Background audio ads, internet Slow

[j9845]

My internet started slowing down a couple weeks back and started notcing audio ads playing in the background. Once i started seeing these signs i stopped using my computer but now have some time to try and resolve the issue. I have read the beginner instructions and have ran a report posted below. Thank you for the support.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by J. METHER at 20:27:20 on 2012-09-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2370 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\alg.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [smithMicro QLM] "C:\Program Files (x86)\US Cellular\QuickLink Mobile\QLM.exe" -a

mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 97.64.183.164 97.64.209.37

TCP: Interfaces\{45D594D4-B180-4665-B287-69CF4ED217E9} : DhcpNameServer = 97.64.183.164 97.64.209.37

TCP: Interfaces\{CB584C8B-55EC-4429-86CE-B58E73269835} : DhcpNameServer = 192.168.42.129

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll

BHO-X64: Funmoods Helper Object - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun-x64: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [smithMicro QLM] "C:\Program Files (x86)\US Cellular\QuickLink Mobile\QLM.exe" -a

mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun-x64: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun-x64: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys [2012-9-12 1157240]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSviA64.sys [2012-9-12 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?]

R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMNETS.SYS [?]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2012-9-12 138248]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-4 135664]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-13 655944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-14 250056]

S3 CASMSI;SMSI Con App Svc;C:\Program Files (x86)\US Cellular\QuickLink Mobile\ConAppsSvc.exe [2008-9-25 124184]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-4 135664]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]

S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]

S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\system32\DRIVERS\PTDUBus.sys --> C:\Windows\system32\DRIVERS\PTDUBus.sys [?]

S3 PTDUMdm;PANTECH UM175 Drivers ;C:\Windows\system32\DRIVERS\PTDUMdm.sys --> C:\Windows\system32\DRIVERS\PTDUMdm.sys [?]

S3 PTDUVsp;PANTECH UM175 Diagnostic Port ;C:\Windows\system32\DRIVERS\PTDUVsp.sys --> C:\Windows\system32\DRIVERS\PTDUVsp.sys [?]

S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\system32\DRIVERS\PTDUWWAN.sys --> C:\Windows\system32\DRIVERS\PTDUWWAN.sys [?]

S3 SMSIRcAppSvc;SMSI Rc App Svc;C:\Program Files (x86)\US Cellular\QuickLink Mobile\RcAppSvc.exe [2008-9-25 111896]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== File Associations ===============

.

inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-09-13 01:23:48 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-09-13 01:15:35 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-09-13 01:15:35 -------- d-----w- C:\Program Files\Symantec

2012-09-13 01:15:35 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2012-09-13 01:14:42 738936 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\srtsp64.sys

2012-09-13 01:14:42 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\SymDS64.sys

2012-09-13 01:14:42 405624 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\symnets.sys

2012-09-13 01:14:42 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\srtspx64.sys

2012-09-13 01:14:42 190072 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\Ironx64.sys

2012-09-13 01:14:42 167048 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\ccSetx64.sys

2012-09-13 01:14:42 1092728 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\SymEFA64.sys

2012-09-13 01:14:18 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305000.091

2012-09-13 01:14:18 -------- d-----w- C:\Windows\System32\drivers\NISx64

2012-09-13 01:14:15 -------- d-----w- C:\Program Files (x86)\Norton Internet Security

2012-09-13 01:14:10 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2012-09-13 01:08:46 -------- d-----w- C:\Program Files (x86)\Yontoo

2012-09-13 01:08:45 -------- d-----w- C:\ProgramData\Tarma Installer

2012-09-13 01:08:20 -------- d-----w- C:\Program Files (x86)\Funmoods

2012-09-10 23:17:46 -------- d-----w- C:\$RECYCLE.BIN

2012-09-10 02:37:03 98816 ----a-w- C:\Windows\sed.exe

2012-09-10 02:37:03 518144 ----a-w- C:\Windows\SWREG.exe

2012-09-10 02:37:03 256000 ----a-w- C:\Windows\PEV.exe

2012-09-10 02:37:03 208896 ----a-w- C:\Windows\MBR.exe

2012-09-10 02:36:01 -------- d-----w- C:\ComboFix

2012-09-10 01:26:03 -------- d-----w- C:\Users\J. METHER\AppData\Roaming\SUPERAntiSpyware.com

2012-09-10 00:02:38 9310152 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{008CF9D0-B236-48F0-BCEA-B56418DEC865}\mpengine.dll

2012-08-27 01:10:23 609792 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-27 01:10:19 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-27 01:10:02 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-27 01:10:02 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-27 01:10:00 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

.

==================== Find3M ====================

.

2012-08-16 01:29:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-16 01:29:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-12 00:57:38 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-08-12 00:57:38 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

.

============= FINISH: 20:35:48.20 ===============

[MrCharlie]

Welcome to the forum.

