864]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;C:\Windows\system32\DRIVERS\ESLvnic.sys --> C:\Windows\system32\DRIVERS\ESLvnic.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S2 syshost32;syshost32;"C:\Windows\Installer\{2C205E3C-5EE8-3AC6-B37D-981A93307497}\syshost.exe" /service --> C:\Windows\Installer\{2C205E3C-5EE8-3AC6-B37D-981A93307497}\syshost.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-6-20 33184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-6-20 21328]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdvancedSystemCareService;Advanced SystemCare Service; [x]
S4 AMD FUEL Service;AMD FUEL Service; [x]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-6-20 20336]
S4 IMFservice;IMF Service; [x]
S4 pdfcDispatcher;PDF Document Manager; [x]
S4 TeamViewer7;TeamViewer 7; [x]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service; [x]
.
=============== Created Last 30 ================
.
2074-05-08 01:38:48 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-08-25 02:01:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-24 23:35:54 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-24 23:35:16 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-24 23:05:55 129024 ----a-w- C:\Windows\RegBootClean64.exe
2012-08-18 07:44:15 -------- d-----w- C:\Users\iTwAsLucK\AppData\Roaming\Malwarebytes
2012-08-18 07:43:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-18 07:43:57 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-18 07:43:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-18 07:30:40 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-18 07:30:39 -------- d-----w- C:\Program Files\AVAST Software
2012-08-18 07:24:55 -------- d-----w- C:\ProgramData\Sophos
2012-08-18 07:24:47 73728 ----a-r- C:\Users\iTwAsLucK\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-18 07:24:47 73728 ----a-r- C:\Users\iTwAsLucK\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-18 07:24:47 73728 ----a-r- C:\Users\iTwAsLucK\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-18 07:24:45 -------- d-----w- C:\Program Files (x86)\Sophos
2012-08-14 21:29:21 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-14 20:31:41 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-08-14 20:31:38 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-08-14 20:26:48 51200 ----a-w- C:\Windows\System32\ATIODCLI.exe
2012-08-14 20:26:44 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-08-14 20:26:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-08-14 20:26:41 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-08-14 20:26:32 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-08-14 20:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-08-14 20:26:25 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-08-14 20:26:13 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-08-14 20:26:13 332800 ----a-w- C:\Windows\System32\ATIODE.exe
2012-08-14 20:26:08 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-08-14 20:26:08 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-08-14 20:26:05 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-08-14 20:24:55 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-08-13 02:09:08 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C96452F-F06C-4A4E-985B-16F661DBDAD2}\mpengine.dll
.
==================== Find3M ====================
.
2012-08-25 02:02:45 328704 ----a-w- C:\Windows\System32\services.exe
2012-08-24 22:37:04 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-08-15 05:37:59 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 05:37:59 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-14 20:26:52 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-08-14 20:26:43 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-08-14 20:26:41 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-08-14 20:26:24 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-08-14 20:26:15 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-08-14 20:26:07 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-08-14 20:24:55 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-28 18:07:29 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-07-15 19:47:00 168864 ----a-w- C:\Program Files\Common Files\WireHelpSvc.exe
.
============= FINISH: 11:13:03.68 ===============





Here is the dds "attach":

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27/01/2011 10:20:52 PM
System Uptime: 25/08/2012 10:17:27 AM (1 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Phenom™ II X4 830 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 398.952 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.567 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP265: 22/08/2012 11:35:09 AM - Scheduled Checkpoint
RP266: 24/08/2012 4:35:23 PM - Installed SpyHunter
RP267: 24/08/2012 7:05:43 PM - Removed SpyHunter
.
==== Hosts File Hijack ======================
.
Hosts: 78.46.61.26 www.google-analytics.com.
Hosts: 78.46.61.26 ad-emea.doubleclick.net.
Hosts: 78.46.61.26 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
Leawo AVI Converter version 3.1.0.0
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Default Language CS4
Adobe Download Assistant
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5.1
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Advanced SystemCare 4
Agatha Christie - Death on the Nile
Age of Empires III
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Atheros Client Installation Program
ATI Catalyst Registration
µTorrent
Audiosurf Demo
Babylon toolbar on IE
Bandicam
Bandisoft MPEG-1 Decoder
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blacklight Retribution
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help English
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2011-11-11
Conduit Engine
Counter-Strike
Counter-Strike: Condition Zero
Counter-Strike: Global Offensive Beta
Counter-Strike: Source
Cross Fire En
CyberLink DVD Suite Deluxe
D3DX10
DealPly
DivX Setup
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
Escape Rosecliff Island
EVEREST Home Edition v2.20
FATE
ffdshow v1.2.4447 [2012-05-06]
Final Drive Nitro
Fraps (remove only)
Free Audio CD Burner version 1.4.7
Free Audio Converter version 2.2.11
Free Hide IP
Free YouTube to MP3 Converter version 3.10.17.221
Game Booster
GKLauncher
Google Chrome
H.264 Encoder
Haali Media Splitter
Halo Combat Evolved
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP Odometer
HP Setup
HP Softpaq SP54809
HP Support Information
HP Update
HP USB Disk Storage Format Tool
HydraVision
IObit Malware Fighter
Java Auto Updater
Java™ 6 Update 31
Jewel Quest - Heritage
K-Lite Codec Pack 7.7.0 (Full)
Killing Floor
Killing Floor Mod: Defence Alliance 2
LabelPrint
League of Legends
Left 4 Dead 2
LightScribe System Software
Livestream Procaster
LOLReplay
Magic Bullet Looks Vegas
Magicka
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ Run Time Lib Setup
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
mIRC
Mod Remover
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble and Murmur
NewBlue 3D Explosions for Windows
NewBlue 3D Transformations for Windows
NewBlue Art Blends for Windows
NewBlue Art Effects for Windows
NewBlue Film Effects for Windows
NewBlue Motion Blends for Windows
NewBlue Motion Effects for Windows
NewBlue Video Essentials for Windows
NVIDIA PhysX
Pando Media Booster
PAYDAY: The Heist
PDF Complete Special Edition
PDF Settings CS5
Penguins!
PhotoNow!
Photoshop Camera Raw
PictureMover
Plants vs. Zombies
PlayClaw 3
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
PunkBuster Services
Quarry v3.0
QuickTime
Radiance for Vegas Pro 8.0
Razer DeathAdder™ Mouse
REACTOR
Realtek High Definition Audio Driver
Recovery Manager
Red Orchestra 2: Heroes of Stalingrad
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization V
Skype™ 5.9
Smart Defrag 2
SmoothUI
Snagit 10.0.1
Sony Vegas Pro 8.0
Sophos Virus Removal Tool
Source SDK Base 2007
SpiceMASTER 2.5 PRO for Vegas
StarCraft II
Steam
Suite Shared Configuration CS4
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 6
TeamViewer 7
Tradewinds Legends
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Virtual Villagers - The Secret City
VoiceOver Kit
War Inc. Battlezone
WildTangent Games App (HP Games)
Window On Top version 1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinZip System Utilities Suite
Wolfenstein - Enemy Territory
Xfire (remove only)
XSplit
Yawcam 0.3.6
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
25/08/2012 10:20:29 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
25/08/2012 10:20:29 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
25/08/2012 10:18:43 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
24/08/2012 4:38:32 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
24/08/2012 4:38:31 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
24/08/2012 4:24:37 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning.
24/08/2012 4:24:37 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.
24/08/2012 4:06:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the TeamViewer 7 service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/08/2012 4:06:19 PM, Error: Service Control Manager [7031] - The TeamViewer 7 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.
24/08/2012 4:05:49 PM, Error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
24/08/2012 4:05:49 PM, Error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
24/08/2012 4:05:49 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
24/08/2012 4:05:49 PM, Error: Service Control Manager [7034] - The PDF Document Manager service terminated unexpectedly. It has done this 1 time(s).
24/08/2012 4:05:49 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
24/08/2012 4:05:49 PM, Error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).
24/08/2012 4:05:49 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
24/08/2012 4:05:49 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).
24/08/2012 4:05:49 PM, Error: Service Control Manager [7031] - The TeamViewer 7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.
24/08/2012 3:37:09 PM, Error: Service Control Manager [7000] - The tmcomm service failed to start due to the following error: A device attached to the system is not functioning.
24/08/2012 10:38:43 AM, Error: Service Control Manager [7000] - The TuneUpUtilitiesDrv service failed to start due to the following error: The system cannot find the file specified.
21/08/2012 8:34:21 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
20/08/2012 9:47:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
20/08/2012 9:47:38 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/08/2012 12:32:44 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
20/08/2012 12:32:44 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
20/08/2012 12:18:40 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
18/08/2012 12:31:47 AM, Error: Service Control Manager [7001] - The avast! Antivirus service depends on the aswMonFlt service which failed to start because of the following error: A device attached to the system is not functioning.
18/08/2012 12:31:47 AM, Error: Service Control Manager [7000] - The avast! Network Shield Support service failed to start due to the following error: A device attached to the system is not functioning.
18/08/2012 12:31:47 AM, Error: Service Control Manager [7000] - The aswSP service failed to start due to the following error: A device attached to the system is not functioning.
18/08/2012 12:31:47 AM, Error: Service Control Manager [7000] - The aswMonFlt service failed to start due to the following error: A device attached to the system is not functioning.
18/08/2012 12:31:47 AM, Error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: A device attached to the system is not functioning.
18/08/2012 11:53:39 AM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: Access is denied.
18/08/2012 11:51:52 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070505'. Restart your computer, and then restart the WMPNetworkSvc service.
18/08/2012 11:40:49 AM, Error: Service Control Manager [7000] - The X6va009 service failed to start due to the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================



