Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help with a redirect that I cannot remove!


  • This topic is locked This topic is locked
49 replies to this topic

#1 Helpless Lass

Helpless Lass

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:35 PM

Posted 02 September 2012 - 02:28 PM

My PC that runs Windows 7 is infected with a redirect on Firefox that I cannot remove. In addition to the redirects, I've notice my cursor at times will have a little red circle with slash over a back arrow attached to it. The screen to which I am now redirected says it is "Theallsearches.com." However, I was being redirected to a different screen style when this problem first started about two weeks ago.

I had MalawareBytes (I uninstalled it) until today because yesterday I downloaded Norton 360. A quick scan found nothing, so today I ran a full scan in Safe Mode and Norton picked up 17 trojans, but not the redirect problem. For the past three days I have run various free programs in addition to the Norton, and I am still being redirected. I am ready to scream!!!!

Please help me get this removed! Thank you in advance for any help you can provide!

:busy:

This morning I decided to try IE 64 bit to see if I had the same redirect issues, and it doesn't appear so. So, I uninstalled and then reinstalled an updated version of Firefox - and the redirect issue is still there.

Edited by Helpless Lass, 03 September 2012 - 08:29 AM.


BC AdBot (Login to Remove)

 


#2 Helpless Lass

Helpless Lass
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:35 PM

Posted 02 September 2012 - 03:23 PM

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Fenya at 16:20:48 on 2012-09-02
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.823 [GMT -4:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333g&r=17360910m206p0415v1i5r4562s215
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333g&r=17360910m206p0415v1i5r4562s215
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{76C09F17-3DAB-4FF0-8A0B-AE83015E5F44} : DhcpNameServer = 192.168.2.1
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fenya\AppData\Roaming\Mozilla\Firefox\Profiles\qix1ar09.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Fenya\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Fenya\AppData\Roaming\Mozilla\Firefox\Profiles\qix1ar09.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-8-23 1161376]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120831.001\IDSviA64.sys [2012-8-31 512672]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [2012-9-1 138272]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-20 240160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-1 138912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-18 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-18 136176]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-02 19:12:24 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-02 18:12:13 98816 ----a-w- C:\Windows\sed.exe
2012-09-02 18:12:13 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-02 18:12:13 256000 ----a-w- C:\Windows\PEV.exe
2012-09-02 18:12:13 208896 ----a-w- C:\Windows\MBR.exe
2012-09-02 17:52:37 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53A46B80-53C4-43B5-A2C2-FF48D10EC454}\offreg.dll
2012-09-01 20:21:07 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-09-01 20:21:07 -------- d-----w- C:\Program Files\Symantec
2012-09-01 20:21:07 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-09-01 20:20:34 737952 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys
2012-09-01 20:20:34 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\SymDS64.sys
2012-09-01 20:20:34 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symnets.sys
2012-09-01 20:20:34 37536 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys
2012-09-01 20:20:34 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\Ironx64.sys
2012-09-01 20:20:34 167072 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\ccSetx64.sys
2012-09-01 20:20:34 1129120 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\SymEFA64.sys
2012-09-01 20:20:25 -------- d-----w- C:\Windows\System32\drivers\N360x64\0603000.00E
2012-09-01 20:20:25 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-09-01 20:20:24 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-09-01 13:32:48 74872 ----a-r- C:\Windows\System32\drivers\sbapifs.sys
2012-08-31 03:23:15 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53A46B80-53C4-43B5-A2C2-FF48D10EC454}\mpengine.dll
2012-08-25 14:37:51 -------- d-----w- C:\Users\Fenya\AppData\Local\{6EF98E39-EEC2-11E1-8270-B8AC6F996F26}
2012-08-25 14:11:24 -------- d-----w- C:\Users\Fenya\AppData\Local\adaware
2012-08-25 14:11:01 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-08-25 14:04:24 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-08-25 13:45:16 -------- d-----w- C:\Users\Fenya\AppData\Roaming\Ad-Aware Antivirus
2012-08-10 22:40:52 -------- d-----w- C:\Users\Fenya\AppData\Local\{6BC01642-E33C-11E1-8270-B8AC6F996F26}
2012-08-05 21:41:49 -------- d-----w- C:\Users\Fenya\AppData\Local\Realtek
.
==================== Find3M ====================
.
.
============= FINISH: 16:22:00.76 ===============

#3 Helpless Lass

Helpless Lass
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:35 PM

Posted 02 September 2012 - 03:53 PM

The GMER just ended and did not give a report. It said it did not find any modifications?? Unfortunately, I clicked on it and it closed out. UGH! Should I re-run?

Edited by Helpless Lass, 02 September 2012 - 03:55 PM.


#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 04 September 2012 - 05:57 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, Helpless Lass

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 04 September 2012 - 05:58 AM

Please post ComboFix log located in C:\ComboFix.txt in your next reply.

Also please run the following scans

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 Helpless Lass

Helpless Lass
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:35 PM

Posted 04 September 2012 - 04:54 PM

Thank you, Conspire, for assisting me!

ComboFix 12-09-01.01 - Fenya 09/02/2012 14:16:17.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.615 [GMT -4:00]
Running from: c:\users\Fenya\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fenya\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Fenya\AppData\Roaming\adaware-installer-reboot-required.tmp
c:\users\Fenya\AppData\Roaming\mocdi.dll
c:\users\Savannah\Documents\~WRL1962.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 18:25 . 2012-09-02 18:25 -------- d-----w- c:\users\Savannah\AppData\Local\temp
2012-09-02 17:52 . 2012-09-02 17:52 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53A46B80-53C4-43B5-A2C2-FF48D10EC454}\offreg.dll
2012-09-01 20:21 . 2012-09-01 20:21 -------- d-----w- c:\program files\Symantec
2012-09-01 20:21 . 2012-09-01 20:21 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-09-01 20:21 . 2012-09-01 20:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-09-01 20:20 . 2012-09-01 20:20 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-09-01 20:20 . 2012-09-01 20:20 -------- d-----w- c:\program files (x86)\Norton 360
2012-09-01 13:32 . 2012-01-12 13:28 74872 ----a-r- c:\windows\system32\drivers\sbapifs.sys
2012-08-31 03:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53A46B80-53C4-43B5-A2C2-FF48D10EC454}\mpengine.dll
2012-08-25 14:37 . 2012-08-31 03:16 -------- d-----w- c:\users\Fenya\AppData\Local\{6EF98E39-EEC2-11E1-8270-B8AC6F996F26}
2012-08-25 14:11 . 2012-08-25 14:11 -------- d-----w- c:\users\Fenya\AppData\Local\adaware
2012-08-25 14:11 . 2012-08-25 14:34 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-08-25 14:04 . 2012-08-25 14:04 -------- d-----w- c:\programdata\Lavasoft
2012-08-25 14:04 . 2012-08-31 03:17 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-25 13:45 . 2012-08-25 14:29 -------- d-----w- c:\users\Fenya\AppData\Roaming\Ad-Aware Antivirus
2012-08-10 22:40 . 2012-08-25 14:34 -------- d-----w- c:\users\Fenya\AppData\Local\{6BC01642-E33C-11E1-8270-B8AC6F996F26}
2012-08-05 21:41 . 2012-08-10 21:56 -------- d-----w- c:\users\Fenya\AppData\Local\Realtek
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 07:09 . 2010-12-09 20:41 58957832 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"QuickTime Plugin Install"="c:\program files (x86)\QuickTime\Plugins\DeleteMe1.exe" [2012-04-16 86016]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-26 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2012-04-18 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-08-23 1161376]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120831.001\IDSvia64.sys [2012-08-31 512672]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0603000.00E\SYMNETS.SYS [2012-04-18 405624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-01-12 74872]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-02 138912]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 23:36]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 23:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333g&r=17360910m206p0415v1i5r4562s215
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333g&r=17360910m206p0415v1i5r4562s215
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Fenya\AppData\Roaming\Mozilla\Firefox\Profiles\qix1ar09.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2012-09-02 14:40:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 18:40
.
Pre-Run: 379,966,533,632 bytes free
Post-Run: 388,389,552,128 bytes free
.
- - End Of File - - 958207579C1B5EB35BDA83CD9A693B32

#7 Helpless Lass

Helpless Lass
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:35 PM

Posted 04 September 2012 - 04:58 PM

Trust me when I say I will not attempt any fix by myself! My neighbor was helping me previously this weekend.

I'm having trouble attaching the MBR zip file. I found it, but can't do anything with it (can't open, cut/paste, copy/paste).


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-04 17:56:02
-----------------------------
17:56:03.010 OS Version: Windows x64 6.1.7600
17:56:03.010 Number of processors: 1 586 0x7F02
17:56:03.011 ComputerName: DESKTOP UserName: Fenya
17:56:05.805 Initialize success
17:56:33.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
17:56:33.146 Disk 0 Vendor: ST350041 CC44 Size: 476940MB BusType: 3
17:56:33.208 Disk 0 MBR read successfully
17:56:33.212 Disk 0 MBR scan
17:56:33.215 Disk 0 unknown MBR code
17:56:33.229 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
17:56:33.241 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
17:56:33.251 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464550 MB offset 25372672
17:56:33.271 Disk 0 scanning C:\Windows\system32\drivers
17:56:37.626 Service scanning
17:56:52.995 Modules scanning
17:56:53.018 Disk 0 trace - called modules:
17:56:53.050 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
17:56:53.056 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80022b0060]
17:56:53.415 3 CLASSPNP.SYS[fffff88001acd43f] -> nt!IofCallDriver -> [0xfffffa80015c42b0]
17:56:53.435 5 ACPI.sys[fffff88000e17781] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8001f6f9c0]
17:56:53.454 Scan finished successfully
17:57:04.127 Disk 0 MBR has been saved successfully to "C:\Users\Fenya\Documents\MBR.dat"
17:57:04.136 The log file has been saved successfully to "C:\Users\Fenya\Documents\aswMBR.txt"

Edited by Helpless Lass, 04 September 2012 - 06:41 PM.