Can you please post the Attach.txt also

~~~~~~~~~~~~~~~~

and.............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[j9845]

Here is the attach.txt and roguekiller report. Thanks for all the help!

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/28/2010 7:22:32 PM

System Uptime: 9/12/2012 7:59:04 PM (2 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Eureka3

Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 582 GiB total, 372.859 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.664 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek RTL8168D/8111D Family PCI-E GBE NIC

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_2A94103C&REV_03\4&2CECE7CE&0&00E5

Manufacturer: Realtek

Name: Realtek RTL8168D/8111D Family PCI-E GBE NIC

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_2A94103C&REV_03\4&2CECE7CE&0&00E5

Service: RTL8169

.

==== System Restore Points ===================

.

RP220: 3/25/2012 10:30:33 AM - Scheduled Checkpoint

RP221: 3/25/2012 10:40:36 AM - Windows Update

RP222: 4/6/2012 8:48:17 PM - Windows Update

RP223: 4/7/2012 3:00:24 AM - Windows Update

RP224: 4/8/2012 3:00:23 AM - Windows Update

RP225: 4/12/2012 5:00:38 PM - Windows Update

RP226: 4/14/2012 8:48:50 PM - Windows Update

RP227: 4/22/2012 4:05:11 PM - Windows Update

RP228: 4/30/2012 5:32:39 PM - Windows Update

RP229: 5/3/2012 5:39:11 PM - Windows Update

RP230: 5/8/2012 5:04:59 PM - Windows Update

RP231: 5/9/2012 3:00:45 AM - Windows Update

RP232: 5/13/2012 6:24:02 PM - Windows Update

RP233: 5/20/2012 4:45:56 PM - Windows Update

RP234: 6/7/2012 7:41:49 PM - Windows Update

RP235: 6/8/2012 3:00:28 AM - Windows Update

RP236: 6/12/2012 5:20:51 PM - Windows Update

RP237: 6/13/2012 3:00:34 AM - Windows Update

RP238: 6/17/2012 7:54:45 PM - Windows Update

RP239: 6/19/2012 9:51:02 PM - Restore Operation

RP240: 6/19/2012 10:08:05 PM - Windows Update

RP241: 6/20/2012 6:59:22 AM - Windows Update

RP242: 6/21/2012 2:56:24 PM - Windows Update

RP243: 7/29/2012 3:27:53 PM - Windows Update

RP244: 7/29/2012 6:02:06 PM - Restore Operation

RP245: 7/29/2012 6:17:26 PM - Windows Update

RP246: 7/29/2012 6:18:27 PM - Windows Update

RP247: 7/29/2012 6:20:36 PM - Windows Modules Installer

RP248: 7/29/2012 6:21:22 PM - Windows Modules Installer

RP249: 7/29/2012 6:25:49 PM - Windows Modules Installer

RP250: 7/29/2012 6:26:19 PM - Windows Modules Installer

RP251: 7/29/2012 6:27:01 PM - Windows Modules Installer

RP252: 7/29/2012 6:28:06 PM - Windows Modules Installer

RP253: 7/29/2012 7:31:30 PM - Windows Update

RP254: 8/2/2012 10:35:19 AM - Windows Update

RP255: 8/5/2012 6:26:51 PM - Windows Update

RP256: 8/5/2012 8:32:11 PM - Windows Update

RP257: 8/10/2012 5:50:01 PM - Windows Update

RP258: 8/11/2012 6:32:28 PM - Restore Operation

RP259: 8/11/2012 7:16:07 PM - Windows Update

RP260: 8/11/2012 7:24:24 PM - Windows Update

RP261: 8/11/2012 7:56:16 PM - Installed Java 6 Update 33

RP262: 8/11/2012 7:56:22 PM - Windows Update

RP263: 8/11/2012 10:01:51 PM - Windows Update

RP264: 8/26/2012 7:59:34 PM - Windows Update

RP265: 8/27/2012 3:00:32 AM - Windows Update

RP266: 9/9/2012 7:01:34 PM - Windows Update

RP267: 9/9/2012 8:18:18 PM - Removed AVG Free 8.5

RP268: 9/9/2012 8:18:59 PM - Installed AVG Free 8.5

RP269: 9/10/2012 6:32:11 PM - Removed 7-Zip 9.21

RP270: 9/10/2012 8:28:51 PM - Removed 7-Zip 9.21

RP271: 9/12/2012 8:04:43 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Acrobat.com

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.1

Amazon MP3 Downloader 1.0.12

Apple Application Support

Apple Software Update

Bodog Poker

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

Default Manager

DirectX for Managed Code Update (Summer 2004)

DiskAid 3.24

Driver Mender

Easy Video Convert

Funmoods Web Search

Google Chrome

Google Quick Search Box

Google Toolbar for Internet Explorer

Google Update Helper

HP Active Support Library

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP Odometer

HP Picasso Media Center Add-In

HP Recovery Manager RSS

HP Support Information

HP Total Care Setup

HP Update

HPAsset component for HP Active Support Library

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

IPCMonitor_en version 1.0.1.2

Java Auto Updater

Java 6 Update 33

K-Lite Codec Pack 3.4.5 Full

LabelPrint

LightScribe System Software

LimeWire 5.4.6

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

NinjaTrader 6.5

Norton Internet Security

PictureMover

Power2Go

PowerDirector

Pro/ENGINEER Student Edition Release Wildfire 3.0 Datecode M060

Python 2.6 pywin32-212

Python 2.6.1

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Spelling Dictionaries Support For Adobe Reader 9

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

US Cellular QuickLink Mobile

Visual C++ 8.0 Runtime Setup Package (x64)

VLC media player 0.9.2

Windows 7 Upgrade Advisor

.

==== Event Viewer Messages From Past Week ========

.

9/9/2012 9:37:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

9/9/2012 9:30:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/9/2012 9:30:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/9/2012 9:30:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/9/2012 9:29:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/9/2012 9:29:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6

9/9/2012 8:20:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

9/9/2012 10:16:30 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

9/9/2012 10:14:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

9/9/2012 10:13:36 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

9/12/2012 8:07:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.135.949.0).

9/12/2012 8:06:21 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

9/12/2012 8:01:59 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

9/12/2012 8:01:59 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

9/10/2012 7:16:34 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

9/10/2012 6:19:08 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: A device attached to the system is not functioning.

9/10/2012 6:18:57 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : J. METHER [Admin rights]

Mode : Scan -- Date : 09/12/2012 21:34:57

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-65A7B2 ATA Device +++++

--- User ---

[MBR] 9643359cd52dae8c0ae34268fe4a1aa1

[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 595848 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1220297400 | Size: 14621 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] fc82d1913833626fc99135442bef2084

[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 595848 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1220297400 | Size: 14621 Mo

2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1250258625 | Size: 2 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwarebytes.org/index.php?showtopic=97700

~~~~~~~~~~~~~~~~~~~

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  
• Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
  

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[j9845]

I was not aware of the peer-to-peer filesharing policy. I have not used utorrent for over a year. I will uninstall it as soon as i get home. Does it show anyother filesharing installed on my computer?

[MrCharlie]

Does it show anyother filesharing installed on my computer?

No just that one, MrC

[j9845]

I tried running tdsskiller but not let me. When I click on it, the system will act like it thinking. Then it stop thinking and does nothing. It will pop up on task manager but then will go away, like the program was canceled

[MrCharlie]

See if this one runs, Don't update it when prompted:

TDSSKiller.exe

Please read the directions carefully so you don't end up deleting something that is good!!

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[j9845]

20:10:22.0102 4144 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30

20:10:22.0113 4144 ============================================================

20:10:22.0113 4144 Current date / time: 2012/09/13 20:10:22.0113

20:10:22.0113 4144 SystemInfo:

20:10:22.0113 4144

20:10:22.0113 4144 OS Version: 6.1.7601 ServicePack: 1.0

20:10:22.0113 4144 Product type: Workstation

20:10:22.0113 4144 ComputerName: JMETHER-PC

20:10:22.0113 4144 UserName: J. METHER

20:10:22.0113 4144 Windows directory: C:\Windows

20:10:22.0113 4144 System windows directory: C:\Windows

20:10:22.0113 4144 Running under WOW64

20:10:22.0114 4144 Processor architecture: Intel x64

20:10:22.0114 4144 Number of processors: 4

20:10:22.0114 4144 Page size: 0x1000

20:10:22.0114 4144 Boot type: Normal boot

20:10:22.0114 4144 ============================================================

20:10:23.0202 4144 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:10:23.0221 4144 ============================================================

20:10:23.0221 4144 \Device\Harddisk0\DR0:

20:10:23.0221 4144 MBR partitions:

20:10:23.0221 4144 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48BC4279

20:10:23.0221 4144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x48BC42B8, BlocksNum 0x1C8EFF8