I didn't encounter any problems while running any of the tests. Please let me know what to do next :)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 PM

Posted 25 August 2012 - 01:49 PM

Hello iTwAsLucK

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 iTwAsLucK

iTwAsLucK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 25 August 2012 - 02:35 PM

Here is the combofix log:

ComboFix 12-08-25.04 - iTwAsLucK 25/08/2012 12:07:27.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4095.2754 [GMT -7:00]
Running from: c:\users\iTwAsLucK\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20110129.txt
c:\cflog\CrashLog_20110214.txt
c:\cflog\CrashLog_20110217.txt
c:\cflog\CrashLog_20110218.txt
c:\cflog\CrashLog_20110221.txt
c:\cflog\CrashLog_20110222.txt
c:\cflog\CrashLog_20110225.txt
c:\cflog\CrashLog_20110226.txt
c:\cflog\CrashLog_20110307.txt
c:\cflog\CrashLog_20110311.txt
c:\cflog\CrashLog_20110312.txt
c:\cflog\CrashLog_20110318.txt
c:\cflog\CrashLog_20110319.txt
c:\cflog\CrashLog_20110321.txt
c:\cflog\CrashLog_20110322.txt
c:\cflog\CrashLog_20110327.txt
c:\cflog\CrashLog_20110408.txt
c:\cflog\CrashLog_20110409.txt
c:\cflog\CrashLog_20110411.txt
c:\cflog\CrashLog_20110412.txt
c:\cflog\CrashLog_20110414.txt
c:\cflog\CrashLog_20110416.txt
c:\cflog\CrashLog_20110419.txt
c:\cflog\CrashLog_20110511.txt
c:\cflog\CrashLog_20110513.txt
c:\cflog\CrashLog_20110514.txt
c:\cflog\CrashLog_20110521.txt
c:\cflog\CrashLog_20110522.txt
c:\cflog\CrashLog_20110528.txt
c:\cflog\CrashLog_20110604.txt
c:\cflog\CrashLog_20110625.txt
c:\cflog\CrashLog_20110701.txt
c:\cflog\CrashLog_20110707.txt
c:\cflog\CrashLog_20111205.txt
c:\cflog\CrashLog_20111209.txt
c:\cflog\CrashLog_20111220.txt
c:\cflog\CrashLog_20111221.txt
c:\cflog\CrashLog_20111229.txt
c:\cflog\CrashLog_20120101.txt
c:\cflog\CrashLog_20120105.txt
c:\cflog\CrashLog_20120531.txt
c:\cflog\CrashLog_20120601.txt
c:\cflog\CrashLog_20120602.txt
c:\cflog\CrashLog_20120605.txt
c:\cflog\CrashLog_20120606.txt
c:\cflog\CrashLog_20120607.txt
c:\cflog\CrashLog_20120613.txt
c:\cflog\CrashLog_20120617.txt
c:\cflog\CrashLog_20120620.txt
c:\cflog\CrashLog_20120624.txt
c:\cflog\CrashLog_20120625.txt
c:\cflog\CrashLog_20120626.txt
c:\cflog\CrashLog_20120630.txt
c:\cflog\CrashLog_20120713.txt
c:\cflog\CrashLog_20120717.txt
c:\cflog\CrashLog_20120720.txt
c:\cflog\EPLog.txt
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\users\iTwAsLucK\AppData\Local\assembly\tmp
c:\users\iTwAsLucK\AppData\Roaming\ac.exe
c:\users\iTwAsLucK\AppData\Roaming\mIRC\logs\status.log
c:\windows\Installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\@
c:\windows\Installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\L\00000004.@
c:\windows\Installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\L\201d3dde
c:\windows\Installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\U\00000004.@
c:\windows\Installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\U\00000008.@
c:\windows\Installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\U\000000cb.@
c:\windows\Installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\U\80000000.@
c:\windows\Installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\U\80000032.@
c:\windows\Installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\U\80000064.@
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
.
.
((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
.
.
2074-05-08 01:38 . 2006-11-22 03:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-08-25 19:13 . 2012-08-25 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-25 02:01 . 2012-08-25 02:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-24 23:35 . 2012-08-24 23:35 -------- d-----w- c:\program files\Enigma Software Group
2012-08-24 23:35 . 2012-08-25 02:07 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-24 23:05 . 2012-08-24 23:06 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-08-18 07:44 . 2012-08-18 07:44 -------- d-----w- c:\users\iTwAsLucK\AppData\Roaming\Malwarebytes
2012-08-18 07:43 . 2012-08-18 07:43 -------- d-----w- c:\programdata\Malwarebytes
2012-08-18 07:43 . 2012-08-24 23:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-18 07:43 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-18 07:31 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-18 07:30 . 2012-08-18 07:46 -------- d-----w- c:\programdata\AVAST Software
2012-08-18 07:30 . 2012-08-18 07:30 -------- d-----w- c:\program files\AVAST Software
2012-08-18 07:24 . 2012-08-18 07:24 -------- d-----w- c:\programdata\Sophos
2012-08-18 07:24 . 2012-08-18 07:24 73728 ----a-r- c:\users\iTwAsLucK\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-18 07:24 . 2012-08-18 07:24 73728 ----a-r- c:\users\iTwAsLucK\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-18 07:24 . 2012-08-18 07:24 73728 ----a-r- c:\users\iTwAsLucK\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-18 07:24 . 2012-08-18 07:24 -------- d-----w- c:\program files (x86)\Sophos
2012-08-14 21:29 . 2012-08-14 21:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-14 20:32 . 2012-08-14 20:32 -------- d-----w- c:\programdata\ATI
2012-08-14 20:31 . 2012-08-14 20:31 -------- d-----w- c:\program files (x86)\AMD AVT
2012-08-14 20:31 . 2012-08-14 20:31 -------- d-----w- c:\program files (x86)\AMD APP
2012-08-14 20:25 . 2012-08-14 20:25 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-08-14 20:25 . 2012-08-14 20:25 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-08-14 20:25 . 2012-08-14 20:26 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-08-14 20:25 . 2012-08-14 20:25 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-08-14 20:25 . 2012-08-14 20:25 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-08-14 20:25 . 2012-08-14 20:25 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-08-14 20:25 . 2012-08-14 20:25 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-08-14 20:24 . 2012-08-14 20:24 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-08-14 20:24 . 2012-08-14 20:24 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-08-14 20:24 . 2012-08-14 20:24 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-08-14 20:24 . 2012-08-14 20:24 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-08-14 20:24 . 2012-08-14 20:24 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-08-14 20:24 . 2012-08-14 20:24 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-08-14 20:24 . 2012-08-14 20:24 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-08-14 20:24 . 2012-08-14 20:24 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-08-14 20:24 . 2012-08-14 20:24 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-08-13 02:09 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C96452F-F06C-4A4E-985B-16F661DBDAD2}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 02:02 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-08-15 05:37 . 2012-04-12 00:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 05:37 . 2011-08-21 20:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 20:26 . 2010-09-08 00:13 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-08-14 20:26 . 2010-09-08 00:13 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-08-14 20:26 . 2010-09-08 00:13 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-08-14 20:26 . 2010-09-08 00:13 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-08-14 20:24 . 2010-09-08 00:13 64000 ----a-w- c:\windows\system32\coinst.dll
2012-08-14 20:24 . 2010-09-08 00:13 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-11 06:36 . 2011-07-25 19:36 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 06:38 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 05:20 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 05:20 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 05:20 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 05:20 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 05:20 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 05:20 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 05:20 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 16:03 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:04 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 16:04 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:04 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:03 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 16:03 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 16:04 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 16:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 16:03 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 05:20 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 05:20 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 05:20 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 05:20 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 05:20 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 05:20 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 05:20 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 05:20 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 05:20 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 19:25 . 2011-01-28 06:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-28 18:07 . 2011-04-01 00:14 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-07-15 19:47 . 2011-07-08 05:22 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 04:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R0 8e7ef1dbe8dfc864;syshost.exe;c:\windows\\SystemRoot\System32\Drivers\8e7ef1dbe8dfc864.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-29 1255736]
R3 X6va003;X6va003;c:\users\ITWASL~1\AppData\Local\Temp\003F8F0.tmp [x]
R3 X6va005;X6va005;c:\users\ITWASL~1\AppData\Local\Temp\005CD40.tmp [x]
R3 X6va006;X6va006;c:\users\ITWASL~1\AppData\Local\Temp\006C008.tmp [x]
R3 X6va007;X6va007;c:\users\ITWASL~1\AppData\Local\Temp\00779AB.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 AdvancedSystemCareService;Advanced SystemCare Service; [x]
R4 AMD FUEL Service;AMD FUEL Service; [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-04-28 20336]
R4 IMFservice;IMF Service; [x]
R4 pdfcDispatcher;PDF Document Manager; [x]
R4 TeamViewer7;TeamViewer 7; [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-08-14 236544]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2011-07-19 172960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2011-11-10 628040]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2011-07-15 168864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-08-14 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-08-14 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-08-14 95760]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-20 12032]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2010-12-08 25528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:38]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1791810842-1693449940-2674181568-1001Core.job
- c:\users\iTwAsLucK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13 04:09]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1791810842-1693449940-2674181568-1001UA.job
- c:\users\iTwAsLucK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13 04:09]
.
2012-08-10 c:\windows\Tasks\HPCeeScheduleForiTwAsLucK.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"combofix"="c:\combofix\CF8995.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\iTwAsLucK\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68
TCP: Interfaces\{0359148A-E5B4-47A9-9CFB-7DCDE53560DC}: NameServer = 8.8.8.8,8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\iTwAsLucK\AppData\Roaming\Mozilla\Firefox\Profiles\48e2ly5f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-80984351.sys
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdvancedSystemCareService]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AMD FUEL Service]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IMFservice]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LightScribeService]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PnkBstrA]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PnkBstrB]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TeamViewer7]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TuneUp.UtilitiesSvc]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\ITWASL~1\AppData\Local\Temp\003F8F0.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\ITWASL~1\AppData\Local\Temp\005CD40.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\ITWASL~1\AppData\Local\Temp\006C008.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\ITWASL~1\AppData\Local\Temp\00779AB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-25 12:23:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-25 19:23
.
Pre-Run: 428,128,067,584 bytes free
Post-Run: 427,726,983,168 bytes free
.
- - End Of File - - A6652663A541419CB7993189585EBAE0