#8 Helpless Lass

Helpless Lass
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:35 PM

Posted 04 September 2012 - 05:02 PM

(Edit) I couldn't find it at first, but here is the TDSS log:


17:59:18.0626 7124 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:59:19.0305 7124 ============================================================
17:59:19.0305 7124 Current date / time: 2012/09/04 17:59:19.0305
17:59:19.0305 7124 SystemInfo:
17:59:19.0305 7124
17:59:19.0305 7124 OS Version: 6.1.7600 ServicePack: 0.0
17:59:19.0305 7124 Product type: Workstation
17:59:19.0305 7124 ComputerName: DESKTOP
17:59:19.0306 7124 UserName: Fenya
17:59:19.0306 7124 Windows directory: C:\Windows
17:59:19.0306 7124 System windows directory: C:\Windows
17:59:19.0306 7124 Running under WOW64
17:59:19.0306 7124 Processor architecture: Intel x64
17:59:19.0306 7124 Number of processors: 1
17:59:19.0306 7124 Page size: 0x1000
17:59:19.0306 7124 Boot type: Normal boot
17:59:19.0306 7124 ============================================================
17:59:21.0036 7124 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:21.0058 7124 ============================================================
17:59:21.0058 7124 \Device\Harddisk0\DR0:
17:59:21.0059 7124 MBR partitions:
17:59:21.0059 7124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
17:59:21.0059 7124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x38B53000
17:59:21.0059 7124 ============================================================
17:59:21.0095 7124 C: <-> \Device\Harddisk0\DR0\Partition2
17:59:21.0095 7124 ============================================================
17:59:21.0095 7124 Initialize success
17:59:21.0095 7124 ============================================================
17:59:23.0405 4160 ============================================================
17:59:23.0405 4160 Scan started
17:59:23.0405 4160 Mode: Manual;
17:59:23.0405 4160 ============================================================
17:59:24.0103 4160 ================ Scan system memory ========================
17:59:24.0103 4160 System memory - ok
17:59:24.0110 4160 ================ Scan services =============================
17:59:24.0343 4160 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:59:24.0353 4160 1394ohci - ok
17:59:24.0501 4160 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:59:24.0515 4160 ACDaemon - ok
17:59:24.0578 4160 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:59:24.0582 4160 ACPI - ok
17:59:24.0616 4160 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:59:24.0617 4160 AcpiPmi - ok
17:59:24.0700 4160 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:59:24.0702 4160 AdobeARMservice - ok
17:59:24.0802 4160 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:59:24.0806 4160 AdobeFlashPlayerUpdateSvc - ok
17:59:24.0865 4160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:59:24.0871 4160 adp94xx - ok
17:59:24.0903 4160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:59:24.0909 4160 adpahci - ok
17:59:24.0922 4160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:59:24.0926 4160 adpu320 - ok
17:59:24.0957 4160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:59:24.0959 4160 AeLookupSvc - ok
17:59:25.0012 4160 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
17:59:25.0018 4160 AFD - ok
17:59:25.0105 4160 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
17:59:25.0113 4160 AffinegyService - ok
17:59:25.0175 4160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:59:25.0177 4160 agp440 - ok
17:59:25.0282 4160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:59:25.0285 4160 ALG - ok
17:59:25.0412 4160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:59:25.0413 4160 aliide - ok
17:59:25.0428 4160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:59:25.0429 4160 amdide - ok
17:59:25.0476 4160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:59:25.0478 4160 AmdK8 - ok
17:59:25.0510 4160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:59:25.0511 4160 AmdPPM - ok
17:59:25.0539 4160 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:59:25.0543 4160 amdsata - ok
17:59:25.0571 4160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:59:25.0574 4160 amdsbs - ok
17:59:25.0602 4160 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:59:25.0604 4160 amdxata - ok
17:59:25.0628 4160 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
17:59:25.0629 4160 AppID - ok
17:59:25.0645 4160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:59:25.0647 4160 AppIDSvc - ok
17:59:25.0678 4160 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
17:59:25.0680 4160 Appinfo - ok
17:59:25.0755 4160 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:59:25.0757 4160 Apple Mobile Device - ok
17:59:25.0788 4160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:59:25.0791 4160 arc - ok
17:59:25.0802 4160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:59:25.0803 4160 arcsas - ok
17:59:25.0841 4160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:59:25.0843 4160 AsyncMac - ok
17:59:25.0871 4160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:59:25.0874 4160 atapi - ok
17:59:25.0932 4160 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:59:25.0940 4160 AudioEndpointBuilder - ok
17:59:25.0959 4160 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:59:25.0963 4160 AudioSrv - ok
17:59:25.0992 4160 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:59:25.0995 4160 AxInstSV - ok
17:59:26.0071 4160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:59:26.0086 4160 b06bdrv - ok
17:59:26.0160 4160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:59:26.0166 4160 b57nd60a - ok
17:59:26.0206 4160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:59:26.0209 4160 BDESVC - ok
17:59:26.0235 4160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:59:26.0236 4160 Beep - ok
17:59:26.0263 4160 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
17:59:26.0271 4160 BFE - ok
17:59:26.0442 4160 [ C8AB71A5102D0FC103F6DFC750005137 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120823.007\BHDrvx64.sys
17:59:26.0469 4160 BHDrvx64 - ok
17:59:26.0512 4160 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
17:59:26.0531 4160 BITS - ok
17:59:26.0560 4160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:59:26.0561 4160 blbdrive - ok
17:59:26.0648 4160 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:59:26.0660 4160 Bonjour Service - ok
17:59:26.0713 4160 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:59:26.0717 4160 bowser - ok
17:59:26.0758 4160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:59:26.0760 4160 BrFiltLo - ok
17:59:26.0784 4160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:59:26.0785 4160 BrFiltUp - ok
17:59:26.0825 4160 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:59:26.0828 4160 BridgeMP - ok
17:59:26.0867 4160 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
17:59:26.0870 4160 Browser - ok
17:59:26.0884 4160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:59:26.0888 4160 Brserid - ok
17:59:26.0901 4160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:59:26.0902 4160 BrSerWdm - ok
17:59:26.0914 4160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:59:26.0915 4160 BrUsbMdm - ok
17:59:26.0927 4160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:59:26.0927 4160 BrUsbSer - ok
17:59:26.0938 4160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:59:26.0939 4160 BTHMODEM - ok
17:59:26.0984 4160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:59:26.0986 4160 bthserv - ok
17:59:27.0009 4160 catchme - ok
17:59:27.0062 4160 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys
17:59:27.0065 4160 ccSet_N360 - ok
17:59:27.0086 4160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:59:27.0088 4160 cdfs - ok
17:59:27.0110 4160 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:59:27.0112 4160 cdrom - ok
17:59:27.0135 4160 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
17:59:27.0137 4160 CertPropSvc - ok
17:59:27.0181 4160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:59:27.0201 4160 circlass - ok
17:59:27.0229 4160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:59:27.0234 4160 CLFS - ok
17:59:27.0322 4160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:59:27.0324 4160 clr_optimization_v2.0.50727_32 - ok
17:59:27.0366 4160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:59:27.0369 4160 clr_optimization_v2.0.50727_64 - ok
17:59:27.0442 4160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:59:27.0447 4160 clr_optimization_v4.0.30319_32 - ok
17:59:27.0496 4160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:59:27.0501 4160 clr_optimization_v4.0.30319_64 - ok
17:59:27.0556 4160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:59:27.0557 4160 CmBatt - ok
17:59:27.0567 4160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:59:27.0568 4160 cmdide - ok
17:59:27.0597 4160 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
17:59:27.0603 4160 CNG - ok
17:59:27.0627 4160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:59:27.0629 4160 Compbatt - ok
17:59:27.0668 4160 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:59:27.0669 4160 CompositeBus - ok
17:59:27.0685 4160 COMSysApp - ok
17:59:27.0698 4160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:59:27.0699 4160 crcdisk - ok
17:59:27.0756 4160 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:59:27.0759 4160 CryptSvc - ok
17:59:27.0803 4160 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:59:27.0810 4160 DcomLaunch - ok
17:59:27.0848 4160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:59:27.0852 4160 defragsvc - ok
17:59:27.0887 4160 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:59:27.0889 4160 DfsC - ok
17:59:27.0927 4160 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
17:59:27.0931 4160 Dhcp - ok
17:59:27.0963 4160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:59:27.0965 4160 discache - ok
17:59:28.0003 4160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:59:28.0005 4160 Disk - ok
17:59:28.0042 4160 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:59:28.0045 4160 Dnscache - ok
17:59:28.0074 4160 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
17:59:28.0079 4160 dot3svc - ok
17:59:28.0132 4160 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:59:28.0135 4160 Dot4 - ok
17:59:28.0166 4160 [ 85135AD27E79B689335C08167D917CDE ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:59:28.0168 4160 Dot4Print - ok
17:59:28.0198 4160 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:59:28.0199 4160 dot4usb - ok
17:59:28.0221 4160 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
17:59:28.0226 4160 DPS - ok
17:59:28.0256 4160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:59:28.0257 4160 drmkaud - ok
17:59:28.0301 4160 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:59:28.0314 4160 DXGKrnl - ok
17:59:28.0342 4160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:59:28.0349 4160 EapHost - ok
17:59:28.0456 4160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:59:28.0546 4160 ebdrv - ok
17:59:28.0651 4160 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:59:28.0658 4160 eeCtrl - ok
17:59:28.0697 4160 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
17:59:28.0699 4160 EFS - ok
17:59:28.0753 4160 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:59:28.0761 4160 ehRecvr - ok
17:59:28.0790 4160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:59:28.0793 4160 ehSched - ok
17:59:28.0841 4160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:59:28.0847 4160 elxstor - ok
17:59:28.0893 4160 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:59:28.0896 4160 EraserUtilRebootDrv - ok