20:10:23.0221 4144 ============================================================

20:10:23.0234 4144 C: <-> \Device\Harddisk0\DR0\Partition0

20:10:23.0292 4144 D: <-> \Device\Harddisk0\DR0\Partition1

20:10:23.0292 4144 ============================================================

20:10:23.0292 4144 Initialize success

20:10:23.0292 4144 ============================================================

20:10:45.0818 4732 ============================================================

20:10:45.0818 4732 Scan started

20:10:45.0818 4732 Mode: Manual; SigCheck; TDLFS;

20:10:45.0818 4732 ============================================================

20:10:46.0821 4732 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:10:46.0979 4732 1394ohci - ok

20:10:47.0018 4732 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:10:47.0036 4732 ACPI - ok

20:10:47.0052 4732 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:10:47.0135 4732 AcpiPmi - ok

20:10:47.0266 4732 AdobeFlashPlayerUpdateSvc (a9d3b95e8466bd58eeb8a1154654e162) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:10:47.0290 4732 AdobeFlashPlayerUpdateSvc - ok

20:10:47.0354 4732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:10:47.0384 4732 adp94xx - ok

20:10:47.0432 4732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:10:47.0454 4732 adpahci - ok

20:10:47.0477 4732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:10:47.0502 4732 adpu320 - ok

20:10:47.0531 4732 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:10:47.0645 4732 AeLookupSvc - ok

20:10:47.0713 4732 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:10:47.0783 4732 AFD - ok

20:10:47.0810 4732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:10:47.0825 4732 agp440 - ok

20:10:47.0840 4732 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:10:47.0900 4732 ALG - ok

20:10:47.0930 4732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:10:47.0944 4732 aliide - ok

20:10:47.0966 4732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:10:47.0980 4732 amdide - ok

20:10:48.0020 4732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:10:48.0087 4732 AmdK8 - ok

20:10:48.0103 4732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:10:48.0148 4732 AmdPPM - ok

20:10:48.0201 4732 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

20:10:48.0216 4732 amdsata - ok

20:10:48.0251 4732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:10:48.0277 4732 amdsbs - ok

20:10:48.0287 4732 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

20:10:48.0300 4732 amdxata - ok

20:10:48.0334 4732 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:10:48.0473 4732 AppID - ok

20:10:48.0503 4732 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:10:48.0562 4732 AppIDSvc - ok

20:10:48.0607 4732 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:10:48.0645 4732 Appinfo - ok

20:10:48.0874 4732 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:10:48.0896 4732 Apple Mobile Device - ok

20:10:49.0020 4732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:10:49.0035 4732 arc - ok

20:10:49.0090 4732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:10:49.0104 4732 arcsas - ok

20:10:49.0115 4732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:10:49.0185 4732 AsyncMac - ok

20:10:49.0213 4732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:10:49.0227 4732 atapi - ok

20:10:49.0304 4732 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:10:49.0382 4732 AudioEndpointBuilder - ok

20:10:49.0388 4732 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:10:49.0427 4732 AudioSrv - ok

20:10:49.0497 4732 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:10:49.0583 4732 AxInstSV - ok

20:10:49.0624 4732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:10:49.0702 4732 b06bdrv - ok

20:10:49.0738 4732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:10:49.0784 4732 b57nd60a - ok

20:10:49.0828 4732 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:10:49.0885 4732 BDESVC - ok

20:10:49.0896 4732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:10:49.0954 4732 Beep - ok

20:10:50.0033 4732 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

20:10:50.0098 4732 BFE - ok

20:10:50.0358 4732 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys

20:10:50.0440 4732 BHDrvx64 - ok

20:10:50.0575 4732 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

20:10:50.0652 4732 BITS - ok

20:10:50.0730 4732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:10:50.0765 4732 blbdrive - ok

20:10:50.0881 4732 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

20:10:50.0907 4732 Bonjour Service - ok

20:10:50.0944 4732 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:10:51.0008 4732 bowser - ok

20:10:51.0021 4732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:10:51.0118 4732 BrFiltLo - ok

20:10:51.0139 4732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:10:51.0157 4732 BrFiltUp - ok

20:10:51.0190 4732 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

20:10:51.0247 4732 BridgeMP - ok

20:10:51.0290 4732 Browser (05f5a0d14a2ee1d8255c2aa0e9e8e694) C:\Windows\System32\browser.dll

20:10:51.0354 4732 Browser - ok

20:10:51.0383 4732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:10:51.0453 4732 Brserid - ok

20:10:51.0465 4732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:10:51.0502 4732 BrSerWdm - ok

20:10:51.0536 4732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:10:51.0573 4732 BrUsbMdm - ok

20:10:51.0605 4732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:10:51.0638 4732 BrUsbSer - ok

20:10:51.0668 4732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:10:51.0707 4732 BTHMODEM - ok

20:10:51.0755 4732 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:10:51.0813 4732 bthserv - ok

20:10:51.0909 4732 CASMSI (ed12bc322b53809261a58fd987596260) C:\Program Files (x86)\US Cellular\QuickLink Mobile\ConAppsSvc.exe

20:10:51.0922 4732 CASMSI - ok

20:10:51.0963 4732 catchme - ok

20:10:52.0022 4732 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys

20:10:52.0038 4732 ccSet_NIS - ok

20:10:52.0066 4732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:10:52.0123 4732 cdfs - ok

20:10:52.0185 4732 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:10:52.0224 4732 cdrom - ok

20:10:52.0286 4732 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:10:52.0350 4732 CertPropSvc - ok

20:10:52.0360 4732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:10:52.0398 4732 circlass - ok

20:10:52.0451 4732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:10:52.0471 4732 CLFS - ok

20:10:52.0540 4732 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:10:52.0554 4732 clr_optimization_v2.0.50727_32 - ok

20:10:52.0617 4732 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:10:52.0631 4732 clr_optimization_v2.0.50727_64 - ok

20:10:52.0652 4732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:10:52.0689 4732 CmBatt - ok

20:10:52.0729 4732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:10:52.0744 4732 cmdide - ok

20:10:52.0784 4732 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

20:10:52.0817 4732 CNG - ok

20:10:52.0834 4732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:10:52.0847 4732 Compbatt - ok

20:10:52.0875 4732 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:10:52.0917 4732 CompositeBus - ok

20:10:52.0946 4732 COMSysApp - ok

20:10:53.0046 4732 cpuz132 - ok

20:10:53.0065 4732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:10:53.0078 4732 crcdisk - ok

20:10:53.0116 4732 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

20:10:53.0164 4732 CryptSvc - ok

20:10:53.0228 4732 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:10:53.0288 4732 DcomLaunch - ok

20:10:53.0364 4732 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:10:53.0409 4732 defragsvc - ok

20:10:53.0445 4732 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:10:53.0496 4732 DfsC - ok

20:10:53.0563 4732 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:10:53.0633 4732 Dhcp - ok

20:10:53.0662 4732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:10:53.0697 4732 discache - ok

20:10:53.0733 4732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:10:53.0746 4732 Disk - ok

20:10:53.0778 4732 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:10:53.0835 4732 Dnscache - ok

20:10:53.0877 4732 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:10:53.0954 4732 dot3svc - ok