Things SEEM good right now (I've looked through a couple of webpages and so far no pop-ups or redirects). Is there any way to tell for certain or to make sure it isn't just hiding?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 PM

Posted 25 August 2012 - 03:13 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 iTwAsLucK

iTwAsLucK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 25 August 2012 - 08:24 PM

TDSS report:

17:38:26.0453 4140 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:38:26.0853 4140 ============================================================
17:38:26.0853 4140 Current date / time: 2012/08/25 17:38:26.0853
17:38:26.0853 4140 SystemInfo:
17:38:26.0853 4140
17:38:26.0853 4140 OS Version: 6.1.7601 ServicePack: 1.0
17:38:26.0853 4140 Product type: Workstation
17:38:26.0853 4140 ComputerName: ITWASLUCK-HP
17:38:26.0853 4140 UserName: iTwAsLucK
17:38:26.0853 4140 Windows directory: C:\Windows
17:38:26.0853 4140 System windows directory: C:\Windows
17:38:26.0853 4140 Running under WOW64
17:38:26.0853 4140 Processor architecture: Intel x64
17:38:26.0853 4140 Number of processors: 4
17:38:26.0853 4140 Page size: 0x1000
17:38:26.0853 4140 Boot type: Normal boot
17:38:26.0853 4140 ============================================================
17:38:27.0863 4140 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:38:27.0883 4140 ============================================================
17:38:27.0883 4140 \Device\Harddisk0\DR0:
17:38:27.0883 4140 MBR partitions:
17:38:27.0883 4140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:38:27.0883 4140 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72D45000
17:38:27.0883 4140 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72D77800, BlocksNum 0x198E800
17:38:27.0883 4140 ============================================================
17:38:27.0913 4140 C: <-> \Device\Harddisk0\DR0\Partition2
17:38:27.0953 4140 D: <-> \Device\Harddisk0\DR0\Partition3
17:38:27.0953 4140 ============================================================
17:38:27.0953 4140 Initialize success
17:38:27.0953 4140 ============================================================
17:38:34.0514 3412 ============================================================
17:38:34.0514 3412 Scan started
17:38:34.0514 3412 Mode: Manual; SigCheck; TDLFS;
17:38:34.0514 3412 ============================================================
17:38:35.0084 3412 ================ Scan system memory ========================
17:38:35.0084 3412 System memory - ok
17:38:35.0084 3412 ================ Scan services =============================
17:38:35.0244 3412 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:38:35.0294 3412 1394ohci - ok
17:38:35.0324 3412 8e7ef1dbe8dfc864 - ok
17:38:35.0354 3412 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:38:35.0364 3412 ACPI - ok
17:38:35.0394 3412 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:38:35.0414 3412 AcpiPmi - ok
17:38:35.0574 3412 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:38:35.0584 3412 AdobeFlashPlayerUpdateSvc - ok
17:38:35.0614 3412 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:38:35.0634 3412 adp94xx - ok
17:38:35.0644 3412 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:38:35.0654 3412 adpahci - ok
17:38:35.0654 3412 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:38:35.0674 3412 adpu320 - ok
17:38:35.0724 3412 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:38:35.0764 3412 AeLookupSvc - ok
17:38:35.0804 3412 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:38:35.0834 3412 AFD - ok
17:38:35.0854 3412 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:38:35.0864 3412 agp440 - ok
17:38:35.0874 3412 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:38:35.0894 3412 ALG - ok
17:38:35.0914 3412 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:38:35.0924 3412 aliide - ok
17:38:35.0974 3412 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:38:35.0994 3412 AMD External Events Utility - ok
17:38:36.0054 3412 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:38:36.0064 3412 amdide - ok
17:38:36.0074 3412 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
17:38:36.0104 3412 amdiox64 - ok
17:38:36.0124 3412 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:38:36.0134 3412 AmdK8 - ok
17:38:36.0324 3412 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:38:36.0554 3412 amdkmdag - ok
17:38:36.0634 3412 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:38:36.0704 3412 amdkmdap - ok
17:38:36.0744 3412 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:38:36.0754 3412 AmdPPM - ok
17:38:36.0764 3412 [ F747497A0EE5498F79B207F215B3D2D8 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
17:38:36.0774 3412 amdsata - ok
17:38:36.0814 3412 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:38:36.0824 3412 amdsbs - ok
17:38:36.0834 3412 [ 2946D695E158615BAAA16248E63C7ADB ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
17:38:36.0834 3412 amdxata - ok
17:38:36.0964 3412 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:38:36.0974 3412 AODDriver4.1 - ok
17:38:37.0014 3412 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:38:37.0054 3412 AppID - ok
17:38:37.0104 3412 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:38:37.0144 3412 AppIDSvc - ok
17:38:37.0174 3412 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:38:37.0204 3412 Appinfo - ok
17:38:37.0314 3412 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:38:37.0324 3412 Apple Mobile Device - ok
17:38:37.0364 3412 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:38:37.0374 3412 arc - ok
17:38:37.0374 3412 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:38:37.0384 3412 arcsas - ok
17:38:37.0514 3412 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:38:37.0524 3412 aspnet_state - ok
17:38:37.0524 3412 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:38:37.0554 3412 AsyncMac - ok
17:38:37.0594 3412 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:38:37.0594 3412 atapi - ok
17:38:37.0654 3412 [ CCD13AC559B0492D65B32687DA9036BB ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:38:37.0714 3412 athr - ok
17:38:37.0744 3412 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:38:37.0744 3412 AtiHDAudioService - ok
17:38:37.0774 3412 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:38:37.0784 3412 AtiHdmiService - ok
17:38:37.0814 3412 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
17:38:37.0824 3412 AtiPcie - ok
17:38:37.0874 3412 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:38:37.0924 3412 AudioEndpointBuilder - ok
17:38:37.0934 3412 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:38:37.0964 3412 AudioSrv - ok
17:38:38.0024 3412 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:38:38.0054 3412 AxInstSV - ok
17:38:38.0084 3412 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:38:38.0104 3412 b06bdrv - ok
17:38:38.0124 3412 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:38:38.0134 3412 b57nd60a - ok
17:38:38.0154 3412 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:38:38.0184 3412 BDESVC - ok
17:38:38.0214 3412 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:38:38.0254 3412 Beep - ok
17:38:38.0284 3412 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:38:38.0334 3412 BFE - ok
17:38:38.0364 3412 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:38:38.0374 3412 blbdrive - ok
17:38:38.0454 3412 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:38:38.0464 3412 Bonjour Service - ok
17:38:38.0484 3412 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:38:38.0494 3412 bowser - ok
17:38:38.0494 3412 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:38:38.0504 3412 BrFiltLo - ok
17:38:38.0504 3412 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:38:38.0514 3412 BrFiltUp - ok
17:38:38.0524 3412 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:38:38.0544 3412 BridgeMP - ok
17:38:38.0574 3412 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
17:38:38.0604 3412 Browser - ok
17:38:38.0614 3412 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:38:38.0654 3412 Brserid - ok
17:38:38.0654 3412 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:38:38.0684 3412 BrSerWdm - ok
17:38:38.0694 3412 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:38:38.0704 3412 BrUsbMdm - ok
17:38:38.0704 3412 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:38:38.0714 3412 BrUsbSer - ok
17:38:38.0734 3412 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:38:38.0744 3412 BTHMODEM - ok
17:38:38.0764 3412 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:38:38.0804 3412 bthserv - ok
17:38:38.0834 3412 catchme - ok
17:38:38.0854 3412 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:38:38.0894 3412 cdfs - ok
17:38:38.0934 3412 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:38:38.0944 3412 cdrom - ok
17:38:38.0984 3412 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:38:39.0024 3412 CertPropSvc - ok
17:38:39.0044 3412 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:38:39.0054 3412 circlass - ok
17:38:39.0074 3412 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:38:39.0094 3412 CLFS - ok
17:38:39.0144 3412 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:38:39.0144 3412 clr_optimization_v2.0.50727_32 - ok
17:38:39.0184 3412 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:38:39.0194 3412 clr_optimization_v2.0.50727_64 - ok
17:38:39.0264 3412 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:38:39.0274 3412 clr_optimization_v4.0.30319_32 - ok
17:38:39.0274 3412 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:38:39.0284 3412 clr_optimization_v4.0.30319_64 - ok
17:38:39.0294 3412 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:38:39.0294 3412 CmBatt - ok
17:38:39.0314 3412 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:38:39.0314 3412 cmdide - ok
17:38:39.0344 3412 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:38:39.0384 3412 CNG - ok
17:38:39.0404 3412 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:38:39.0404 3412 Compbatt - ok
17:38:39.0414 3412 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:38:39.0424 3412 CompositeBus - ok
17:38:39.0434 3412 COMSysApp - ok
17:38:39.0444 3412 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:38:39.0454 3412 crcdisk - ok
17:38:39.0494 3412 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:38:39.0504 3412 CryptSvc - ok
17:38:39.0594 3412 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:38:39.0614 3412 cvhsvc - ok
17:38:39.0634 3412 [ FBCB29A76E8105D682B02C69BA9B5C22 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys
17:38:39.0644 3412 DAdderFltr - ok
17:38:39.0684 3412 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:38:39.0714 3412 DcomLaunch - ok
17:38:39.0724 3412 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:38:39.0764 3412 defragsvc - ok
17:38:39.0804 3412 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:38:39.0844 3412 DfsC - ok
17:38:39.0874 3412 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:38:39.0924 3412 Dhcp - ok
17:38:39.0954 3412 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:38:39.0984 3412 discache - ok
17:38:39.0994 3412 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:38:40.0004 3412 Disk - ok
17:38:40.0054 3412 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:38:40.0064 3412 Dnscache - ok
17:38:40.0094 3412 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:38:40.0134 3412 dot3svc - ok
17:38:40.0154 3412 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:38:40.0184 3412 DPS - ok
17:38:40.0214 3412 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:38:40.0234 3412 drmkaud - ok
17:38:40.0284 3412 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:38:40.0304 3412 DXGKrnl - ok
17:38:40.0334 3412 EagleX64 - ok
17:38:40.0374 3412 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:38:40.0414 3412 EapHost - ok
17:38:40.0474 3412 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:38:40.0534 3412 ebdrv - ok
17:38:40.0564 3412 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:38:40.0574 3412 EFS - ok
17:38:40.0614 3412 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:38:40.0634 3412 ehRecvr - ok