17:59:28.0915 4160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:59:28.0916 4160 ErrDev - ok
17:59:28.0970 4160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:59:28.0976 4160 EventSystem - ok
17:59:29.0006 4160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:59:29.0009 4160 exfat - ok
17:59:29.0027 4160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:59:29.0030 4160 fastfat - ok
17:59:29.0065 4160 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
17:59:29.0075 4160 Fax - ok
17:59:29.0100 4160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:59:29.0102 4160 fdc - ok
17:59:29.0132 4160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:59:29.0134 4160 fdPHost - ok
17:59:29.0147 4160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:59:29.0148 4160 FDResPub - ok
17:59:29.0175 4160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:59:29.0177 4160 FileInfo - ok
17:59:29.0193 4160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:59:29.0194 4160 Filetrace - ok
17:59:29.0204 4160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:59:29.0206 4160 flpydisk - ok
17:59:29.0243 4160 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:59:29.0247 4160 FltMgr - ok
17:59:29.0314 4160 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
17:59:29.0339 4160 FontCache - ok
17:59:29.0376 4160 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:59:29.0378 4160 FontCache3.0.0.0 - ok
17:59:29.0458 4160 [ A9FF65EA14E4CABFCC1BB8ECE111A249 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
17:59:29.0466 4160 ForceWare Intelligent Application Manager (IAM) - ok
17:59:29.0494 4160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:59:29.0496 4160 FsDepends - ok
17:59:29.0527 4160 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:59:29.0545 4160 Fs_Rec - ok
17:59:29.0588 4160 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:59:29.0592 4160 fvevol - ok
17:59:29.0625 4160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:59:29.0627 4160 gagp30kx - ok
17:59:29.0704 4160 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
17:59:29.0713 4160 GameConsoleService - ok
17:59:29.0804 4160 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:59:29.0806 4160 GEARAspiWDM - ok
17:59:29.0865 4160 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
17:59:29.0876 4160 gpsvc - ok
17:59:29.0955 4160 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
17:59:29.0983 4160 Greg_Service - ok
17:59:30.0058 4160 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:59:30.0060 4160 gupdate - ok
17:59:30.0077 4160 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:59:30.0078 4160 gupdatem - ok
17:59:30.0100 4160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:59:30.0101 4160 hcw85cir - ok
17:59:30.0148 4160 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:59:30.0153 4160 HdAudAddService - ok
17:59:30.0178 4160 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:59:30.0180 4160 HDAudBus - ok
17:59:30.0193 4160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:59:30.0194 4160 HidBatt - ok
17:59:30.0205 4160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:59:30.0207 4160 HidBth - ok
17:59:30.0231 4160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:59:30.0232 4160 HidIr - ok
17:59:30.0259 4160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:59:30.0261 4160 hidserv - ok
17:59:30.0285 4160 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:59:30.0286 4160 HidUsb - ok
17:59:30.0311 4160 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:59:30.0314 4160 hkmsvc - ok
17:59:30.0339 4160 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:59:30.0344 4160 HomeGroupListener - ok
17:59:30.0378 4160 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:59:30.0383 4160 HomeGroupProvider - ok
17:59:30.0545 4160 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:59:30.0552 4160 hpqcxs08 - ok
17:59:30.0589 4160 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:59:30.0593 4160 hpqddsvc - ok
17:59:30.0635 4160 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:59:30.0636 4160 HpSAMD - ok
17:59:30.0773 4160 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:59:30.0791 4160 HPSLPSVC - ok
17:59:30.0830 4160 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:59:30.0837 4160 HTTP - ok
17:59:30.0868 4160 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:59:30.0868 4160 hwpolicy - ok
17:59:30.0893 4160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:59:30.0894 4160 i8042prt - ok
17:59:30.0932 4160 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:59:30.0937 4160 iaStorV - ok
17:59:31.0063 4160 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:59:31.0074 4160 idsvc - ok
17:59:31.0233 4160 [ 82AB40147567DE48C405AFE570A2266F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120831.001\IDSvia64.sys
17:59:31.0248 4160 IDSVia64 - ok
17:59:31.0297 4160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:59:31.0299 4160 iirsp - ok
17:59:31.0403 4160 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
17:59:31.0421 4160 IKEEXT - ok
17:59:31.0659 4160 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:59:31.0695 4160 IntcAzAudAddService - ok
17:59:31.0739 4160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:59:31.0740 4160 intelide - ok
17:59:31.0766 4160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:59:31.0768 4160 intelppm - ok
17:59:31.0795 4160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:59:31.0798 4160 IPBusEnum - ok
17:59:31.0824 4160 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:59:31.0827 4160 IpFilterDriver - ok
17:59:31.0856 4160 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:59:31.0864 4160 iphlpsvc - ok
17:59:31.0890 4160 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:59:31.0893 4160 IPMIDRV - ok
17:59:31.0923 4160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:59:31.0925 4160 IPNAT - ok
17:59:32.0004 4160 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:59:32.0014 4160 iPod Service - ok
17:59:32.0048 4160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:59:32.0049 4160 IRENUM - ok
17:59:32.0062 4160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:59:32.0063 4160 isapnp - ok
17:59:32.0095 4160 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:59:32.0098 4160 iScsiPrt - ok
17:59:32.0133 4160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:59:32.0134 4160 kbdclass - ok
17:59:32.0158 4160 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:59:32.0161 4160 kbdhid - ok
17:59:32.0177 4160 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
17:59:32.0179 4160 KeyIso - ok
17:59:32.0203 4160 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:59:32.0205 4160 KSecDD - ok
17:59:32.0249 4160 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:59:32.0253 4160 KSecPkg - ok
17:59:32.0277 4160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:59:32.0279 4160 ksthunk - ok
17:59:32.0317 4160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:59:32.0323 4160 KtmRm - ok
17:59:32.0361 4160 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:59:32.0365 4160 LanmanServer - ok
17:59:32.0391 4160 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:59:32.0399 4160 LanmanWorkstation - ok
17:59:32.0440 4160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:59:32.0441 4160 lltdio - ok
17:59:32.0470 4160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:59:32.0477 4160 lltdsvc - ok
17:59:32.0499 4160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:59:32.0501 4160 lmhosts - ok
17:59:32.0544 4160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:59:32.0546 4160 LSI_FC - ok
17:59:32.0558 4160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:59:32.0561 4160 LSI_SAS - ok
17:59:32.0579 4160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:59:32.0580 4160 LSI_SAS2 - ok
17:59:32.0612 4160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:59:32.0614 4160 LSI_SCSI - ok
17:59:32.0643 4160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:59:32.0645 4160 luafv - ok
17:59:32.0677 4160 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:59:32.0687 4160 Mcx2Svc - ok
17:59:32.0699 4160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:59:32.0701 4160 megasas - ok
17:59:32.0716 4160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:59:32.0720 4160 MegaSR - ok
17:59:32.0760 4160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:59:32.0762 4160 MMCSS - ok
17:59:32.0781 4160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:59:32.0782 4160 Modem - ok
17:59:32.0804 4160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:59:32.0805 4160 monitor - ok
17:59:32.0819 4160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:59:32.0821 4160 mouclass - ok
17:59:32.0837 4160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:59:32.0838 4160 mouhid - ok
17:59:32.0882 4160 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:59:32.0884 4160 mountmgr - ok
17:59:32.0951 4160 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:59:32.0952 4160 MozillaMaintenance - ok
17:59:32.0966 4160 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:59:32.0969 4160 mpio - ok
17:59:32.0986 4160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:59:32.0987 4160 mpsdrv - ok
17:59:33.0094 4160 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:59:33.0115 4160 MpsSvc - ok
17:59:33.0156 4160 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:59:33.0158 4160 MRxDAV - ok
17:59:33.0187 4160 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:59:33.0189 4160 mrxsmb - ok
17:59:33.0229 4160 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:59:33.0233 4160 mrxsmb10 - ok
17:59:33.0255 4160 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:59:33.0257 4160 mrxsmb20 - ok
17:59:33.0290 4160 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:59:33.0292 4160 msahci - ok
17:59:33.0309 4160 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:59:33.0313 4160 msdsm - ok
17:59:33.0352 4160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:59:33.0356 4160 MSDTC - ok
17:59:33.0402 4160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:59:33.0403 4160 Msfs - ok
17:59:33.0427 4160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:59:33.0429 4160 mshidkmdf - ok
17:59:33.0450 4160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:59:33.0452 4160 msisadrv - ok
17:59:33.0486 4160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:59:33.0490 4160 MSiSCSI - ok
17:59:33.0501 4160 msiserver - ok
17:59:33.0528 4160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:59:33.0529 4160 MSKSSRV - ok
17:59:33.0546 4160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:59:33.0547 4160 MSPCLOCK - ok
17:59:33.0557 4160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:59:33.0558 4160 MSPQM - ok
17:59:33.0587 4160 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:59:33.0591 4160 MsRPC - ok
17:59:33.0617 4160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:59:33.0618 4160 mssmbios - ok
17:59:33.0639 4160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:59:33.0640 4160 MSTEE - ok
17:59:33.0676 4160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:59:33.0681 4160 MTConfig - ok
17:59:33.0704 4160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:59:33.0705 4160 Mup - ok
17:59:33.0775 4160 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
17:59:33.0777 4160 N360 - ok
17:59:33.0841 4160 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
17:59:33.0858 4160 napagent - ok
17:59:33.0945 4160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:59:33.0950 4160 NativeWifiP - ok
17:59:34.0006 4160 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120904.002\ENG64.SYS