20:10:54.0008 4732 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:10:54.0062 4732 DPS - ok

20:10:54.0114 4732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:10:54.0155 4732 drmkaud - ok

20:10:54.0247 4732 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:10:54.0276 4732 DXGKrnl - ok

20:10:54.0308 4732 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:10:54.0349 4732 EapHost - ok

20:10:54.0502 4732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:10:54.0600 4732 ebdrv - ok

20:10:54.0698 4732 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

20:10:54.0716 4732 eeCtrl - ok

20:10:54.0816 4732 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:10:54.0874 4732 EFS - ok

20:10:54.0961 4732 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:10:55.0053 4732 ehRecvr - ok

20:10:55.0085 4732 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:10:55.0115 4732 ehSched - ok

20:10:55.0185 4732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:10:55.0214 4732 elxstor - ok

20:10:55.0266 4732 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

20:10:55.0279 4732 EraserUtilRebootDrv - ok

20:10:55.0301 4732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:10:55.0339 4732 ErrDev - ok

20:10:55.0396 4732 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:10:55.0456 4732 EventSystem - ok

20:10:55.0490 4732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:10:55.0559 4732 exfat - ok

20:10:55.0570 4732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:10:55.0616 4732 fastfat - ok

20:10:55.0697 4732 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:10:55.0767 4732 Fax - ok

20:10:55.0778 4732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:10:55.0815 4732 fdc - ok

20:10:55.0848 4732 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:10:55.0910 4732 fdPHost - ok

20:10:55.0943 4732 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:10:56.0003 4732 FDResPub - ok

20:10:56.0040 4732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:10:56.0053 4732 FileInfo - ok

20:10:56.0062 4732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:10:56.0112 4732 Filetrace - ok

20:10:56.0139 4732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:10:56.0173 4732 flpydisk - ok

20:10:56.0227 4732 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:10:56.0246 4732 FltMgr - ok

20:10:56.0345 4732 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll

20:10:56.0456 4732 FontCache - ok

20:10:56.0615 4732 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:10:56.0627 4732 FontCache3.0.0.0 - ok

20:10:56.0743 4732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:10:56.0759 4732 FsDepends - ok

20:10:56.0804 4732 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

20:10:56.0818 4732 Fs_Rec - ok

20:10:56.0934 4732 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:10:56.0965 4732 fvevol - ok

20:10:57.0059 4732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:10:57.0084 4732 gagp30kx - ok

20:10:57.0238 4732 GameConsoleService (db3d8979064ce299927cc1da57e9a659) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

20:10:57.0260 4732 GameConsoleService - ok

20:10:57.0297 4732 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:10:57.0306 4732 GEARAspiWDM - ok

20:10:57.0360 4732 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:10:57.0423 4732 gpsvc - ok

20:10:57.0497 4732 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:10:57.0513 4732 gupdate - ok

20:10:57.0541 4732 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:10:57.0553 4732 gupdatem - ok

20:10:57.0597 4732 gusvc (5d4bc124faae6730ac002cdb67bf1a1c) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

20:10:57.0611 4732 gusvc - ok

20:10:57.0623 4732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:10:57.0687 4732 hcw85cir - ok

20:10:57.0731 4732 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:10:57.0768 4732 HDAudBus - ok

20:10:57.0798 4732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:10:57.0813 4732 HidBatt - ok

20:10:57.0832 4732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:10:57.0865 4732 HidBth - ok

20:10:57.0899 4732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:10:57.0941 4732 HidIr - ok

20:10:57.0986 4732 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

20:10:58.0040 4732 hidserv - ok

20:10:58.0081 4732 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:10:58.0095 4732 HidUsb - ok

20:10:58.0124 4732 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:10:58.0186 4732 hkmsvc - ok

20:10:58.0238 4732 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:10:58.0304 4732 HomeGroupListener - ok

20:10:58.0338 4732 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:10:58.0374 4732 HomeGroupProvider - ok

20:10:58.0470 4732 HP Health Check Service (aa9ef0b395097f24d289f64445b2fd2e) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

20:10:58.0496 4732 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning

20:10:58.0496 4732 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)

20:10:58.0533 4732 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:10:58.0549 4732 HpSAMD - ok

20:10:58.0588 4732 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys

20:10:58.0655 4732 HTCAND64 - ok

20:10:58.0689 4732 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys

20:10:58.0703 4732 htcnprot - ok

20:10:58.0777 4732 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:10:58.0850 4732 HTTP - ok

20:10:58.0889 4732 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:10:58.0901 4732 hwpolicy - ok

20:10:58.0943 4732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:10:58.0959 4732 i8042prt - ok

20:10:59.0024 4732 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

20:10:59.0056 4732 iaStorV - ok

20:10:59.0148 4732 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

20:10:59.0183 4732 IDriverT ( UnsignedFile.Multi.Generic ) - warning

20:10:59.0183 4732 IDriverT - detected UnsignedFile.Multi.Generic (1)

20:10:59.0340 4732 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:10:59.0375 4732 idsvc - ok

20:10:59.0570 4732 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSVia64.sys

20:10:59.0590 4732 IDSVia64 - ok

20:10:59.0967 4732 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys

20:11:00.0169 4732 igfx - ok

20:11:00.0266 4732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:11:00.0281 4732 iirsp - ok

20:11:00.0341 4732 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:11:00.0409 4732 IKEEXT - ok

20:11:00.0527 4732 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys

20:11:00.0559 4732 IntcAzAudAddService - ok

20:11:00.0606 4732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:11:00.0618 4732 intelide - ok

20:11:00.0643 4732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:11:00.0676 4732 intelppm - ok

20:11:00.0725 4732 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:11:00.0784 4732 IPBusEnum - ok

20:11:00.0833 4732 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:11:00.0890 4732 IpFilterDriver - ok

20:11:00.0946 4732 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

20:11:01.0011 4732 iphlpsvc - ok

20:11:01.0055 4732 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:11:01.0086 4732 IPMIDRV - ok

20:11:01.0113 4732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:11:01.0171 4732 IPNAT - ok

20:11:01.0322 4732 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

20:11:01.0348 4732 iPod Service - ok

20:11:01.0416 4732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:11:01.0498 4732 IRENUM - ok

20:11:01.0518 4732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:11:01.0531 4732 isapnp - ok

20:11:01.0613 4732 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:11:01.0637 4732 iScsiPrt - ok

20:11:01.0672 4732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:11:01.0685 4732 kbdclass - ok

20:11:01.0718 4732 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

20:11:01.0751 4732 kbdhid - ok

20:11:01.0790 4732 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:11:01.0805 4732 KeyIso - ok

20:11:01.0831 4732 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

20:11:01.0845 4732 KSecDD - ok

20:11:01.0862 4732 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

20:11:01.0877 4732 KSecPkg - ok

20:11:01.0884 4732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:11:01.0939 4732 ksthunk - ok

20:11:01.0994 4732 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:11:02.0062 4732 KtmRm - ok