17:38:40.0654 3412 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:38:40.0664 3412 ehSched - ok
17:38:40.0714 3412 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:38:40.0734 3412 elxstor - ok
17:38:40.0744 3412 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:38:40.0754 3412 ErrDev - ok
17:38:40.0814 3412 esgiguard - ok
17:38:40.0834 3412 [ C33ACB897AF927D1C1BD84F211FAE75B ] ESLvnic1 C:\Windows\system32\DRIVERS\ESLvnic.sys
17:38:40.0844 3412 ESLvnic1 - ok
17:38:40.0874 3412 [ 640B9FEA0F70A3F4D3C7D486D613C995 ] ESLWireAC C:\Windows\system32\drivers\ESLWireACD.sys
17:38:40.0884 3412 ESLWireAC - ok
17:38:40.0904 3412 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:38:40.0934 3412 EventSystem - ok
17:38:40.0934 3412 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:38:40.0964 3412 exfat - ok
17:38:40.0974 3412 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:38:41.0014 3412 fastfat - ok
17:38:41.0064 3412 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:38:41.0084 3412 Fax - ok
17:38:41.0084 3412 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:38:41.0104 3412 fdc - ok
17:38:41.0144 3412 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:38:41.0164 3412 fdPHost - ok
17:38:41.0174 3412 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:38:41.0214 3412 FDResPub - ok
17:38:41.0234 3412 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:38:41.0244 3412 FileInfo - ok
17:38:41.0334 3412 [ 2B609F74FA2884C36471743322652A16 ] FileMonitor C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
17:38:41.0344 3412 FileMonitor - ok
17:38:41.0364 3412 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:38:41.0404 3412 Filetrace - ok
17:38:41.0454 3412 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:38:41.0474 3412 FLEXnet Licensing Service - ok
17:38:41.0474 3412 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:38:41.0484 3412 flpydisk - ok
17:38:41.0514 3412 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:38:41.0524 3412 FltMgr - ok
17:38:41.0564 3412 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:38:41.0584 3412 FontCache - ok
17:38:41.0634 3412 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:38:41.0644 3412 FontCache3.0.0.0 - ok
17:38:41.0654 3412 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:38:41.0664 3412 FsDepends - ok
17:38:41.0694 3412 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:38:41.0694 3412 Fs_Rec - ok
17:38:41.0754 3412 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:38:41.0794 3412 fvevol - ok
17:38:41.0804 3412 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:38:41.0814 3412 gagp30kx - ok
17:38:41.0924 3412 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:38:41.0934 3412 GamesAppService - ok
17:38:41.0974 3412 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:38:41.0974 3412 GEARAspiWDM - ok
17:38:42.0004 3412 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:38:42.0054 3412 gpsvc - ok
17:38:42.0084 3412 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:38:42.0114 3412 hcw85cir - ok
17:38:42.0134 3412 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:38:42.0154 3412 HdAudAddService - ok
17:38:42.0184 3412 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:38:42.0214 3412 HDAudBus - ok
17:38:42.0234 3412 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:38:42.0254 3412 HidBatt - ok
17:38:42.0264 3412 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:38:42.0274 3412 HidBth - ok
17:38:42.0274 3412 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:38:42.0284 3412 HidIr - ok
17:38:42.0314 3412 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:38:42.0354 3412 hidserv - ok
17:38:42.0404 3412 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:38:42.0414 3412 HidUsb - ok
17:38:42.0444 3412 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:38:42.0484 3412 hkmsvc - ok
17:38:42.0504 3412 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:38:42.0524 3412 HomeGroupListener - ok
17:38:42.0544 3412 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:38:42.0554 3412 HomeGroupProvider - ok
17:38:42.0584 3412 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:38:42.0594 3412 HpSAMD - ok
17:38:42.0644 3412 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:38:42.0694 3412 HTTP - ok
17:38:42.0714 3412 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:38:42.0724 3412 hwpolicy - ok
17:38:42.0764 3412 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:38:42.0774 3412 i8042prt - ok
17:38:42.0794 3412 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:38:42.0814 3412 iaStorV - ok
17:38:42.0924 3412 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:38:42.0944 3412 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:38:42.0944 3412 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:38:42.0994 3412 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:38:43.0014 3412 idsvc - ok
17:38:43.0024 3412 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:38:43.0034 3412 iirsp - ok
17:38:43.0074 3412 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:38:43.0104 3412 IKEEXT - ok
17:38:43.0184 3412 [ 2B888BBDF6962E608A5E1A1D7A626ADF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:38:43.0214 3412 IntcAzAudAddService - ok
17:38:43.0234 3412 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:38:43.0244 3412 intelide - ok
17:38:43.0284 3412 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:38:43.0304 3412 intelppm - ok
17:38:43.0334 3412 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:38:43.0384 3412 IPBusEnum - ok
17:38:43.0404 3412 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:38:43.0434 3412 IpFilterDriver - ok
17:38:43.0464 3412 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:38:43.0514 3412 iphlpsvc - ok
17:38:43.0524 3412 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:38:43.0554 3412 IPMIDRV - ok
17:38:43.0574 3412 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:38:43.0604 3412 IPNAT - ok
17:38:43.0674 3412 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:38:43.0694 3412 iPod Service - ok
17:38:43.0724 3412 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:38:43.0744 3412 IRENUM - ok
17:38:43.0774 3412 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:38:43.0784 3412 isapnp - ok
17:38:43.0814 3412 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:38:43.0824 3412 iScsiPrt - ok
17:38:43.0884 3412 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:38:43.0884 3412 kbdclass - ok
17:38:43.0904 3412 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:38:43.0914 3412 kbdhid - ok
17:38:43.0934 3412 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:38:43.0934 3412 KeyIso - ok
17:38:43.0964 3412 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:38:43.0974 3412 KSecDD - ok
17:38:43.0994 3412 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:38:44.0004 3412 KSecPkg - ok
17:38:44.0014 3412 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:38:44.0054 3412 ksthunk - ok
17:38:44.0114 3412 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:38:44.0144 3412 KtmRm - ok
17:38:44.0194 3412 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:38:44.0234 3412 LanmanServer - ok
17:38:44.0284 3412 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:38:44.0324 3412 LanmanWorkstation - ok
17:38:44.0364 3412 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:38:44.0384 3412 lltdio - ok
17:38:44.0404 3412 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:38:44.0454 3412 lltdsvc - ok
17:38:44.0474 3412 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:38:44.0494 3412 lmhosts - ok
17:38:44.0534 3412 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:38:44.0544 3412 LSI_FC - ok
17:38:44.0544 3412 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:38:44.0554 3412 LSI_SAS - ok
17:38:44.0554 3412 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:38:44.0564 3412 LSI_SAS2 - ok
17:38:44.0564 3412 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:38:44.0574 3412 LSI_SCSI - ok
17:38:44.0594 3412 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:38:44.0634 3412 luafv - ok
17:38:44.0664 3412 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:38:44.0694 3412 MBAMProtector - ok
17:38:44.0744 3412 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:38:44.0754 3412 MBAMService - ok
17:38:44.0794 3412 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:38:44.0824 3412 Mcx2Svc - ok
17:38:44.0824 3412 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:38:44.0834 3412 megasas - ok
17:38:44.0834 3412 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:38:44.0844 3412 MegaSR - ok
17:38:44.0864 3412 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:38:44.0894 3412 MMCSS - ok
17:38:44.0894 3412 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:38:44.0924 3412 Modem - ok
17:38:44.0964 3412 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:38:44.0984 3412 monitor - ok
17:38:45.0014 3412 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:38:45.0024 3412 mouclass - ok
17:38:45.0054 3412 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:38:45.0064 3412 mouhid - ok
17:38:45.0094 3412 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:38:45.0104 3412 mountmgr - ok
17:38:45.0174 3412 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:38:45.0184 3412 MozillaMaintenance - ok
17:38:45.0214 3412 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:38:45.0224 3412 mpio - ok
17:38:45.0244 3412 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:38:45.0284 3412 mpsdrv - ok
17:38:45.0334 3412 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:38:45.0364 3412 MpsSvc - ok
17:38:45.0394 3412 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:38:45.0424 3412 MRxDAV - ok
17:38:45.0444 3412 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:38:45.0474 3412 mrxsmb - ok
17:38:45.0504 3412 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:38:45.0534 3412 mrxsmb10 - ok
17:38:45.0554 3412 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:38:45.0554 3412 mrxsmb20 - ok
17:38:45.0574 3412 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:38:45.0584 3412 msahci - ok
17:38:45.0604 3412 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:38:45.0614 3412 msdsm - ok
17:38:45.0624 3412 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:38:45.0644 3412 MSDTC - ok
17:38:45.0664 3412 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:38:45.0694 3412 Msfs - ok
17:38:45.0724 3412 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:38:45.0754 3412 mshidkmdf - ok
17:38:45.0764 3412 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:38:45.0764 3412 msisadrv - ok
17:38:45.0784 3412 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:38:45.0814 3412 MSiSCSI - ok
17:38:45.0814 3412 msiserver - ok
17:38:45.0854 3412 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:38:45.0884 3412 MSKSSRV - ok
17:38:45.0894 3412 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:38:45.0934 3412 MSPCLOCK - ok
17:38:45.0944 3412 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:38:45.0974 3412 MSPQM - ok
17:38:45.0994 3412 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:38:46.0004 3412 MsRPC - ok
17:38:46.0014 3412 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:38:46.0024 3412 mssmbios - ok
17:38:46.0034 3412 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:38:46.0074 3412 MSTEE - ok
17:38:46.0074 3412 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:38:46.0084 3412 MTConfig - ok
17:38:46.0114 3412 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:38:46.0124 3412 Mup - ok
17:38:46.0144 3412 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:38:46.0184 3412 napagent - ok
17:38:46.0234 3412 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:38:46.0254 3412 NativeWifiP - ok
17:38:46.0294 3412 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:38:46.0314 3412 NDIS - ok
17:38:46.0324 3412 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:38:46.0354 3412 NdisCap - ok
17:38:46.0384 3412 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:38:46.0424 3412 NdisTapi - ok
17:38:46.0464 3412 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:38:46.0504 3412 Ndisuio - ok