17:59:34.0009 4160 NAVENG - ok
17:59:34.0263 4160 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120904.002\EX64.SYS
17:59:34.0315 4160 NAVEX15 - ok
17:59:34.0410 4160 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:59:34.0432 4160 NDIS - ok
17:59:34.0457 4160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:59:34.0459 4160 NdisCap - ok
17:59:34.0483 4160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:59:34.0484 4160 NdisTapi - ok
17:59:34.0505 4160 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:59:34.0507 4160 Ndisuio - ok
17:59:34.0533 4160 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:59:34.0535 4160 NdisWan - ok
17:59:34.0557 4160 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:59:34.0572 4160 NDProxy - ok
17:59:34.0680 4160 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:59:34.0702 4160 Nero BackItUp Scheduler 4.0 - ok
17:59:34.0765 4160 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:59:34.0768 4160 Net Driver HPZ12 - ok
17:59:34.0795 4160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:59:34.0797 4160 NetBIOS - ok
17:59:34.0829 4160 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:59:34.0833 4160 NetBT - ok
17:59:34.0849 4160 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
17:59:34.0851 4160 Netlogon - ok
17:59:34.0895 4160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:59:34.0901 4160 Netman - ok
17:59:35.0011 4160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:59:35.0018 4160 netprofm - ok
17:59:35.0088 4160 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:59:35.0090 4160 NetTcpPortSharing - ok
17:59:35.0125 4160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:59:35.0127 4160 nfrd960 - ok
17:59:35.0172 4160 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:59:35.0176 4160 NlaSvc - ok
17:59:35.0203 4160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:59:35.0205 4160 Npfs - ok
17:59:35.0220 4160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:59:35.0225 4160 nsi - ok
17:59:35.0242 4160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:59:35.0246 4160 nsiproxy - ok
17:59:35.0279 4160 [ C04F5DEF37E55F6A34428B050F44D3D6 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
17:59:35.0282 4160 nSvcIp - ok
17:59:35.0491 4160 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:59:35.0524 4160 Ntfs - ok
17:59:35.0572 4160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:59:35.0585 4160 Null - ok
17:59:35.0631 4160 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
17:59:35.0637 4160 NVENETFD - ok
17:59:36.0407 4160 [ D7A2CD1D76E6CC996A0852D566AF2F73 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:59:36.0592 4160 nvlddmkm - ok
17:59:36.0633 4160 [ 956A1F47826514C1EA0C295FE13C7377 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
17:59:36.0637 4160 NVNET - ok
17:59:36.0676 4160 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:59:36.0678 4160 nvraid - ok
17:59:36.0718 4160 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:59:36.0720 4160 nvstor - ok
17:59:36.0735 4160 [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
17:59:36.0737 4160 nvstor64 - ok
17:59:36.0802 4160 [ 59DD481E0063F8F7EA8B9F149FCACF32 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:59:36.0807 4160 nvsvc - ok
17:59:36.0842 4160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:59:36.0849 4160 nv_agp - ok
17:59:36.0924 4160 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:59:36.0935 4160 odserv - ok
17:59:36.0979 4160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:59:36.0983 4160 ohci1394 - ok
17:59:37.0074 4160 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:59:37.0078 4160 ose - ok
17:59:37.0121 4160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:59:37.0127 4160 p2pimsvc - ok
17:59:37.0149 4160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:59:37.0155 4160 p2psvc - ok
17:59:37.0169 4160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:59:37.0170 4160 Parport - ok
17:59:37.0200 4160 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:59:37.0202 4160 partmgr - ok
17:59:37.0220 4160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:59:37.0224 4160 PcaSvc - ok
17:59:37.0260 4160 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
17:59:37.0263 4160 pci - ok
17:59:37.0283 4160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:59:37.0284 4160 pciide - ok
17:59:37.0309 4160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:59:37.0314 4160 pcmcia - ok
17:59:37.0331 4160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:59:37.0333 4160 pcw - ok
17:59:37.0359 4160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:59:37.0366 4160 PEAUTH - ok
17:59:37.0450 4160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:59:37.0452 4160 PerfHost - ok
17:59:37.0518 4160 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
17:59:37.0548 4160 pla - ok
17:59:37.0596 4160 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:59:37.0603 4160 PlugPlay - ok
17:59:37.0643 4160 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:59:37.0647 4160 Pml Driver HPZ12 - ok
17:59:37.0670 4160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:59:37.0673 4160 PNRPAutoReg - ok
17:59:37.0697 4160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:59:37.0700 4160 PNRPsvc - ok
17:59:37.0739 4160 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:59:37.0746 4160 PolicyAgent - ok
17:59:37.0806 4160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:59:37.0810 4160 Power - ok
17:59:37.0849 4160 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:59:37.0852 4160 PptpMiniport - ok
17:59:37.0889 4160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:59:37.0891 4160 Processor - ok
17:59:37.0939 4160 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
17:59:37.0943 4160 ProfSvc - ok
17:59:37.0963 4160 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:59:37.0965 4160 ProtectedStorage - ok
17:59:37.0984 4160 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:59:37.0987 4160 Psched - ok
17:59:38.0034 4160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:59:38.0061 4160 ql2300 - ok
17:59:38.0072 4160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:59:38.0075 4160 ql40xx - ok
17:59:38.0112 4160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:59:38.0116 4160 QWAVE - ok
17:59:38.0130 4160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:59:38.0132 4160 QWAVEdrv - ok
17:59:38.0151 4160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:59:38.0152 4160 RasAcd - ok
17:59:38.0175 4160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:59:38.0177 4160 RasAgileVpn - ok
17:59:38.0197 4160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:59:38.0201 4160 RasAuto - ok
17:59:38.0226 4160 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:59:38.0229 4160 Rasl2tp - ok
17:59:38.0256 4160 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
17:59:38.0264 4160 RasMan - ok
17:59:38.0280 4160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:59:38.0282 4160 RasPppoe - ok
17:59:38.0301 4160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:59:38.0303 4160 RasSstp - ok
17:59:38.0321 4160 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:59:38.0325 4160 rdbss - ok
17:59:38.0353 4160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:59:38.0354 4160 rdpbus - ok
17:59:38.0398 4160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:59:38.0399 4160 RDPCDD - ok
17:59:38.0438 4160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:59:38.0439 4160 RDPENCDD - ok
17:59:38.0463 4160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:59:38.0466 4160 RDPREFMP - ok
17:59:38.0516 4160 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:59:38.0518 4160 RDPWD - ok
17:59:38.0534 4160 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:59:38.0537 4160 rdyboost - ok
17:59:38.0570 4160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:59:38.0573 4160 RemoteAccess - ok
17:59:38.0602 4160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:59:38.0606 4160 RemoteRegistry - ok
17:59:38.0626 4160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:59:38.0631 4160 RpcEptMapper - ok
17:59:38.0650 4160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:59:38.0653 4160 RpcLocator - ok
17:59:38.0700 4160 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
17:59:38.0705 4160 RpcSs - ok
17:59:38.0737 4160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:59:38.0739 4160 rspndr - ok
17:59:38.0753 4160 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
17:59:38.0755 4160 SamSs - ok
17:59:38.0793 4160 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
17:59:38.0795 4160 sbapifs - ok
17:59:38.0820 4160 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:59:38.0822 4160 sbp2port - ok
17:59:38.0833 4160 SBRE - ok
17:59:38.0865 4160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:59:38.0869 4160 SCardSvr - ok
17:59:38.0889 4160 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:59:38.0890 4160 scfilter - ok
17:59:38.0939 4160 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
17:59:38.0966 4160 Schedule - ok
17:59:38.0989 4160 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:59:38.0990 4160 SCPolicySvc - ok
17:59:39.0015 4160 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:59:39.0019 4160 SDRSVC - ok
17:59:39.0036 4160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:59:39.0038 4160 secdrv - ok
17:59:39.0065 4160 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
17:59:39.0067 4160 seclogon - ok
17:59:39.0091 4160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:59:39.0093 4160 SENS - ok
17:59:39.0113 4160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:59:39.0116 4160 SensrSvc - ok
17:59:39.0153 4160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:59:39.0154 4160 Serenum - ok
17:59:39.0179 4160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:59:39.0182 4160 Serial - ok
17:59:39.0221 4160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:59:39.0228 4160 sermouse - ok
17:59:39.0265 4160 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
17:59:39.0276 4160 SessionEnv - ok
17:59:39.0287 4160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:59:39.0288 4160 sffdisk - ok
17:59:39.0313 4160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:59:39.0330 4160 sffp_mmc - ok
17:59:39.0343 4160 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:59:39.0344 4160 sffp_sd - ok
17:59:39.0357 4160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:59:39.0358 4160 sfloppy - ok
17:59:39.0383 4160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:59:39.0389 4160 SharedAccess - ok
17:59:39.0416 4160 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:59:39.0422 4160 ShellHWDetection - ok
17:59:39.0438 4160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:59:39.0439 4160 SiSRaid2 - ok
17:59:39.0452 4160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:59:39.0454 4160 SiSRaid4 - ok
17:59:39.0486 4160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:59:39.0488 4160 Smb - ok
17:59:39.0530 4160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:59:39.0541 4160 SNMPTRAP - ok
17:59:39.0567 4160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:59:39.0568 4160 spldr - ok
17:59:39.0612 4160 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
17:59:39.0620 4160 Spooler - ok
17:59:39.0703 4160 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
17:59:39.0766 4160 sppsvc - ok
17:59:39.0788 4160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:59:39.0798 4160 sppuinotify - ok
17:59:39.0856 4160 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSP64.SYS
17:59:39.0865 4160 SRTSP - ok
17:59:39.0881 4160 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS
17:59:39.0884 4160 SRTSPX - ok
17:59:39.0943 4160 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:59:39.0955 4160 srv - ok
17:59:40.0004 4160 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:59:40.0014 4160 srv2 - ok
17:59:40.0046 4160 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:59:40.0049 4160 srvnet - ok
17:59:40.0097 4160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:59:40.0101 4160 SSDPSRV - ok
17:59:40.0122 4160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:59:40.0125 4160 SstpSvc - ok
17:59:40.0162 4160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:59:40.0164 4160 stexstor - ok
17:59:40.0206 4160 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
17:59:40.0214 4160 stisvc - ok
17:59:40.0233 4160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:59:40.0234 4160 swenum - ok
17:59:40.0260 4160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:59:40.0268 4160 swprv - ok
17:59:40.0300 4160 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS
17:59:40.0306 4160 SymDS - ok
17:59:40.0354 4160 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS
17:59:40.0377 4160 SymEFA - ok
17:59:40.0402 4160 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:59:40.0405 4160 SymEvent - ok
17:59:40.0427 4160 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS
17:59:40.0431 4160 SymIRON - ok
17:59:40.0453 4160 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\system32\drivers\N360x64\0603000.00E\SYMNETS.SYS
17:59:40.0458 4160 SymNetS - ok
17:59:40.0520 4160 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
17:59:40.0552 4160 SysMain - ok
17:59:40.0578 4160 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:59:40.0582 4160 TabletInputService - ok
17:59:40.0608 4160 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
17:59:40.0615 4160 TapiSrv - ok
17:59:40.0639 4160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:59:40.0642 4160 TBS - ok
17:59:40.0704 4160 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:59:40.0741 4160 Tcpip - ok
17:59:40.0797 4160 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:59:40.0810 4160 TCPIP6 - ok
17:59:40.0844 4160 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:59:40.0846 4160 tcpipreg - ok
17:59:40.0886 4160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:59:40.0888 4160 TDPIPE - ok
17:59:40.0923 4160 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:59:40.0925 4160 TDTCP - ok
17:59:40.0956 4160 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:59:40.0959 4160 tdx - ok
17:59:40.0974 4160 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:59:40.0976 4160 TermDD - ok
17:59:41.0036 4160 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
17:59:41.0045 4160 TermService - ok
17:59:41.0076 4160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:59:41.0080 4160 Themes - ok
17:59:41.0108 4160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:59:41.0109 4160 THREADORDER - ok
17:59:41.0132 4160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:59:41.0135 4160 TrkWks - ok
17:59:41.0173 4160 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:59:41.0177 4160 TrustedInstaller - ok
17:59:41.0203 4160 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:59:41.0204 4160 tssecsrv - ok
17:59:41.0236 4160 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:59:41.0239 4160 tunnel - ok
17:59:41.0270 4160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:59:41.0272 4160 uagp35 - ok
17:59:41.0307 4160 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:59:41.0312 4160 udfs - ok
17:59:41.0342 4160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:59:41.0345 4160 UI0Detect - ok
17:59:41.0369 4160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:59:41.0371 4160 uliagpkx - ok
17:59:41.0400 4160 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:59:41.0401 4160 umbus - ok
17:59:41.0419 4160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:59:41.0420 4160 UmPass - ok
17:59:41.0489 4160 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
17:59:41.0493 4160 Updater Service - ok
17:59:41.0528 4160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:59:41.0534 4160 upnphost - ok
17:59:41.0555 4160 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:59:41.0556 4160 USBAAPL64 - ok
17:59:41.0592 4160 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:59:41.0594 4160 usbccgp - ok
17:59:41.0638 4160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:59:41.0641 4160 usbcir - ok
17:59:41.0668 4160 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:59:41.0670 4160 usbehci - ok
17:59:41.0693 4160 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:59:41.0698 4160 usbhub - ok
17:59:41.0711 4160 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:59:41.0712 4160 usbohci - ok
17:59:41.0741 4160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:59:41.0741 4160 usbprint - ok
17:59:41.0760 4160 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:59:41.0762 4160 usbscan - ok
17:59:41.0797 4160 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:59:41.0799 4160 USBSTOR - ok
17:59:41.0830 4160 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:59:41.0832 4160 usbuhci - ok
17:59:41.0857 4160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:59:41.0860 4160 UxSms - ok
17:59:41.0875 4160 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
17:59:41.0877 4160 VaultSvc - ok
17:59:41.0894 4160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:59:41.0895 4160 vdrvroot - ok
17:59:41.0928 4160 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
17:59:41.0936 4160 vds - ok
17:59:41.0964 4160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:59:41.0966 4160 vga - ok
17:59:41.0992 4160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:59:41.0994 4160 VgaSave - ok
17:59:42.0007 4160 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:59:42.0010 4160 vhdmp - ok
17:59:42.0027 4160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:59:42.0028 4160 viaide - ok
17:59:42.0054 4160 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:59:42.0056 4160 volmgr - ok
17:59:42.0083 4160 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:59:42.0088 4160 volmgrx - ok
17:59:42.0105 4160 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:59:42.0109 4160 volsnap - ok
17:59:42.0143 4160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:59:42.0146 4160 vsmraid - ok
17:59:42.0206 4160 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
17:59:42.0247 4160 VSS - ok
17:59:42.0275 4160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:59:42.0277 4160 vwifibus - ok
17:59:42.0306 4160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:59:42.0312 4160 W32Time - ok
17:59:42.0328 4160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:59:42.0331 4160 WacomPen - ok
17:59:42.0389 4160 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:59:42.0391 4160 WANARP - ok
17:59:42.0403 4160 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:59:42.0405 4160 Wanarpv6 - ok
17:59:42.0521 4160 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:59:42.0552 4160 WatAdminSvc - ok
17:59:42.0616 4160 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
17:59:42.0643 4160 wbengine - ok
17:59:42.0670 4160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:59:42.0674 4160 WbioSrvc - ok
17:59:42.0705 4160 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:59:42.0711 4160 wcncsvc - ok
17:59:42.0732 4160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:59:42.0735 4160 WcsPlugInService - ok
17:59:42.0759 4160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:59:42.0760 4160 Wd - ok
17:59:42.0826 4160 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:59:42.0835 4160 Wdf01000 - ok
17:59:42.0850 4160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:59:42.0854 4160 WdiServiceHost - ok
17:59:42.0866 4160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:59:42.0868 4160 WdiSystemHost - ok
17:59:42.0921 4160 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
17:59:42.0927 4160 WebClient - ok
17:59:42.0951 4160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:59:42.0957 4160 Wecsvc - ok
17:59:42.0983 4160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:59:42.0987 4160 wercplsupport - ok
17:59:43.0015 4160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:59:43.0018 4160 WerSvc - ok
17:59:43.0053 4160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:59:43.0055 4160 WfpLwf - ok
17:59:43.0071 4160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:59:43.0072 4160 WIMMount - ok
17:59:43.0106 4160 WinDefend - ok
17:59:43.0121 4160 WinHttpAutoProxySvc - ok
17:59:43.0187 4160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:59:43.0191 4160 Winmgmt - ok
17:59:43.0239 4160 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
17:59:43.0275 4160 WinRM - ok
17:59:43.0336 4160 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:59:43.0338 4160 WinUsb - ok
17:59:43.0376 4160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:59:43.0388 4160 Wlansvc - ok
17:59:43.0499 4160 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:59:43.0536 4160 wlidsvc - ok
17:59:43.0559 4160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:59:43.0560 4160 WmiAcpi - ok
17:59:43.0595 4160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:59:43.0599 4160 wmiApSrv - ok
17:59:43.0623 4160 WMPNetworkSvc - ok
17:59:43.0644 4160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:59:43.0648 4160 WPCSvc - ok
17:59:43.0670 4160 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:59:43.0674 4160 WPDBusEnum - ok
17:59:43.0713 4160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:59:43.0714 4160 ws2ifsl - ok
17:59:43.0746 4160 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
17:59:43.0750 4160 wscsvc - ok
17:59:43.0760 4160 WSearch - ok
17:59:43.0837 4160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:59:43.0883 4160 wuauserv - ok
17:59:43.0905 4160 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:59:43.0908 4160 WudfPf - ok
17:59:43.0939 4160 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:59:43.0942 4160 WUDFRd - ok
17:59:43.0967 4160 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:59:43.0970 4160 wudfsvc - ok
17:59:44.0003 4160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:59:44.0008 4160 WwanSvc - ok
17:59:44.0023 4160 ================ Scan global ===============================
17:59:44.0066 4160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:59:44.0100 4160 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:59:44.0116 4160 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:59:44.0148 4160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:59:44.0168 4160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:59:44.0173 4160 [Global] - ok
17:59:44.0177 4160 ================ Scan MBR ==================================
17:59:44.0196 4160 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
17:59:47.0084 4160 \Device\Harddisk0\DR0 - ok
17:59:47.0088 4160 ================ Scan VBR ==================================
17:59:47.0104 4160 [ 239A7DAB29314824D5900FE6B5C2829A ] \Device\Harddisk0\DR0\Partition1
17:59:47.0137 4160 \Device\Harddisk0\DR0\Partition1 - ok
17:59:47.0164 4160 [ CCE8EA853A7C3FCD7D4ADC1E9A38771A ] \Device\Harddisk0\DR0\Partition2
17:59:47.0187 4160 \Device\Harddisk0\DR0\Partition2 - ok
17:59:47.0191 4160 ============================================================
17:59:47.0191 4160 Scan finished
17:59:47.0191 4160 ============================================================
17:59:47.0209 7912 Detected object count: 0
17:59:47.0209 7912 Actual detected object count: 0
19:22:31.0281 7748 Deinitialize success