20:11:02.0120 4732 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

20:11:02.0181 4732 LanmanServer - ok

20:11:02.0231 4732 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:11:02.0287 4732 LanmanWorkstation - ok

20:11:02.0373 4732 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

20:11:02.0400 4732 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

20:11:02.0401 4732 LightScribeService - detected UnsignedFile.Multi.Generic (1)

20:11:02.0438 4732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:11:02.0500 4732 lltdio - ok

20:11:02.0549 4732 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:11:02.0614 4732 lltdsvc - ok

20:11:02.0634 4732 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:11:02.0669 4732 lmhosts - ok

20:11:02.0701 4732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:11:02.0715 4732 LSI_FC - ok

20:11:02.0730 4732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:11:02.0744 4732 LSI_SAS - ok

20:11:02.0756 4732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:11:02.0770 4732 LSI_SAS2 - ok

20:11:02.0788 4732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:11:02.0803 4732 LSI_SCSI - ok

20:11:02.0829 4732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:11:02.0893 4732 luafv - ok

20:11:02.0918 4732 MBAMProtector - ok

20:11:02.0996 4732 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:11:03.0031 4732 MBAMService - ok

20:11:03.0063 4732 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:11:03.0106 4732 Mcx2Svc - ok

20:11:03.0139 4732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:11:03.0154 4732 megasas - ok

20:11:03.0181 4732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:11:03.0204 4732 MegaSR - ok

20:11:03.0269 4732 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

20:11:03.0295 4732 Microsoft Office Groove Audit Service - ok

20:11:03.0319 4732 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:11:03.0375 4732 MMCSS - ok

20:11:03.0406 4732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:11:03.0440 4732 Modem - ok

20:11:03.0477 4732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:11:03.0517 4732 monitor - ok

20:11:03.0554 4732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:11:03.0569 4732 mouclass - ok

20:11:03.0583 4732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:11:03.0598 4732 mouhid - ok

20:11:03.0630 4732 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:11:03.0644 4732 mountmgr - ok

20:11:03.0675 4732 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:11:03.0692 4732 mpio - ok

20:11:03.0708 4732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:11:03.0743 4732 mpsdrv - ok

20:11:03.0812 4732 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

20:11:03.0879 4732 MpsSvc - ok

20:11:03.0924 4732 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:11:03.0972 4732 MRxDAV - ok

20:11:04.0016 4732 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:11:04.0083 4732 mrxsmb - ok

20:11:04.0122 4732 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:11:04.0165 4732 mrxsmb10 - ok

20:11:04.0190 4732 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:11:04.0208 4732 mrxsmb20 - ok

20:11:04.0233 4732 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:11:04.0246 4732 msahci - ok

20:11:04.0267 4732 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:11:04.0285 4732 msdsm - ok

20:11:04.0314 4732 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:11:04.0359 4732 MSDTC - ok

20:11:04.0403 4732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:11:04.0440 4732 Msfs - ok

20:11:04.0450 4732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:11:04.0503 4732 mshidkmdf - ok

20:11:04.0536 4732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:11:04.0548 4732 msisadrv - ok

20:11:04.0595 4732 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:11:04.0666 4732 MSiSCSI - ok

20:11:04.0670 4732 msiserver - ok

20:11:04.0712 4732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:11:04.0747 4732 MSKSSRV - ok

20:11:04.0759 4732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:11:04.0819 4732 MSPCLOCK - ok

20:11:04.0848 4732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:11:04.0909 4732 MSPQM - ok

20:11:04.0951 4732 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:11:04.0969 4732 MsRPC - ok

20:11:04.0979 4732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:11:04.0992 4732 mssmbios - ok

20:11:05.0016 4732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:11:05.0071 4732 MSTEE - ok

20:11:05.0104 4732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:11:05.0139 4732 MTConfig - ok

20:11:05.0182 4732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:11:05.0197 4732 Mup - ok

20:11:05.0246 4732 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:11:05.0316 4732 napagent - ok

20:11:05.0357 4732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:11:05.0402 4732 NativeWifiP - ok

20:11:05.0612 4732 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\ENG64.SYS

20:11:05.0630 4732 NAVENG - ok

20:11:05.0955 4732 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\EX64.SYS

20:11:06.0074 4732 NAVEX15 - ok

20:11:06.0244 4732 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:11:06.0275 4732 NDIS - ok

20:11:06.0314 4732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:11:06.0376 4732 NdisCap - ok

20:11:06.0409 4732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:11:06.0471 4732 NdisTapi - ok

20:11:06.0531 4732 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:11:06.0630 4732 Ndisuio - ok

20:11:06.0687 4732 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:11:06.0755 4732 NdisWan - ok

20:11:06.0801 4732 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:11:06.0857 4732 NDProxy - ok

20:11:06.0891 4732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:11:06.0949 4732 NetBIOS - ok

20:11:06.0998 4732 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:11:07.0068 4732 NetBT - ok

20:11:07.0107 4732 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:11:07.0123 4732 Netlogon - ok

20:11:07.0168 4732 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:11:07.0226 4732 Netman - ok

20:11:07.0271 4732 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:11:07.0313 4732 netprofm - ok

20:11:07.0413 4732 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:11:07.0430 4732 NetTcpPortSharing - ok

20:11:07.0446 4732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:11:07.0461 4732 nfrd960 - ok

20:11:07.0650 4732 NIS (9d0f43b1d0434b44183d4795e89f6c14) C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

20:11:07.0667 4732 NIS - ok

20:11:07.0715 4732 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:11:07.0754 4732 NlaSvc - ok

20:11:07.0766 4732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:11:07.0806 4732 Npfs - ok

20:11:07.0839 4732 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:11:07.0881 4732 nsi - ok

20:11:07.0885 4732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:11:07.0946 4732 nsiproxy - ok

20:11:08.0066 4732 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

20:11:08.0119 4732 Ntfs - ok

20:11:08.0223 4732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:11:08.0283 4732 Null - ok

20:11:08.0311 4732 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

20:11:08.0333 4732 nvraid - ok

20:11:08.0342 4732 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

20:11:08.0364 4732 nvstor - ok

20:11:08.0407 4732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:11:08.0434 4732 nv_agp - ok

20:11:08.0528 4732 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:11:08.0565 4732 odserv - ok

20:11:08.0585 4732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:11:08.0630 4732 ohci1394 - ok

20:11:08.0669 4732 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:11:08.0693 4732 ose - ok

20:11:08.0730 4732 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:11:08.0795 4732 p2pimsvc - ok

20:11:08.0835 4732 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:11:08.0888 4732 p2psvc - ok

20:11:08.0928 4732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:11:08.0956 4732 Parport - ok

20:11:08.0983 4732 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

20:11:09.0004 4732 partmgr - ok

20:11:09.0094 4732 PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

20:11:09.0127 4732 PassThru Service ( UnsignedFile.Multi.Generic ) - warning

20:11:09.0127 4732 PassThru Service - detected UnsignedFile.Multi.Generic (1)