17:38:46.0534 3412 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:38:46.0574 3412 NdisWan - ok
17:38:46.0604 3412 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:38:46.0624 3412 NDProxy - ok
17:38:46.0644 3412 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:38:46.0664 3412 NetBIOS - ok
17:38:46.0674 3412 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:38:46.0724 3412 NetBT - ok
17:38:46.0734 3412 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:38:46.0744 3412 Netlogon - ok
17:38:46.0784 3412 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:38:46.0814 3412 Netman - ok
17:38:46.0884 3412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:46.0894 3412 NetMsmqActivator - ok
17:38:46.0894 3412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:46.0904 3412 NetPipeActivator - ok
17:38:46.0924 3412 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:38:46.0954 3412 netprofm - ok
17:38:46.0954 3412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:46.0964 3412 NetTcpActivator - ok
17:38:46.0964 3412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:46.0974 3412 NetTcpPortSharing - ok
17:38:47.0004 3412 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:38:47.0014 3412 nfrd960 - ok
17:38:47.0054 3412 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:38:47.0094 3412 NlaSvc - ok
17:38:47.0114 3412 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:38:47.0134 3412 Npfs - ok
17:38:47.0144 3412 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:38:47.0174 3412 nsi - ok
17:38:47.0184 3412 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:38:47.0204 3412 nsiproxy - ok
17:38:47.0254 3412 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:38:47.0274 3412 Ntfs - ok
17:38:47.0284 3412 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:38:47.0314 3412 Null - ok
17:38:47.0334 3412 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:38:47.0344 3412 nvraid - ok
17:38:47.0354 3412 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:38:47.0364 3412 nvstor - ok
17:38:47.0384 3412 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:38:47.0394 3412 nv_agp - ok
17:38:47.0424 3412 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:38:47.0444 3412 ohci1394 - ok
17:38:47.0474 3412 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:47.0484 3412 ose - ok
17:38:47.0654 3412 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:38:47.0764 3412 osppsvc - ok
17:38:47.0784 3412 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:38:47.0814 3412 p2pimsvc - ok
17:38:47.0844 3412 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:38:47.0854 3412 p2psvc - ok
17:38:47.0884 3412 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:38:47.0894 3412 Parport - ok
17:38:47.0934 3412 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:38:47.0944 3412 partmgr - ok
17:38:47.0964 3412 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:38:47.0994 3412 PcaSvc - ok
17:38:48.0014 3412 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:38:48.0024 3412 pci - ok
17:38:48.0054 3412 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:38:48.0064 3412 pciide - ok
17:38:48.0074 3412 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:38:48.0084 3412 pcmcia - ok
17:38:48.0094 3412 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:38:48.0104 3412 pcw - ok
17:38:48.0144 3412 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:38:48.0195 3412 PEAUTH - ok
17:38:48.0285 3412 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:38:48.0315 3412 PerfHost - ok
17:38:48.0365 3412 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:38:48.0415 3412 pla - ok
17:38:48.0465 3412 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:38:48.0485 3412 PlugPlay - ok
17:38:48.0535 3412 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:38:48.0565 3412 PNRPAutoReg - ok
17:38:48.0585 3412 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:38:48.0595 3412 PNRPsvc - ok
17:38:48.0615 3412 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:38:48.0655 3412 PolicyAgent - ok
17:38:48.0685 3412 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:38:48.0725 3412 Power - ok
17:38:48.0765 3412 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:38:48.0805 3412 PptpMiniport - ok
17:38:48.0835 3412 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:38:48.0855 3412 Processor - ok
17:38:48.0895 3412 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:38:48.0925 3412 ProfSvc - ok
17:38:48.0945 3412 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:38:48.0945 3412 ProtectedStorage - ok
17:38:48.0995 3412 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:38:49.0015 3412 Psched - ok
17:38:49.0055 3412 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:38:49.0105 3412 ql2300 - ok
17:38:49.0105 3412 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:38:49.0115 3412 ql40xx - ok
17:38:49.0135 3412 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:38:49.0165 3412 QWAVE - ok
17:38:49.0175 3412 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:38:49.0205 3412 QWAVEdrv - ok
17:38:49.0215 3412 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:38:49.0255 3412 RasAcd - ok
17:38:49.0285 3412 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:38:49.0315 3412 RasAgileVpn - ok
17:38:49.0325 3412 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:38:49.0355 3412 RasAuto - ok
17:38:49.0375 3412 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:38:49.0425 3412 Rasl2tp - ok
17:38:49.0455 3412 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:38:49.0485 3412 RasMan - ok
17:38:49.0495 3412 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:38:49.0515 3412 RasPppoe - ok
17:38:49.0555 3412 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:38:49.0595 3412 RasSstp - ok
17:38:49.0615 3412 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:38:49.0645 3412 rdbss - ok
17:38:49.0655 3412 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:38:49.0665 3412 rdpbus - ok
17:38:49.0685 3412 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:38:49.0725 3412 RDPCDD - ok
17:38:49.0755 3412 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:38:49.0795 3412 RDPENCDD - ok
17:38:49.0815 3412 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:38:49.0835 3412 RDPREFMP - ok
17:38:49.0885 3412 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:38:49.0895 3412 RDPWD - ok
17:38:49.0935 3412 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:38:49.0945 3412 rdyboost - ok
17:38:50.0045 3412 [ 8CCF1201A14D5AD7568E192B835ABB7E ] RegFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
17:38:50.0045 3412 RegFilter - ok
17:38:50.0095 3412 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:38:50.0135 3412 RemoteAccess - ok
17:38:50.0155 3412 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:38:50.0185 3412 RemoteRegistry - ok
17:38:50.0205 3412 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:38:50.0225 3412 RpcEptMapper - ok
17:38:50.0245 3412 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:38:50.0245 3412 RpcLocator - ok
17:38:50.0285 3412 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:38:50.0315 3412 RpcSs - ok
17:38:50.0335 3412 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:38:50.0375 3412 rspndr - ok
17:38:50.0415 3412 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:38:50.0425 3412 RTL8167 - ok
17:38:50.0435 3412 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:38:50.0435 3412 SamSs - ok
17:38:50.0465 3412 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:38:50.0475 3412 sbp2port - ok
17:38:50.0515 3412 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:38:50.0545 3412 SCardSvr - ok
17:38:50.0565 3412 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:38:50.0605 3412 scfilter - ok
17:38:50.0635 3412 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:38:50.0675 3412 Schedule - ok
17:38:50.0695 3412 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:38:50.0725 3412 SCPolicySvc - ok
17:38:50.0745 3412 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:38:50.0755 3412 SDRSVC - ok
17:38:50.0785 3412 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:38:50.0825 3412 secdrv - ok
17:38:50.0855 3412 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:38:50.0875 3412 seclogon - ok
17:38:50.0895 3412 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:38:50.0935 3412 SENS - ok
17:38:50.0945 3412 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:38:50.0955 3412 SensrSvc - ok
17:38:50.0995 3412 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:38:51.0015 3412 Serenum - ok
17:38:51.0035 3412 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:38:51.0055 3412 Serial - ok
17:38:51.0065 3412 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:38:51.0085 3412 sermouse - ok
17:38:51.0115 3412 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:38:51.0155 3412 SessionEnv - ok
17:38:51.0175 3412 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:38:51.0195 3412 sffdisk - ok
17:38:51.0215 3412 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:38:51.0225 3412 sffp_mmc - ok
17:38:51.0265 3412 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:38:51.0335 3412 sffp_sd - ok
17:38:51.0335 3412 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:38:51.0345 3412 sfloppy - ok
17:38:51.0395 3412 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:38:51.0405 3412 Sftfs - ok
17:38:51.0465 3412 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:38:51.0475 3412 sftlist - ok
17:38:51.0485 3412 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:38:51.0495 3412 Sftplay - ok
17:38:51.0505 3412 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:38:51.0515 3412 Sftredir - ok
17:38:51.0555 3412 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:38:51.0555 3412 Sftvol - ok
17:38:51.0575 3412 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:38:51.0575 3412 sftvsa - ok
17:38:51.0645 3412 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:38:51.0685 3412 SharedAccess - ok
17:38:51.0715 3412 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:38:51.0745 3412 ShellHWDetection - ok
17:38:51.0745 3412 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:38:51.0755 3412 SiSRaid2 - ok
17:38:51.0755 3412 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:38:51.0765 3412 SiSRaid4 - ok
17:38:51.0835 3412 [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:38:51.0845 3412 SkypeUpdate - ok
17:38:51.0895 3412 [ 94CE7845AF6A2065B829E0126CD56236 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
17:38:51.0905 3412 SmartDefragDriver - ok
17:38:51.0915 3412 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:38:51.0955 3412 Smb - ok
17:38:52.0015 3412 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:38:52.0025 3412 SNMPTRAP - ok
17:38:52.0025 3412 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:38:52.0035 3412 spldr - ok
17:38:52.0075 3412 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
17:38:52.0105 3412 Spooler - ok
17:38:52.0175 3412 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:38:52.0275 3412 sppsvc - ok
17:38:52.0295 3412 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:38:52.0315 3412 sppuinotify - ok
17:38:52.0365 3412 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:38:52.0385 3412 srv - ok
17:38:52.0415 3412 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:38:52.0445 3412 srv2 - ok
17:38:52.0465 3412 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:38:52.0475 3412 srvnet - ok
17:38:52.0505 3412 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:38:52.0535 3412 SSDPSRV - ok
17:38:52.0565 3412 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:38:52.0595 3412 SstpSvc - ok
17:38:52.0635 3412 Steam Client Service - ok
17:38:52.0645 3412 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:38:52.0655 3412 stexstor - ok
17:38:52.0685 3412 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:38:52.0705 3412 stisvc - ok
17:38:52.0735 3412 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:38:52.0745 3412 swenum - ok
17:38:52.0885 3412 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:38:52.0905 3412 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:38:52.0905 3412 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:38:52.0925 3412 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:38:52.0975 3412 swprv - ok