Edited by Helpless Lass, 04 September 2012 - 06:25 PM.


#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 04 September 2012 - 10:19 PM

Sorry for all the troubles you're going through. I can totally relate to how this feels.

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 Helpless Lass

Helpless Lass
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:35 PM

Posted 05 September 2012 - 05:45 PM

Thank you for sticking with me. Well, I was able to get Farbar Recovery on to the flash drive and install on the infected PC and did get a log, but I didn't have to go through all the steps listed for the tool to start, disclaimer to appear and to access the "scan' button. Here is the log (I noticed it has "attentions" - did it not run properly?):

Scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2012
Ran by Fenya at 05-09-2012 18:40:00
Running from I:\
(X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ======================

2012-09-05 18:20 - 2012-09-05 18:21 - 01453069 ____A (Farbar) C:\Users\Fenya\Downloads\FRST64.exe
2012-09-04 19:37 - 2012-09-04 19:37 - 01561792 ____A (W3i, LLC) C:\Users\Fenya\Downloads\FreeFileViewer2012Setup.exe
2012-09-04 19:37 - 2012-09-04 19:37 - 00000000 ____D C:\Users\Fenya\AppData\Roaming\Nero
2012-09-04 17:58 - 2012-09-04 17:58 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Fenya\Downloads\tdsskiller(1).exe
2012-09-04 17:57 - 2012-09-04 17:57 - 00001665 ____A C:\Users\Fenya\Documents\aswMBR.txt
2012-09-04 17:57 - 2012-09-04 17:57 - 00000512 ____A C:\Users\Fenya\Documents\MBR.dat
2012-09-04 17:55 - 2012-09-04 17:55 - 04731392 ____A (AVAST Software) C:\Users\Fenya\Downloads\aswMBR.exe
2012-09-04 17:47 - 2012-09-04 17:47 - 00001143 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-04 17:47 - 2012-09-04 17:47 - 00000000 ____D C:\Users\Fenya\AppData\Local\Macromedia
2012-09-04 17:47 - 2012-09-04 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-03 14:11 - 2012-09-05 18:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-03 14:11 - 2012-09-03 14:34 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-03 14:11 - 2012-09-03 14:11 - 00000000 ____D C:\Windows\System32\Macromed
2012-09-03 10:59 - 2012-09-03 10:59 - 00001456 ____A C:\Users\Liam\Desktop\Internet Explorer.lnk
2012-09-03 09:09 - 2012-09-03 09:09 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Fenya\Downloads\tdsskiller.exe
2012-09-03 08:50 - 2012-09-03 08:50 - 00000244 ____A C:\Users\Fenya\Downloads\defogger_enable.log
2012-09-02 16:26 - 2012-09-02 16:26 - 00000000 ____D C:\Users\Fenya\Downloads\gmer
2012-09-02 16:25 - 2012-09-02 16:25 - 00294216 ____A C:\Users\Fenya\Downloads\gmer.zip
2012-09-02 16:20 - 2012-09-02 16:20 - 00607260 ____A (Swearware) C:\Users\Fenya\Downloads\dds.com
2012-09-02 15:08 - 2012-09-02 15:08 - 00001804 ____A C:\AdwCleaner[S1].txt
2012-09-02 15:06 - 2012-09-02 15:06 - 00001131 ____A C:\AdwCleaner[R1].txt
2012-09-02 15:05 - 2012-09-02 15:05 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner(2).exe
2012-09-02 15:05 - 2012-09-02 15:05 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner(1).exe
2012-09-02 15:04 - 2012-09-02 15:04 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner.exe
2012-09-02 14:40 - 2012-09-02 14:40 - 00010400 ____A C:\ComboFix.txt
2012-09-02 14:12 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-02 14:12 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-02 14:12 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-02 14:12 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-02 14:12 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-02 14:12 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-02 14:12 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-02 14:12 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-02 14:11 - 2012-09-02 14:40 - 00000000 ____D C:\Qoobox
2012-09-02 14:11 - 2012-09-02 14:34 - 00000000 ____D C:\Windows\erdnt
2012-09-02 14:10 - 2012-09-02 14:10 - 04742930 ____R (Swearware) C:\Users\Fenya\Downloads\ComboFix.exe
2012-09-02 13:53 - 2012-09-02 13:54 - 00607260 ____R (Swearware) C:\Users\Fenya\Downloads\dds.scr
2012-09-02 13:47 - 2012-09-02 13:47 - 00854124 ____A C:\Users\Fenya\Downloads\SecurityCheck.exe
2012-09-02 13:47 - 2012-09-02 13:47 - 00000472 ____A C:\Users\Fenya\Downloads\defogger_disable.log
2012-09-02 13:45 - 2012-09-02 13:45 - 00050477 ____A C:\Users\Fenya\Downloads\Defogger.exe
2012-09-01 16:27 - 2012-09-01 16:27 - 00000000 ____D C:\Users\Fenya\Documents\Symantec
2012-09-01 16:21 - 2012-09-01 16:21 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-09-01 16:21 - 2012-09-01 16:21 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-09-01 16:21 - 2012-09-01 16:21 - 00000000 ____D C:\Program Files\Symantec
2012-09-01 16:21 - 2012-09-01 16:21 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-09-01 16:20 - 2012-09-01 16:20 - 00002395 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-09-01 16:20 - 2012-09-01 16:20 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-09-01 16:20 - 2012-09-01 16:20 - 00000000 ____D C:\Program Files (x86)\Norton 360
2012-09-01 16:18 - 2012-09-01 16:18 - 00829056 ____A (Symantec Corporation) C:\Users\Fenya\Downloads\N360Downloader.exe
2012-09-01 13:32 - 2012-09-01 13:32 - 00000016 ____A C:\Windows\System32\config\software.szfi
2012-09-01 09:45 - 2012-09-01 13:44 - 00004320 ____A C:\Windows\System32\Drivers\kgpcpy.cfg
2012-09-01 09:32 - 2012-09-01 09:32 - 00000120 ____A C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2012-09-01 09:32 - 2012-01-12 09:28 - 00074872 ___RA (GFI Software) C:\Windows\System32\Drivers\sbapifs.sys
2012-09-01 09:07 - 2012-09-01 09:07 - 00587640 ____A C:\Users\Fenya\Downloads\cbsidlm-tr1_6-Stopzilla-10104765.exe
2012-08-25 10:37 - 2012-08-30 23:16 - 00000000 ____D C:\Users\Fenya\AppData\Local\{6EF98E39-EEC2-11E1-8270-B8AC6F996F26}
2012-08-25 10:11 - 2012-08-25 10:34 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-08-25 10:11 - 2012-08-25 10:11 - 00000000 ____D C:\Users\Fenya\AppData\Local\adaware
2012-08-25 10:04 - 2012-08-30 23:17 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-08-25 10:04 - 2012-08-25 10:04 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-08-25 09:45 - 2012-08-25 10:29 - 00000000 ____D C:\Users\Fenya\AppData\Roaming\Ad-Aware Antivirus
2012-08-10 18:40 - 2012-08-25 10:34 - 00000000 ____D C:\Users\Fenya\AppData\Local\{6BC01642-E33C-11E1-8270-B8AC6F996F26}


==================== 3 Months Modified Files ================================

2012-09-05 18:34 - 2012-09-03 14:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-05 18:33 - 2009-07-14 01:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-05 18:30 - 2010-05-12 03:17 - 02057202 ____A C:\Windows\WindowsUpdate.log
2012-09-05 18:21 - 2012-09-05 18:20 - 01453069 ____A (Farbar) C:\Users\Fenya\Downloads\FRST64.exe
2012-09-05 18:18 - 2011-09-18 19:36 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-04 19:37 - 2012-09-04 19:37 - 01561792 ____A (W3i, LLC) C:\Users\Fenya\Downloads\FreeFileViewer2012Setup.exe
2012-09-04 19:13 - 2011-09-18 19:36 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-04 17:58 - 2012-09-04 17:58 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Fenya\Downloads\tdsskiller(1).exe
2012-09-04 17:57 - 2012-09-04 17:57 - 00001665 ____A C:\Users\Fenya\Documents\aswMBR.txt
2012-09-04 17:57 - 2012-09-04 17:57 - 00000512 ____A C:\Users\Fenya\Documents\MBR.dat
2012-09-04 17:55 - 2012-09-04 17:55 - 04731392 ____A (AVAST Software) C:\Users\Fenya\Downloads\aswMBR.exe
2012-09-04 17:47 - 2012-09-04 17:47 - 00001143 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-03 17:59 - 2009-07-14 00:51 - 00049681 ____A C:\Windows\setupact.log
2012-09-03 17:33 - 2009-07-14 00:45 - 00009920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-03 17:33 - 2009-07-14 00:45 - 00009920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-03 17:26 - 2011-11-12 13:30 - 00131072 _____ C:\Windows\System32\Ikeext.etl
2012-09-03 17:26 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-03 16:00 - 2009-11-20 16:15 - 00325702 ____A C:\Windows\PFRO.log
2012-09-03 14:34 - 2012-09-03 14:11 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-03 14:34 - 2011-09-18 19:39 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-03 10:59 - 2012-09-03 10:59 - 00001456 ____A C:\Users\Liam\Desktop\Internet Explorer.lnk
2012-09-03 09:09 - 2012-09-03 09:09 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Fenya\Downloads\tdsskiller.exe
2012-09-03 08:50 - 2012-09-03 08:50 - 00000244 ____A C:\Users\Fenya\Downloads\defogger_enable.log
2012-09-02 16:25 - 2012-09-02 16:25 - 00294216 ____A C:\Users\Fenya\Downloads\gmer.zip
2012-09-02 16:20 - 2012-09-02 16:20 - 00607260 ____A (Swearware) C:\Users\Fenya\Downloads\dds.com
2012-09-02 15:08 - 2012-09-02 15:08 - 00001804 ____A C:\AdwCleaner[S1].txt
2012-09-02 15:06 - 2012-09-02 15:06 - 00001131 ____A C:\AdwCleaner[R1].txt
2012-09-02 15:05 - 2012-09-02 15:05 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner(2).exe
2012-09-02 15:05 - 2012-09-02 15:05 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner(1).exe
2012-09-02 15:04 - 2012-09-02 15:04 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner.exe
2012-09-02 14:40 - 2012-09-02 14:40 - 00010400 ____A C:\ComboFix.txt
2012-09-02 14:30 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2012-09-02 14:10 - 2012-09-02 14:10 - 04742930 ____R (Swearware) C:\Users\Fenya\Downloads\ComboFix.exe
2012-09-02 13:54 - 2012-09-02 13:53 - 00607260 ____R (Swearware) C:\Users\Fenya\Downloads\dds.scr
2012-09-02 13:47 - 2012-09-02 13:47 - 00854124 ____A C:\Users\Fenya\Downloads\SecurityCheck.exe
2012-09-02 13:47 - 2012-09-02 13:47 - 00000472 ____A C:\Users\Fenya\Downloads\defogger_disable.log
2012-09-02 13:45 - 2012-09-02 13:45 - 00050477 ____A C:\Users\Fenya\Downloads\Defogger.exe
2012-09-01 16:21 - 2012-09-01 16:21 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-09-01 16:21 - 2012-09-01 16:21 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-09-01 16:20 - 2012-09-01 16:20 - 00002395 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-09-01 16:19 - 2012-06-18 08:10 - 00001305 ____A C:\Users\Fenya\Desktop\Norton Installation Files.lnk
2012-09-01 16:18 - 2012-09-01 16:18 - 00829056 ____A (Symantec Corporation) C:\Users\Fenya\Downloads\N360Downloader.exe
2012-09-01 13:44 - 2012-09-01 09:45 - 00004320 ____A C:\Windows\System32\Drivers\kgpcpy.cfg
2012-09-01 13:32 - 2012-09-01 13:32 - 00000016 ____A C:\Windows\System32\config\software.szfi
2012-09-01 09:32 - 2012-09-01 09:32 - 00000120 ____A C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2012-09-01 09:07 - 2012-09-01 09:07 - 00587640 ____A C:\Users\Fenya\Downloads\cbsidlm-tr1_6-Stopzilla-10104765.exe
2012-06-17 15:49 - 2012-06-17 15:49 - 00002221 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-06-17 15:48 - 2012-06-17 15:48 - 00739816 ____A (Google Inc.) C:\Users\Fenya\Downloads\GoogleEarthSetup.exe
2012-06-17 03:34 - 2009-07-14 00:45 - 00426200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-17 03:09 - 2010-12-09 16:41 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-16 11:32 - 2012-06-16 11:32 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Fenya\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-16 09:36 - 2012-06-16 09:36 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Fenya\Downloads\unhide.exe
2012-06-14 18:23 - 2012-06-14 18:20 - 00000480 ____A C:\Users\All Users\H4mm8lDIyk9fiw
2012-06-14 18:20 - 2012-06-14 18:20 - 00000152 ____A C:\Users\All Users\-H4mm8lDIyk9fiwr
2012-06-14 18:20 - 2012-06-14 18:20 - 00000000 ____A C:\Users\All Users\-H4mm8lDIyk9fiw