20:11:09.0154 4732 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:11:09.0208 4732 PcaSvc - ok

20:11:09.0382 4732 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms

20:11:09.0596 4732 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok

20:11:09.0688 4732 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:11:09.0713 4732 pci - ok

20:11:09.0734 4732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:11:09.0756 4732 pciide - ok

20:11:09.0798 4732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:11:09.0827 4732 pcmcia - ok

20:11:09.0842 4732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:11:09.0862 4732 pcw - ok

20:11:09.0898 4732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:11:09.0959 4732 PEAUTH - ok

20:11:10.0025 4732 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:11:10.0066 4732 PerfHost - ok

20:11:10.0174 4732 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:11:10.0281 4732 pla - ok

20:11:10.0348 4732 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:11:10.0421 4732 PlugPlay - ok

20:11:10.0471 4732 pneteth (8ac5649c9070674d4607301c180ab10b) C:\Windows\system32\DRIVERS\pneteth.sys

20:11:10.0521 4732 pneteth - ok

20:11:10.0564 4732 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:11:10.0607 4732 PNRPAutoReg - ok

20:11:10.0646 4732 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:11:10.0671 4732 PNRPsvc - ok

20:11:10.0703 4732 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:11:10.0778 4732 PolicyAgent - ok

20:11:10.0828 4732 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:11:10.0892 4732 Power - ok

20:11:10.0934 4732 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:11:11.0003 4732 PptpMiniport - ok

20:11:11.0044 4732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:11:11.0082 4732 Processor - ok

20:11:11.0129 4732 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

20:11:11.0197 4732 ProfSvc - ok

20:11:11.0240 4732 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:11:11.0263 4732 ProtectedStorage - ok

20:11:11.0304 4732 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:11:11.0364 4732 Psched - ok

20:11:11.0403 4732 PTDUBus (d41c41ef80188855457b1c052bd37365) C:\Windows\system32\DRIVERS\PTDUBus.sys

20:11:11.0432 4732 PTDUBus - ok

20:11:11.0447 4732 PTDUMdm (c346a1c338fc9a00c78c0ec17a4efcb1) C:\Windows\system32\DRIVERS\PTDUMdm.sys

20:11:11.0466 4732 PTDUMdm - ok

20:11:11.0485 4732 PTDUVsp (e9759c14495167a227ffb179df5ad6b1) C:\Windows\system32\DRIVERS\PTDUVsp.sys

20:11:11.0519 4732 PTDUVsp - ok

20:11:11.0550 4732 PTDUWWAN (478c83147f3ee598549cfa090cefb570) C:\Windows\system32\DRIVERS\PTDUWWAN.sys

20:11:11.0606 4732 PTDUWWAN - ok

20:11:11.0715 4732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:11:11.0791 4732 ql2300 - ok

20:11:11.0923 4732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:11:11.0948 4732 ql40xx - ok

20:11:11.0985 4732 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:11:12.0022 4732 QWAVE - ok

20:11:12.0035 4732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:11:12.0059 4732 QWAVEdrv - ok

20:11:12.0072 4732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:11:12.0132 4732 RasAcd - ok

20:11:12.0176 4732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:11:12.0220 4732 RasAgileVpn - ok

20:11:12.0235 4732 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:11:12.0305 4732 RasAuto - ok

20:11:12.0347 4732 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:11:12.0412 4732 Rasl2tp - ok

20:11:12.0467 4732 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:11:12.0515 4732 RasMan - ok

20:11:12.0525 4732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:11:12.0567 4732 RasPppoe - ok

20:11:12.0588 4732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:11:12.0648 4732 RasSstp - ok

20:11:12.0697 4732 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:11:12.0761 4732 rdbss - ok

20:11:12.0792 4732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:11:12.0818 4732 rdpbus - ok

20:11:12.0828 4732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:11:12.0889 4732 RDPCDD - ok

20:11:12.0917 4732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:11:12.0975 4732 RDPENCDD - ok

20:11:13.0011 4732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:11:13.0052 4732 RDPREFMP - ok

20:11:13.0095 4732 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

20:11:13.0156 4732 RDPWD - ok

20:11:13.0198 4732 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:11:13.0220 4732 rdyboost - ok

20:11:13.0253 4732 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:11:13.0302 4732 RemoteAccess - ok

20:11:13.0336 4732 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:11:13.0423 4732 RemoteRegistry - ok

20:11:13.0465 4732 RimUsb - ok

20:11:13.0559 4732 RoxLiveShare9 - ok

20:11:13.0576 4732 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:11:13.0625 4732 RpcEptMapper - ok

20:11:13.0656 4732 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:11:13.0701 4732 RpcLocator - ok

20:11:13.0761 4732 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:11:13.0809 4732 RpcSs - ok

20:11:13.0845 4732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:11:13.0904 4732 rspndr - ok

20:11:13.0966 4732 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys

20:11:14.0056 4732 RTL8169 - ok

20:11:14.0082 4732 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:11:14.0102 4732 SamSs - ok

20:11:14.0133 4732 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:11:14.0154 4732 sbp2port - ok

20:11:14.0174 4732 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:11:14.0227 4732 SCardSvr - ok

20:11:14.0250 4732 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:11:14.0310 4732 scfilter - ok

20:11:14.0396 4732 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:11:14.0479 4732 Schedule - ok

20:11:14.0526 4732 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:11:14.0567 4732 SCPolicySvc - ok

20:11:14.0602 4732 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:11:14.0642 4732 SDRSVC - ok

20:11:14.0754 4732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:11:14.0818 4732 secdrv - ok

20:11:14.0864 4732 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:11:14.0908 4732 seclogon - ok

20:11:14.0937 4732 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

20:11:14.0979 4732 SENS - ok

20:11:14.0991 4732 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:11:15.0061 4732 SensrSvc - ok

20:11:15.0072 4732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:11:15.0113 4732 Serenum - ok

20:11:15.0147 4732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:11:15.0186 4732 Serial - ok

20:11:15.0220 4732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:11:15.0243 4732 sermouse - ok

20:11:15.0280 4732 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:11:15.0347 4732 SessionEnv - ok

20:11:15.0386 4732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:11:15.0427 4732 sffdisk - ok

20:11:15.0456 4732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:11:15.0496 4732 sffp_mmc - ok

20:11:15.0524 4732 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:11:15.0563 4732 sffp_sd - ok

20:11:15.0596 4732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:11:15.0617 4732 sfloppy - ok

20:11:15.0659 4732 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:11:15.0723 4732 SharedAccess - ok

20:11:15.0776 4732 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:11:15.0844 4732 ShellHWDetection - ok

20:11:15.0879 4732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:11:15.0901 4732 SiSRaid2 - ok

20:11:15.0913 4732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:11:15.0933 4732 SiSRaid4 - ok

20:11:15.0960 4732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:11:16.0019 4732 Smb - ok