17:38:53.0015 3412 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:38:53.0075 3412 SysMain - ok
17:38:53.0105 3412 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:38:53.0115 3412 TabletInputService - ok
17:38:53.0155 3412 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
17:38:53.0165 3412 taphss - ok
17:38:53.0185 3412 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:38:53.0215 3412 TapiSrv - ok
17:38:53.0225 3412 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:38:53.0255 3412 TBS - ok
17:38:53.0315 3412 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:38:53.0345 3412 Tcpip - ok
17:38:53.0405 3412 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:38:53.0435 3412 TCPIP6 - ok
17:38:53.0465 3412 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:38:53.0505 3412 tcpipreg - ok
17:38:53.0555 3412 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:38:53.0575 3412 TDPIPE - ok
17:38:53.0605 3412 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:38:53.0615 3412 TDTCP - ok
17:38:53.0635 3412 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:38:53.0665 3412 tdx - ok
17:38:53.0765 3412 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
17:38:53.0795 3412 TeamViewer6 - ok
17:38:53.0865 3412 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:38:53.0875 3412 TermDD - ok
17:38:53.0895 3412 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:38:53.0925 3412 TermService - ok
17:38:53.0935 3412 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:38:53.0955 3412 Themes - ok
17:38:53.0975 3412 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:38:53.0995 3412 THREADORDER - ok
17:38:54.0005 3412 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:38:54.0045 3412 TrkWks - ok
17:38:54.0095 3412 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:38:54.0135 3412 TrustedInstaller - ok
17:38:54.0165 3412 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:38:54.0185 3412 tssecsrv - ok
17:38:54.0245 3412 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:38:54.0255 3412 TsUsbFlt - ok
17:38:54.0285 3412 TuneUpUtilitiesDrv - ok
17:38:54.0325 3412 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:38:54.0355 3412 tunnel - ok
17:38:54.0375 3412 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:38:54.0385 3412 uagp35 - ok
17:38:54.0405 3412 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:38:54.0435 3412 udfs - ok
17:38:54.0455 3412 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:38:54.0475 3412 UI0Detect - ok
17:38:54.0495 3412 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:38:54.0495 3412 uliagpkx - ok
17:38:54.0535 3412 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:38:54.0545 3412 umbus - ok
17:38:54.0555 3412 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:38:54.0565 3412 UmPass - ok
17:38:54.0585 3412 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:38:54.0625 3412 upnphost - ok
17:38:54.0655 3412 [ 1AA6CA6B150F85F07804CBA5F814D9B2 ] UrlFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
17:38:54.0665 3412 UrlFilter - ok
17:38:54.0685 3412 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:38:54.0695 3412 USBAAPL64 - ok
17:38:54.0725 3412 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:38:54.0735 3412 usbccgp - ok
17:38:54.0765 3412 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:38:54.0775 3412 usbcir - ok
17:38:54.0785 3412 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:38:54.0815 3412 usbehci - ok
17:38:54.0835 3412 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
17:38:54.0845 3412 usbfilter - ok
17:38:54.0855 3412 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:38:54.0885 3412 usbhub - ok
17:38:54.0905 3412 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:38:54.0925 3412 usbohci - ok
17:38:54.0945 3412 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:38:54.0975 3412 usbprint - ok
17:38:54.0985 3412 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:38:54.0995 3412 USBSTOR - ok
17:38:55.0015 3412 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:38:55.0035 3412 usbuhci - ok
17:38:55.0065 3412 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:38:55.0075 3412 usbvideo - ok
17:38:55.0095 3412 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:38:55.0125 3412 UxSms - ok
17:38:55.0165 3412 [ 99CCD4D216C0131983707E29CB44C7B1 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
17:38:55.0175 3412 UxTuneUp - ok
17:38:55.0185 3412 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:38:55.0195 3412 VaultSvc - ok
17:38:55.0205 3412 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:38:55.0215 3412 vdrvroot - ok
17:38:55.0235 3412 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:38:55.0285 3412 vds - ok
17:38:55.0315 3412 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:38:55.0325 3412 vga - ok
17:38:55.0345 3412 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:38:55.0385 3412 VgaSave - ok
17:38:55.0405 3412 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:38:55.0415 3412 vhdmp - ok
17:38:55.0425 3412 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:38:55.0435 3412 viaide - ok
17:38:55.0455 3412 [ 3B59BB6D10CF969DBE4DB93D9EAD7FB4 ] VKbms C:\Windows\system32\DRIVERS\VKbms.sys
17:38:55.0465 3412 VKbms - ok
17:38:55.0465 3412 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:38:55.0475 3412 volmgr - ok
17:38:55.0505 3412 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:38:55.0515 3412 volmgrx - ok
17:38:55.0525 3412 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:38:55.0545 3412 volsnap - ok
17:38:55.0575 3412 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:38:55.0585 3412 vsmraid - ok
17:38:55.0635 3412 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:38:55.0705 3412 VSS - ok
17:38:55.0715 3412 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:38:55.0725 3412 vwifibus - ok
17:38:55.0765 3412 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:38:55.0795 3412 vwififlt - ok
17:38:55.0805 3412 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:38:55.0815 3412 vwifimp - ok
17:38:55.0845 3412 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:38:55.0875 3412 W32Time - ok
17:38:55.0885 3412 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:38:55.0885 3412 WacomPen - ok
17:38:55.0915 3412 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:38:55.0965 3412 WANARP - ok
17:38:55.0965 3412 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:38:55.0985 3412 Wanarpv6 - ok
17:38:56.0075 3412 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:38:56.0115 3412 WatAdminSvc - ok
17:38:56.0155 3412 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:38:56.0195 3412 wbengine - ok
17:38:56.0205 3412 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:38:56.0225 3412 WbioSrvc - ok
17:38:56.0255 3412 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:38:56.0285 3412 wcncsvc - ok
17:38:56.0305 3412 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:38:56.0315 3412 WcsPlugInService - ok
17:38:56.0315 3412 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:38:56.0325 3412 Wd - ok
17:38:56.0345 3412 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:38:56.0365 3412 Wdf01000 - ok
17:38:56.0375 3412 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:38:56.0405 3412 WdiServiceHost - ok
17:38:56.0405 3412 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:38:56.0425 3412 WdiSystemHost - ok
17:38:56.0445 3412 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:38:56.0475 3412 WebClient - ok
17:38:56.0505 3412 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:38:56.0545 3412 Wecsvc - ok
17:38:56.0565 3412 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:38:56.0585 3412 wercplsupport - ok
17:38:56.0625 3412 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:38:56.0665 3412 WerSvc - ok
17:38:56.0685 3412 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:38:56.0715 3412 WfpLwf - ok
17:38:56.0725 3412 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:38:56.0735 3412 WIMMount - ok
17:38:56.0795 3412 WinDefend - ok
17:38:56.0805 3412 WinHttpAutoProxySvc - ok
17:38:56.0835 3412 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:38:56.0865 3412 Winmgmt - ok
17:38:56.0905 3412 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:38:56.0985 3412 WinRM - ok
17:38:57.0035 3412 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:38:57.0045 3412 WinUsb - ok
17:38:57.0185 3412 [ F44FFC6CEC9D30CD361541A90858958B ] WINZIPSSDiskOptimizer C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
17:38:57.0205 3412 WINZIPSSDiskOptimizer - ok
17:38:57.0275 3412 [ EE5619C43CB3940A4471BD7596B04B7A ] WireHelpSvc C:\Program Files\Common Files\WireHelpSvc.exe
17:38:57.0285 3412 WireHelpSvc - ok
17:38:57.0305 3412 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:38:57.0345 3412 Wlansvc - ok
17:38:57.0445 3412 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:38:57.0505 3412 wlidsvc - ok
17:38:57.0525 3412 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:38:57.0555 3412 WmiAcpi - ok
17:38:57.0595 3412 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:38:57.0615 3412 wmiApSrv - ok
17:38:57.0655 3412 WMPNetworkSvc - ok
17:38:57.0685 3412 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:38:57.0695 3412 WPCSvc - ok
17:38:57.0725 3412 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:38:57.0735 3412 WPDBusEnum - ok
17:38:57.0745 3412 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:38:57.0775 3412 ws2ifsl - ok
17:38:57.0785 3412 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:38:57.0805 3412 wscsvc - ok
17:38:57.0805 3412 WSearch - ok
17:38:57.0885 3412 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:38:57.0965 3412 wuauserv - ok
17:38:57.0985 3412 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:38:58.0025 3412 WudfPf - ok
17:38:58.0055 3412 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:38:58.0095 3412 WUDFRd - ok
17:38:58.0125 3412 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:38:58.0155 3412 wudfsvc - ok
17:38:58.0175 3412 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:38:58.0195 3412 WwanSvc - ok
17:38:58.0265 3412 X6va003 - ok
17:38:58.0285 3412 X6va005 - ok
17:38:58.0295 3412 X6va006 - ok
17:38:58.0325 3412 X6va007 - ok
17:38:58.0415 3412 X6va008 - ok
17:38:58.0435 3412 X6va009 - ok
17:38:58.0445 3412 ================ Scan global ===============================
17:38:58.0465 3412 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:38:58.0495 3412 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:38:58.0495 3412 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:38:58.0515 3412 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:38:58.0565 3412 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:38:58.0565 3412 [Global] - ok
17:38:58.0565 3412 ================ Scan MBR ==================================
17:38:58.0585 3412 [ BD2634A6A62D3B52FAACB807E9CE26DA ] \Device\Harddisk0\DR0
17:38:58.0745 3412 \Device\Harddisk0\DR0 - ok
17:38:58.0745 3412 ================ Scan VBR ==================================
17:38:58.0775 3412 [ B40503CC482E69673C19697DBA0BBAC5 ] \Device\Harddisk0\DR0\Partition1
17:38:58.0775 3412 \Device\Harddisk0\DR0\Partition1 - ok
17:38:58.0785 3412 [ C74034744DC2F84B3B716612340DB308 ] \Device\Harddisk0\DR0\Partition2
17:38:58.0795 3412 \Device\Harddisk0\DR0\Partition2 - ok
17:38:58.0815 3412 [ B2B0BEC48D0F426464DF0941415FECDF ] \Device\Harddisk0\DR0\Partition3
17:38:58.0815 3412 \Device\Harddisk0\DR0\Partition3 - ok
17:38:58.0815 3412 ============================================================
17:38:58.0815 3412 Scan finished
17:38:58.0815 3412 ============================================================
17:38:58.0815 4280 Detected object count: 2
17:38:58.0815 4280 Actual detected object count: 2
17:39:03.0565 4280 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:03.0565 4280 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:03.0565 4280 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:03.0565 4280 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip



aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-25 17:41:35
-----------------------------
17:41:35.044 OS Version: Windows x64 6.1.7601 Service Pack 1
17:41:35.044 Number of processors: 4 586 0x403
17:41:35.044 ComputerName: ITWASLUCK-HP UserName: iTwAsLucK
17:41:38.254 Initialize success
17:49:59.310 AVAST engine defs: 12082501
17:54:00.864 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
17:54:00.864 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11
17:54:00.874 Disk 0 MBR read successfully
17:54:00.874 Disk 0 MBR scan
17:54:00.884 Disk 0 unknown MBR code
17:54:00.884 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:54:00.894 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 940682 MB offset 206848
17:54:00.914 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13085 MB offset 1926723584
17:54:00.944 Disk 0 scanning C:\Windows\system32\drivers
17:54:09.255 Service scanning
17:54:25.616 Modules scanning
17:54:25.616 Disk 0 trace - called modules:
17:54:25.646 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
17:54:25.646 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003d7c790]
17:54:25.646 3 CLASSPNP.SYS[fffff8800197743f] -> nt!IofCallDriver -> [0xfffffa8003cc3b80]
17:54:25.646 5 amdxata.sys[fffff88000e877a8] -> nt!IofCallDriver -> \Device\00000067[0xfffffa8003cbc9c0]
17:54:27.046 AVAST engine scan C:\Windows
17:54:29.256 AVAST engine scan C:\Windows\system32
17:56:57.566 AVAST engine scan C:\Windows\system32\drivers
17:57:07.407 AVAST engine scan C:\Users\iTwAsLucK
18:09:27.519 AVAST engine scan C:\ProgramData
18:13:31.056 Scan finished successfully
18:23:19.023 Disk 0 MBR has been saved successfully to "C:\Users\iTwAsLucK\Desktop\MBR.dat"
18:23:19.023 The log file has been saved successfully to "C:\Users\iTwAsLucK\Desktop\aswMBR.txt"