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2012-08-30 22:30:29
Restore point made on: 2012-08-30 22:49:37
Restore point made on: 2012-09-01 09:22:46
Restore point made on: 2012-09-01 09:44:51
Restore point made on: 2012-09-01 15:44:00

==================== Memory info ===========================

Percentage of memory in use: 72%
Total physical RAM: 1790.49 MB
Available physical RAM: 495.51 MB
Total Pagefile: 3580.98 MB
Available Pagefile: 1425.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions ============================

1 Drive c: (eMachines) (Fixed) (Total:453.66 GB) (Free:360.84 GB) NTFS
5 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive i: () (Removable) (Total:1.9 GB) (Free:1.75 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 1952 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 100 MB 12 GB
Partition 3 Primary 453 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C eMachines NTFS Partition 453 GB Healthy Boot

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1950 MB 122 KB

==================================================================================

Disk: 3
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 I FAT Removable 1950 MB Healthy

==================================================================================

Last Boot: 2012-08-27 06:01

==================== End Of Log =============================

#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 06 September 2012 - 03:59 AM

This tool is designed to run in Recovery Mode. It appears that you're running it from normal mode. Follow these steps to enter Recovery Mode.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 Helpless Lass

Helpless Lass
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:35 PM

Posted 06 September 2012 - 07:00 PM

Hello! Here are the results:

Scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2012
Ran by SYSTEM at 06-09-2012 19:48:23
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-14] (NVIDIA Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1770400 2011-02-24] (Affinegy, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe [86016 2012-04-16] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-21] ()
HKU\Fenya\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin [686792 2012-09-03] (Adobe Systems Incorporated)
HKU\Fenya\...\Policies\system: [LogonHoursAction] 2
HKU\Fenya\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Liam\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Liam\...\Policies\system: [LogonHoursAction] 2
HKU\Liam\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Savannah\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Savannah\...\Policies\system: [LogonHoursAction] 2
HKU\Savannah\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services ====================

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [566688 2011-02-24] (Affinegy, Inc.)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
3 GameConsoleService; "C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe" [246520 2010-09-30] (WildTangent, Inc.)
2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)

==================== Drivers =================================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [1161376 2012-08-22] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-01] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-09-01] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120906.002\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120905.025\ENG64.SYS [125600 2012-09-06] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120905.025\EX64.SYS [2084000 2012-09-06] (Symantec Corporation)
3 SRTSP; C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0603000.00E\SYMDS64.SYS [451192 2012-04-17] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-09-01] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
1 SymNetS; C:\Windows\system32\drivers\N360x64\0603000.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-05 14:33 - 2012-09-05 14:40 - 00000000 ____D C:\FRST
2012-09-05 14:20 - 2012-09-05 14:21 - 01453069 ____A (Farbar) C:\Users\Fenya\Downloads\FRST64.exe
2012-09-04 15:37 - 2012-09-04 15:37 - 01561792 ____A (W3i, LLC) C:\Users\Fenya\Downloads\FreeFileViewer2012Setup.exe
2012-09-04 15:37 - 2012-09-04 15:37 - 00000000 ____D C:\Users\Fenya\AppData\Roaming\Nero
2012-09-04 13:58 - 2012-09-04 13:58 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Fenya\Downloads\tdsskiller(1).exe
2012-09-04 13:57 - 2012-09-04 13:57 - 00001665 ____A C:\Users\Fenya\Documents\aswMBR.txt
2012-09-04 13:57 - 2012-09-04 13:57 - 00000512 ____A C:\Users\Fenya\Documents\MBR.dat
2012-09-04 13:55 - 2012-09-04 13:55 - 04731392 ____A (AVAST Software) C:\Users\Fenya\Downloads\aswMBR.exe
2012-09-04 13:47 - 2012-09-04 13:47 - 00001143 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-04 13:47 - 2012-09-04 13:47 - 00000000 ____D C:\Users\Fenya\AppData\Local\Macromedia
2012-09-04 13:47 - 2012-09-04 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-03 10:11 - 2012-09-06 15:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-03 10:11 - 2012-09-03 10:34 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-03 10:11 - 2012-09-03 10:11 - 00000000 ____D C:\Windows\System32\Macromed
2012-09-03 06:59 - 2012-09-03 06:59 - 00001456 ____A C:\Users\Liam\Desktop\Internet Explorer.lnk
2012-09-03 05:09 - 2012-09-03 05:09 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Fenya\Downloads\tdsskiller.exe
2012-09-03 04:50 - 2012-09-03 04:50 - 00000244 ____A C:\Users\Fenya\Downloads\defogger_enable.log
2012-09-02 12:26 - 2012-09-02 12:26 - 00000000 ____D C:\Users\Fenya\Downloads\gmer
2012-09-02 12:25 - 2012-09-02 12:25 - 00294216 ____A C:\Users\Fenya\Downloads\gmer.zip
2012-09-02 12:20 - 2012-09-02 12:20 - 00607260 ____A (Swearware) C:\Users\Fenya\Downloads\dds.com
2012-09-02 11:08 - 2012-09-02 11:08 - 00001804 ____A C:\AdwCleaner[S1].txt
2012-09-02 11:06 - 2012-09-02 11:06 - 00001131 ____A C:\AdwCleaner[R1].txt
2012-09-02 11:05 - 2012-09-02 11:05 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner(2).exe
2012-09-02 11:05 - 2012-09-02 11:05 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner(1).exe
2012-09-02 11:04 - 2012-09-02 11:04 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner.exe
2012-09-02 10:40 - 2012-09-02 10:40 - 00010400 ____A C:\ComboFix.txt
2012-09-02 10:12 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-02 10:12 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-02 10:12 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-02 10:12 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-02 10:12 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-02 10:12 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-02 10:12 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-02 10:12 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-02 10:11 - 2012-09-02 10:40 - 00000000 ____D C:\Qoobox
2012-09-02 10:11 - 2012-09-02 10:34 - 00000000 ____D C:\Windows\erdnt
2012-09-02 10:10 - 2012-09-02 10:10 - 04742930 ____R (Swearware) C:\Users\Fenya\Downloads\ComboFix.exe
2012-09-02 09:53 - 2012-09-02 09:54 - 00607260 ____R (Swearware) C:\Users\Fenya\Downloads\dds.scr
2012-09-02 09:47 - 2012-09-02 09:47 - 00854124 ____A C:\Users\Fenya\Downloads\SecurityCheck.exe
2012-09-02 09:47 - 2012-09-02 09:47 - 00000472 ____A C:\Users\Fenya\Downloads\defogger_disable.log
2012-09-02 09:45 - 2012-09-02 09:45 - 00050477 ____A C:\Users\Fenya\Downloads\Defogger.exe
2012-09-01 12:27 - 2012-09-01 12:27 - 00000000 ____D C:\Users\Fenya\Documents\Symantec
2012-09-01 12:21 - 2012-09-01 12:21 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-09-01 12:21 - 2012-09-01 12:21 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-09-01 12:21 - 2012-09-01 12:21 - 00000000 ____D C:\Program Files\Symantec
2012-09-01 12:21 - 2012-09-01 12:21 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-09-01 12:20 - 2012-09-01 12:20 - 00002395 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-09-01 12:20 - 2012-09-01 12:20 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-09-01 12:20 - 2012-09-01 12:20 - 00000000 ____D C:\Program Files (x86)\Norton 360
2012-09-01 12:18 - 2012-09-01 12:18 - 00829056 ____A (Symantec Corporation) C:\Users\Fenya\Downloads\N360Downloader.exe
2012-09-01 09:32 - 2012-09-01 09:32 - 00000016 ____A C:\Windows\System32\config\software.szfi
2012-09-01 05:45 - 2012-09-01 09:44 - 00004320 ____A C:\Windows\System32\Drivers\kgpcpy.cfg
2012-09-01 05:32 - 2012-09-01 05:32 - 00000120 ____A C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2012-09-01 05:32 - 2012-01-12 05:28 - 00074872 ___RA (GFI Software) C:\Windows\System32\Drivers\sbapifs.sys
2012-09-01 05:07 - 2012-09-01 05:07 - 00587640 ____A C:\Users\Fenya\Downloads\cbsidlm-tr1_6-Stopzilla-10104765.exe
2012-08-25 06:37 - 2012-08-30 19:16 - 00000000 ____D C:\Users\Fenya\AppData\Local\{6EF98E39-EEC2-11E1-8270-B8AC6F996F26}
2012-08-25 06:11 - 2012-08-25 06:34 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-08-25 06:11 - 2012-08-25 06:11 - 00000000 ____D C:\Users\Fenya\AppData\Local\adaware
2012-08-25 06:04 - 2012-08-30 19:17 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-08-25 06:04 - 2012-08-25 06:04 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-08-25 05:45 - 2012-08-25 06:29 - 00000000 ____D C:\Users\Fenya\AppData\Roaming\Ad-Aware Antivirus
2012-08-10 14:40 - 2012-08-25 06:34 - 00000000 ____D C:\Users\Fenya\AppData\Local\{6BC01642-E33C-11E1-8270-B8AC6F996F26}