20:11:16.0118 4732 SMSIRcAppSvc (2773bea9ced97ab2813d5f547a28326c) C:\Program Files (x86)\US Cellular\QuickLink Mobile\RcAppSvc.exe

20:11:16.0139 4732 SMSIRcAppSvc - ok

20:11:16.0190 4732 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:11:16.0230 4732 SNMPTRAP - ok

20:11:16.0264 4732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:11:16.0284 4732 spldr - ok

20:11:16.0315 4732 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:11:16.0366 4732 Spooler - ok

20:11:16.0547 4732 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:11:16.0672 4732 sppsvc - ok

20:11:16.0769 4732 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:11:16.0831 4732 sppuinotify - ok

20:11:16.0992 4732 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSP64.SYS

20:11:17.0087 4732 SRTSP - ok

20:11:17.0147 4732 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS

20:11:17.0160 4732 SRTSPX - ok

20:11:17.0204 4732 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:11:17.0282 4732 srv - ok

20:11:17.0315 4732 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:11:17.0366 4732 srv2 - ok

20:11:17.0395 4732 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:11:17.0441 4732 srvnet - ok

20:11:17.0487 4732 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:11:17.0546 4732 SSDPSRV - ok

20:11:17.0569 4732 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:11:17.0606 4732 SstpSvc - ok

20:11:17.0636 4732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:11:17.0649 4732 stexstor - ok

20:11:17.0707 4732 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:11:17.0734 4732 stisvc - ok

20:11:17.0752 4732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:11:17.0765 4732 swenum - ok

20:11:17.0791 4732 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:11:17.0838 4732 swprv - ok

20:11:17.0958 4732 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS

20:11:17.0986 4732 SymDS - ok

20:11:18.0102 4732 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS

20:11:18.0181 4732 SymEFA - ok

20:11:18.0228 4732 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

20:11:18.0243 4732 SymEvent - ok

20:11:18.0291 4732 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS

20:11:18.0306 4732 SymIRON - ok

20:11:18.0346 4732 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\system32\drivers\NISx64\1305000.091\SYMNETS.SYS

20:11:18.0363 4732 SymNetS - ok

20:11:18.0466 4732 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:11:18.0522 4732 SysMain - ok

20:11:18.0622 4732 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:11:18.0667 4732 TabletInputService - ok

20:11:18.0720 4732 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:11:18.0781 4732 TapiSrv - ok

20:11:18.0824 4732 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:11:18.0863 4732 TBS - ok

20:11:19.0000 4732 Tcpip (f782cad3cedbb3f9ffe3bf2775d92ddc) C:\Windows\system32\drivers\tcpip.sys

20:11:19.0052 4732 Tcpip - ok

20:11:19.0176 4732 TCPIP6 (f782cad3cedbb3f9ffe3bf2775d92ddc) C:\Windows\system32\DRIVERS\tcpip.sys

20:11:19.0213 4732 TCPIP6 - ok

20:11:19.0268 4732 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:11:19.0319 4732 tcpipreg - ok

20:11:19.0374 4732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:11:19.0429 4732 TDPIPE - ok

20:11:19.0452 4732 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:11:19.0490 4732 TDTCP - ok

20:11:19.0538 4732 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:11:19.0599 4732 tdx - ok

20:11:19.0637 4732 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:11:19.0652 4732 TermDD - ok

20:11:19.0698 4732 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:11:19.0819 4732 TermService - ok

20:11:19.0863 4732 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:11:19.0899 4732 Themes - ok

20:11:19.0943 4732 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:11:19.0980 4732 THREADORDER - ok

20:11:19.0997 4732 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:11:20.0053 4732 TrkWks - ok

20:11:20.0127 4732 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:11:20.0192 4732 TrustedInstaller - ok

20:11:20.0233 4732 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:11:20.0287 4732 tssecsrv - ok

20:11:20.0358 4732 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:11:20.0420 4732 TsUsbFlt - ok

20:11:20.0471 4732 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:11:20.0512 4732 tunnel - ok

20:11:20.0540 4732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:11:20.0554 4732 uagp35 - ok

20:11:20.0593 4732 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:11:20.0650 4732 udfs - ok

20:11:20.0689 4732 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:11:20.0722 4732 UI0Detect - ok

20:11:20.0766 4732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:11:20.0782 4732 uliagpkx - ok

20:11:20.0816 4732 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

20:11:20.0855 4732 umbus - ok

20:11:20.0883 4732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:11:20.0915 4732 UmPass - ok

20:11:20.0951 4732 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:11:20.0994 4732 upnphost - ok

20:11:21.0029 4732 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

20:11:21.0087 4732 USBAAPL64 - ok

20:11:21.0121 4732 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys

20:11:21.0153 4732 usbccgp - ok

20:11:21.0209 4732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:11:21.0228 4732 usbcir - ok

20:11:21.0244 4732 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys

20:11:21.0260 4732 usbehci - ok

20:11:21.0287 4732 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

20:11:21.0330 4732 usbhub - ok

20:11:21.0349 4732 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

20:11:21.0378 4732 usbohci - ok

20:11:21.0408 4732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:11:21.0443 4732 usbprint - ok

20:11:21.0467 4732 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:11:21.0501 4732 USBSTOR - ok

20:11:21.0533 4732 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

20:11:21.0548 4732 usbuhci - ok

20:11:21.0588 4732 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys

20:11:21.0606 4732 usb_rndisx - ok

20:11:21.0635 4732 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:11:21.0688 4732 UxSms - ok

20:11:21.0722 4732 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:11:21.0735 4732 VaultSvc - ok

20:11:21.0769 4732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:11:21.0782 4732 vdrvroot - ok

20:11:21.0831 4732 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:11:21.0892 4732 vds - ok

20:11:21.0923 4732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:11:21.0939 4732 vga - ok

20:11:21.0993 4732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:11:22.0048 4732 VgaSave - ok

20:11:22.0114 4732 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:11:22.0140 4732 vhdmp - ok

20:11:22.0161 4732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:11:22.0174 4732 viaide - ok

20:11:22.0189 4732 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:11:22.0202 4732 volmgr - ok

20:11:22.0241 4732 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:11:22.0259 4732 volmgrx - ok

20:11:22.0280 4732 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:11:22.0298 4732 volsnap - ok

20:11:22.0316 4732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:11:22.0340 4732 vsmraid - ok

20:11:22.0442 4732 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:11:22.0529 4732 VSS - ok

20:11:22.0638 4732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

20:11:22.0677 4732 vwifibus - ok

20:11:22.0729 4732 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:11:22.0772 4732 W32Time - ok

20:11:22.0786 4732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:11:22.0800 4732 WacomPen - ok

20:11:22.0823 4732 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:11:22.0878 4732 WANARP - ok

20:11:22.0910 4732 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:11:22.0946 4732 Wanarpv6 - ok

20:11:23.0040 4732 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:11:23.0086 4732 WatAdminSvc - ok

20:11:23.0177 4732 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:11:23.0258 4732 wbengine - ok