Didn't have any problems with either scan.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 PM

Posted 25 August 2012 - 10:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Folder::
c:\program files (x86)\uTorrentBar
c:\program files (x86)\ConduitEngine
c:\program files (x86)\Ask.com

Driver::
8e7ef1dbe8dfc864

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 iTwAsLucK

iTwAsLucK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 25 August 2012 - 10:31 PM

Here is the report from combofix:

ComboFix 12-08-25.04 - iTwAsLucK 25/08/2012 20:12:25.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4095.2485 [GMT -7:00]
Running from: c:\users\iTwAsLucK\Desktop\ComboFix.exe
Command switches used :: c:\users\iTwAsLucK\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\INSTALL.LOG
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\program files (x86)\uTorrentBar
c:\program files (x86)\uTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\INSTALL.LOG
c:\program files (x86)\uTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\tbuTor.dll
c:\program files (x86)\uTorrentBar\toolbar.cfg
c:\program files (x86)\uTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentBar\UNWISE.EXE
c:\program files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_8E7EF1DBE8DFC864
-------\Service_8e7ef1dbe8dfc864
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2074-05-08 01:38 . 2006-11-22 03:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-08-26 03:19 . 2012-08-26 03:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-25 02:01 . 2012-08-25 02:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-24 23:35 . 2012-08-24 23:35 -------- d-----w- c:\program files\Enigma Software Group
2012-08-24 23:35 . 2012-08-25 02:07 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-24 23:05 . 2012-08-24 23:06 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-08-18 07:44 . 2012-08-18 07:44 -------- d-----w- c:\users\iTwAsLucK\AppData\Roaming\Malwarebytes
2012-08-18 07:43 . 2012-08-18 07:43 -------- d-----w- c:\programdata\Malwarebytes
2012-08-18 07:43 . 2012-08-24 23:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-18 07:43 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-18 07:31 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-18 07:30 . 2012-08-18 07:46 -------- d-----w- c:\programdata\AVAST Software
2012-08-18 07:30 . 2012-08-18 07:30 -------- d-----w- c:\program files\AVAST Software
2012-08-18 07:24 . 2012-08-18 07:24 -------- d-----w- c:\programdata\Sophos
2012-08-18 07:24 . 2012-08-18 07:24 73728 ----a-r- c:\users\iTwAsLucK\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-18 07:24 . 2012-08-18 07:24 73728 ----a-r- c:\users\iTwAsLucK\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-18 07:24 . 2012-08-18 07:24 73728 ----a-r- c:\users\iTwAsLucK\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-18 07:24 . 2012-08-18 07:24 -------- d-----w- c:\program files (x86)\Sophos
2012-08-14 21:29 . 2012-08-14 21:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-14 20:32 . 2012-08-14 20:32 -------- d-----w- c:\programdata\ATI
2012-08-14 20:31 . 2012-08-14 20:31 -------- d-----w- c:\program files (x86)\AMD AVT
2012-08-14 20:31 . 2012-08-14 20:31 -------- d-----w- c:\program files (x86)\AMD APP
2012-08-14 20:25 . 2012-08-14 20:25 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-08-14 20:25 . 2012-08-14 20:25 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-08-14 20:25 . 2012-08-14 20:26 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-08-14 20:25 . 2012-08-14 20:25 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-08-14 20:25 . 2012-08-14 20:25 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-08-14 20:25 . 2012-08-14 20:25 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-08-14 20:25 . 2012-08-14 20:25 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-08-14 20:24 . 2012-08-14 20:24 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-08-14 20:24 . 2012-08-14 20:24 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-08-14 20:24 . 2012-08-14 20:24 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-08-14 20:24 . 2012-08-14 20:24 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-08-14 20:24 . 2012-08-14 20:24 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-08-14 20:24 . 2012-08-14 20:24 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-08-14 20:24 . 2012-08-14 20:24 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-08-14 20:24 . 2012-08-14 20:24 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-08-14 20:24 . 2012-08-14 20:24 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-08-13 02:09 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C96452F-F06C-4A4E-985B-16F661DBDAD2}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 02:02 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-08-15 05:37 . 2012-04-12 00:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 05:37 . 2011-08-21 20:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 20:26 . 2010-09-08 00:13 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-08-14 20:26 . 2010-09-08 00:13 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-08-14 20:26 . 2010-09-08 00:13 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-08-14 20:26 . 2010-09-08 00:13 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-08-14 20:24 . 2010-09-08 00:13 64000 ----a-w- c:\windows\system32\coinst.dll
2012-08-14 20:24 . 2010-09-08 00:13 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-11 06:36 . 2011-07-25 19:36 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 06:38 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 05:20 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 05:20 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 05:20 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 05:20 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 05:20 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 05:20 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 05:20 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 16:03 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:04 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 16:04 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:04 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:03 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 16:03 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 16:04 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 16:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 16:03 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 05:20 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 05:20 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 05:20 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 05:20 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 05:20 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 05:20 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 05:20 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 05:20 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 05:20 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 19:25 . 2011-01-28 06:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-28 18:07 . 2011-04-01 00:14 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-07-15 19:47 . 2011-07-08 05:22 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-25_19.15.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-26 03:20 . 2012-08-26 03:20 13360 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-08-25 19:13 . 2012-08-25 19:13 13360 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 05:10 . 2012-08-25 19:17 34956 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-28 06:22 . 2012-08-25 19:17 21156 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1791810842-1693449940-2674181568-1001_UserData.bin
+ 2011-01-28 07:20 . 2012-08-25 21:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-28 07:20 . 2012-08-25 02:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-28 07:20 . 2012-08-25 02:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-28 07:20 . 2012-08-25 21:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-25 21:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-25 02:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-28 06:26 . 2012-08-25 19:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-28 06:26 . 2012-08-26 03:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-28 06:26 . 2012-08-25 19:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-28 06:26 . 2012-08-26 03:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-28 06:26 . 2012-08-25 19:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-28 06:26 . 2012-08-26 03:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-28 06:26 . 2012-08-25 19:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-28 06:26 . 2012-08-26 03:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-28 06:26 . 2012-08-26 03:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-28 06:26 . 2012-08-25 19:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-25 19:14 . 2012-08-25 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-26 03:21 . 2012-08-26 03:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-26 03:21 . 2012-08-26 03:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-25 19:14 . 2012-08-25 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-08-25 19:15 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-26 03:21 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-25 19:15 589824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-26 03:21 589824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2012-08-25 19:19 664984 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-25 17:22 664984 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-25 19:19 125462 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-25 17:22 125462 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-25 19:13 335620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-26 03:20 335620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-08-25 19:15 2277376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-26 03:21 2277376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-29 04:34 . 2012-08-26 03:20 22713864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1791810842-1693449940-2674181568-1001-12288.dat
- 2011-03-29 04:34 . 2012-08-25 19:13 22713864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1791810842-1693449940-2674181568-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-29 1255736]
R3 X6va003;X6va003;c:\users\ITWASL~1\AppData\Local\Temp\003F8F0.tmp [x]
R3 X6va005;X6va005;c:\users\ITWASL~1\AppData\Local\Temp\005CD40.tmp [x]
R3 X6va006;X6va006;c:\users\ITWASL~1\AppData\Local\Temp\006C008.tmp [x]
R3 X6va007;X6va007;c:\users\ITWASL~1\AppData\Local\Temp\00779AB.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 AdvancedSystemCareService;Advanced SystemCare Service; [x]
R4 AMD FUEL Service;AMD FUEL Service; [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-04-28 20336]
R4 IMFservice;IMF Service; [x]
R4 pdfcDispatcher;PDF Document Manager; [x]
R4 TeamViewer7;TeamViewer 7; [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-08-14 236544]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2011-07-19 172960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2011-11-10 628040]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2011-07-15 168864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-08-14 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-08-14 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-08-14 95760]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-20 12032]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2010-12-08 25528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:38]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1791810842-1693449940-2674181568-1001Core.job
- c:\users\iTwAsLucK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13 04:09]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1791810842-1693449940-2674181568-1001UA.job
- c:\users\iTwAsLucK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13 04:09]
.
2012-08-10 c:\windows\Tasks\HPCeeScheduleForiTwAsLucK.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"combofix"="c:\combofix\CF5631.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\iTwAsLucK\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68
TCP: Interfaces\{0359148A-E5B4-47A9-9CFB-7DCDE53560DC}: NameServer = 8.8.8.8,8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\iTwAsLucK\AppData\Roaming\Mozilla\Firefox\Profiles\48e2ly5f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-uTorrentBar Toolbar - c:\progra~2\UTORRE~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdvancedSystemCareService]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AMD FUEL Service]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IMFservice]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LightScribeService]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PnkBstrA]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PnkBstrB]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TeamViewer7]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TuneUp.UtilitiesSvc]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\ITWASL~1\AppData\Local\Temp\003F8F0.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\ITWASL~1\AppData\Local\Temp\005CD40.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\ITWASL~1\AppData\Local\Temp\006C008.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\ITWASL~1\AppData\Local\Temp\00779AB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-25 20:29:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-26 03:29
ComboFix2.txt 2012-08-25 19:23
.
Pre-Run: 426,968,485,888 bytes free
Post-Run: 426,980,839,424 bytes free
.
- - End Of File - - 46CC2499AED7DB7F681823E83A0B03C1

Things still seem to be doing okay.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 PM

Posted 25 August 2012 - 10:33 PM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 iTwAsLucK

iTwAsLucK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 25 August 2012 - 10:56 PM

RogueKiller log report:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: iTwAsLucK [Admin rights]
Mode: Scan -- Date: 08/25/2012 20:55:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 8dda2b5dc61c3af06639c5cffa4ff242
[BSP] 0a5db6774fdcdbebe38dc2fde504f884 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 940682 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1926723584 | Size: 13085 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 35a145e255c39765ae99c768bb1eec17
[BSP] ad2e291a39f3ea425ebc3e48ea0f8226 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 PM

Posted 26 August 2012 - 12:04 AM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 iTwAsLucK

iTwAsLucK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 26 August 2012 - 12:15 AM

I have three RK reports on my desktop now, I hope this is the right one

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: iTwAsLucK [Admin rights]
Mode: Remove -- Date: 08/25/2012 22:10:52

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{ef970399-9278-1eb3-6237-c5333ecc07d5}\L --> REMOVED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 8dda2b5dc61c3af06639c5cffa4ff242
[BSP] 0a5db6774fdcdbebe38dc2fde504f884 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 940682 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1926723584 | Size: 13085 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 35a145e255c39765ae99c768bb1eec17
[BSP] ad2e291a39f3ea425ebc3e48ea0f8226 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 PM

Posted 26 August 2012 - 01:13 AM

how is the computer at this time


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 iTwAsLucK

iTwAsLucK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 27 August 2012 - 01:58 PM

The computer SEEMS fine, but I'm still a little nervous about doing online banking or anything like that. How long should I wait until I can be sure it is safe?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users