==================== 3 Months Modified Files ================================

2012-09-06 15:42 - 2010-05-11 23:17 - 02068563 ____A C:\Windows\WindowsUpdate.log
2012-09-06 15:35 - 2012-09-03 10:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-06 15:34 - 2011-09-18 15:36 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-06 15:34 - 2011-09-18 15:36 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-05 16:26 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-05 14:21 - 2012-09-05 14:20 - 01453069 ____A (Farbar) C:\Users\Fenya\Downloads\FRST64.exe
2012-09-04 15:37 - 2012-09-04 15:37 - 01561792 ____A (W3i, LLC) C:\Users\Fenya\Downloads\FreeFileViewer2012Setup.exe
2012-09-04 13:58 - 2012-09-04 13:58 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Fenya\Downloads\tdsskiller(1).exe
2012-09-04 13:57 - 2012-09-04 13:57 - 00001665 ____A C:\Users\Fenya\Documents\aswMBR.txt
2012-09-04 13:57 - 2012-09-04 13:57 - 00000512 ____A C:\Users\Fenya\Documents\MBR.dat
2012-09-04 13:55 - 2012-09-04 13:55 - 04731392 ____A (AVAST Software) C:\Users\Fenya\Downloads\aswMBR.exe
2012-09-04 13:47 - 2012-09-04 13:47 - 00001143 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-03 13:59 - 2009-07-13 20:51 - 00049681 ____A C:\Windows\setupact.log
2012-09-03 13:33 - 2009-07-13 20:45 - 00009920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-03 13:33 - 2009-07-13 20:45 - 00009920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-03 13:26 - 2011-11-12 09:30 - 00131072 _____ C:\Windows\System32\Ikeext.etl
2012-09-03 13:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-03 12:00 - 2009-11-20 12:15 - 00325702 ____A C:\Windows\PFRO.log
2012-09-03 10:34 - 2012-09-03 10:11 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-03 10:34 - 2011-09-18 15:39 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-03 06:59 - 2012-09-03 06:59 - 00001456 ____A C:\Users\Liam\Desktop\Internet Explorer.lnk
2012-09-03 05:09 - 2012-09-03 05:09 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Fenya\Downloads\tdsskiller.exe
2012-09-03 04:50 - 2012-09-03 04:50 - 00000244 ____A C:\Users\Fenya\Downloads\defogger_enable.log
2012-09-02 12:25 - 2012-09-02 12:25 - 00294216 ____A C:\Users\Fenya\Downloads\gmer.zip
2012-09-02 12:20 - 2012-09-02 12:20 - 00607260 ____A (Swearware) C:\Users\Fenya\Downloads\dds.com
2012-09-02 11:08 - 2012-09-02 11:08 - 00001804 ____A C:\AdwCleaner[S1].txt
2012-09-02 11:06 - 2012-09-02 11:06 - 00001131 ____A C:\AdwCleaner[R1].txt
2012-09-02 11:05 - 2012-09-02 11:05 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner(2).exe
2012-09-02 11:05 - 2012-09-02 11:05 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner(1).exe
2012-09-02 11:04 - 2012-09-02 11:04 - 00511265 ____A C:\Users\Fenya\Downloads\adwcleaner.exe
2012-09-02 10:40 - 2012-09-02 10:40 - 00010400 ____A C:\ComboFix.txt
2012-09-02 10:30 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-02 10:10 - 2012-09-02 10:10 - 04742930 ____R (Swearware) C:\Users\Fenya\Downloads\ComboFix.exe
2012-09-02 09:54 - 2012-09-02 09:53 - 00607260 ____R (Swearware) C:\Users\Fenya\Downloads\dds.scr
2012-09-02 09:47 - 2012-09-02 09:47 - 00854124 ____A C:\Users\Fenya\Downloads\SecurityCheck.exe
2012-09-02 09:47 - 2012-09-02 09:47 - 00000472 ____A C:\Users\Fenya\Downloads\defogger_disable.log
2012-09-02 09:45 - 2012-09-02 09:45 - 00050477 ____A C:\Users\Fenya\Downloads\Defogger.exe
2012-09-01 12:21 - 2012-09-01 12:21 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-09-01 12:21 - 2012-09-01 12:21 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-09-01 12:20 - 2012-09-01 12:20 - 00002395 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-09-01 12:19 - 2012-06-18 04:10 - 00001305 ____A C:\Users\Fenya\Desktop\Norton Installation Files.lnk
2012-09-01 12:18 - 2012-09-01 12:18 - 00829056 ____A (Symantec Corporation) C:\Users\Fenya\Downloads\N360Downloader.exe
2012-09-01 09:44 - 2012-09-01 05:45 - 00004320 ____A C:\Windows\System32\Drivers\kgpcpy.cfg
2012-09-01 09:32 - 2012-09-01 09:32 - 00000016 ____A C:\Windows\System32\config\software.szfi
2012-09-01 05:32 - 2012-09-01 05:32 - 00000120 ____A C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2012-09-01 05:07 - 2012-09-01 05:07 - 00587640 ____A C:\Users\Fenya\Downloads\cbsidlm-tr1_6-Stopzilla-10104765.exe
2012-08-03 00:27 - 2010-12-09 12:41 - 62134624 ____A C:\Windows\System32\MRT.exe
2012-06-17 11:49 - 2012-06-17 11:49 - 00002221 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-06-17 11:48 - 2012-06-17 11:48 - 00739816 ____A (Google Inc.) C:\Users\Fenya\Downloads\GoogleEarthSetup.exe
2012-06-16 23:34 - 2009-07-13 20:45 - 00426200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 07:32 - 2012-06-16 07:32 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Fenya\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-16 05:36 - 2012-06-16 05:36 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Fenya\Downloads\unhide.exe
2012-06-14 14:23 - 2012-06-14 14:20 - 00000480 ____A C:\Users\All Users\H4mm8lDIyk9fiw
2012-06-14 14:20 - 2012-06-14 14:20 - 00000152 ____A C:\Users\All Users\-H4mm8lDIyk9fiwr
2012-06-14 14:20 - 2012-06-14 14:20 - 00000000 ____A C:\Users\All Users\-H4mm8lDIyk9fiw


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-30 18:30:29
Restore point made on: 2012-08-30 18:49:37
Restore point made on: 2012-09-01 05:22:46
Restore point made on: 2012-09-01 05:44:51
Restore point made on: 2012-09-01 11:44:00
Restore point made on: 2012-09-06 15:43:00

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 1790.49 MB
Available physical RAM: 1193.8 MB
Total Pagefile: 1790.49 MB
Available Pagefile: 1184 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions ============================

1 Drive c: (eMachines) (Fixed) (Total:453.66 GB) (Free:360.53 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:2.92 GB) NTFS
4 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive h: () (Removable) (Total:1.9 GB) (Free:1.75 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1952 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 100 MB 12 GB
Partition 3 Primary 453 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C eMachines NTFS Partition 453 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1950 MB 122 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 1950 MB Healthy

==================================================================================

Last Boot: 2012-08-27 02:01

==================== End Of Log =============================

#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 06 September 2012 - 10:39 PM

Hello,

I'd like you to run FRST fix first and then boot into normal mode, delete the existing copy of ComboFix you have and download a fresh one here.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Users\All Users\H4mm8lDIyk9fiw
C:\Users\All Users\-H4mm8lDIyk9fiwr
C:\Users\All Users\-H4mm8lDIyk9fiw

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

===================================================

On your next reply please post :
FRST fix log
ComboFix log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 Helpless Lass

Helpless Lass
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:35 PM

Posted 07 September 2012 - 08:06 AM

Good morning ~ I am not at home where the infected PC is, but I just want to clarify that when you instruct me to "run FRST fix first and then boot into normal mode" that means fix will be an option instead of the command prompt I used before, correct? Thanks!!

#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 07 September 2012 - 09:42 AM

Well the command prompt is there to bring up FRST. So in other words, you will need to go back to System Recovery environment. From there you will perform the fix through FRST and not command prompt. :)

I hope that doesn't confuse you. lol
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users