20:11:23.0368 4732 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:11:23.0396 4732 WbioSrvc - ok

20:11:23.0437 4732 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:11:23.0487 4732 wcncsvc - ok

20:11:23.0515 4732 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:11:23.0537 4732 WcsPlugInService - ok

20:11:23.0587 4732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:11:23.0600 4732 Wd - ok

20:11:23.0633 4732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:11:23.0657 4732 Wdf01000 - ok

20:11:23.0668 4732 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:11:23.0759 4732 WdiServiceHost - ok

20:11:23.0762 4732 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:11:23.0783 4732 WdiSystemHost - ok

20:11:23.0824 4732 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:11:23.0851 4732 WebClient - ok

20:11:23.0873 4732 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:11:23.0935 4732 Wecsvc - ok

20:11:23.0960 4732 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:11:23.0996 4732 wercplsupport - ok

20:11:24.0019 4732 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:11:24.0055 4732 WerSvc - ok

20:11:24.0079 4732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:11:24.0134 4732 WfpLwf - ok

20:11:24.0138 4732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:11:24.0151 4732 WIMMount - ok

20:11:24.0217 4732 WinDefend - ok

20:11:24.0223 4732 WinHttpAutoProxySvc - ok

20:11:24.0284 4732 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:11:24.0325 4732 Winmgmt - ok

20:11:24.0439 4732 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:11:24.0508 4732 WinRM - ok

20:11:24.0630 4732 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

20:11:24.0647 4732 WinUsb - ok

20:11:24.0719 4732 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:11:24.0755 4732 Wlansvc - ok

20:11:24.0781 4732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:11:24.0817 4732 WmiAcpi - ok

20:11:24.0895 4732 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:11:24.0951 4732 wmiApSrv - ok

20:11:25.0017 4732 WMPNetworkSvc - ok

20:11:25.0028 4732 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:11:25.0083 4732 WPCSvc - ok

20:11:25.0114 4732 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:11:25.0132 4732 WPDBusEnum - ok

20:11:25.0163 4732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:11:25.0218 4732 ws2ifsl - ok

20:11:25.0255 4732 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

20:11:25.0314 4732 wscsvc - ok

20:11:25.0317 4732 WSearch - ok

20:11:25.0442 4732 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

20:11:25.0528 4732 wuauserv - ok

20:11:25.0664 4732 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:11:25.0705 4732 WudfPf - ok

20:11:25.0764 4732 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:11:25.0809 4732 WUDFRd - ok

20:11:25.0840 4732 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:11:25.0874 4732 wudfsvc - ok

20:11:25.0895 4732 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:11:25.0944 4732 WwanSvc - ok

20:11:26.0008 4732 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:11:26.0045 4732 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected

20:11:26.0045 4732 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)

20:11:26.0071 4732 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:11:26.0071 4732 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:11:26.0075 4732 Boot (0x1200) (3f19ac54cd93ee3118db2878e889b5b9) \Device\Harddisk0\DR0\Partition0

20:11:26.0076 4732 \Device\Harddisk0\DR0\Partition0 - ok

20:11:26.0090 4732 Boot (0x1200) (21612c6c3b25c2ddc1a927feb8f1b0ae) \Device\Harddisk0\DR0\Partition1

20:11:26.0091 4732 \Device\Harddisk0\DR0\Partition1 - ok

20:11:26.0092 4732 ============================================================

20:11:26.0092 4732 Scan finished

20:11:26.0092 4732 ============================================================

20:11:26.0101 4680 Detected object count: 6

20:11:26.0101 4680 Actual detected object count: 6

20:16:08.0406 4680 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:16:08.0406 4680 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:16:08.0408 4680 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

20:16:08.0408 4680 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:16:08.0410 4680 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

20:16:08.0410 4680 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:16:08.0412 4680 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:16:08.0412 4680 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:16:08.0868 4680 \Device\Harddisk0\DR0\# - copied to quarantine

20:16:08.0868 4680 \Device\Harddisk0\DR0 - copied to quarantine

20:16:08.0930 4680 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

20:16:08.0932 4680 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine

20:16:08.0933 4680 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine

20:16:08.0935 4680 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine

20:16:08.0937 4680 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine

20:16:08.0939 4680 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine

20:16:08.0942 4680 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine

20:16:08.0944 4680 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine

20:16:08.0946 4680 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine

20:16:09.0007 4680 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

20:16:09.0015 4680 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

20:16:09.0017 4680 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

20:16:09.0019 4680 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

20:16:09.0021 4680 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine

20:16:09.0023 4680 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine

20:16:09.0025 4680 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine

20:16:09.0040 4680 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine

20:16:09.0115 4680 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine

20:16:09.0128 4680 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine

20:16:09.0192 4680 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine

20:16:09.0199 4680 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine

20:16:09.0208 4680 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine

20:16:09.0222 4680 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine

20:16:09.0481 4680 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine

20:16:09.0484 4680 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot

20:16:09.0485 4680 \Device\Harddisk0\DR0 - ok

20:16:10.0182 4680 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure

20:16:10.0183 4680 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:16:10.0183 4680 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

20:16:46.0352 4148 Deinitialize success

[MrCharlie]

Great! it worked......

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

20:16:10.0183 4680 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:16:10.0183 4680 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~~

Then.......

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Reboot and scan the system with RogueKiller again and post the new log, MrC

[j9845]

These are the only files that should up this time. Do i go ahead with the next scans?

21:50:30.0830 1900 Detected object count: 4

21:50:30.0830 1900 Actual detected object count: 4

21:50:43.0612 1900 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:50:43.0612 1900 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:50:43.0614 1900 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

21:50:43.0614 1900 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:50:43.0616 1900 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

21:50:43.0616 1900 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:50:43.0618 1900 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:50:43.0618 1900 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: SkipThese where the only files that should up this time.

[j9845]

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.09.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

J. METHER :: JMETHER-PC [administrator]

9/13/2012 9:56:05 PM

mbam-log-2012-09-13 (21-56-05).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 222705

Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 30

HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 2

C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> Quarantined and deleted successfully.

Files Detected: 12

C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\J. METHER\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\J. METHER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\J. METHER\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\J. METHER\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)

[j9845]

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : J. METHER [Admin rights]

Mode : Scan -- Date : 09/13/2012 22:05:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-65A7B2 ATA Device +++++

--- User ---

[MBR] 9643359cd52dae8c0ae34268fe4a1aa1

[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 595848 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1220297400 | Size: 14621 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++

--- User ---

[MBR] 96621df59a565d5e057e0659da7ec48b

[bSP] 788470fe12ec57aabe933cfdd9c84885 : Standard MBR Code

Partition table:

0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 129 | Size: 1907 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

[MrCharlie]

How is it running?? MrC

[j9845]

seems to be running good. I have not tried connecting to internet yet but seems fasters. Do i need to delete the files found by the Roguekiller?

What would you suggest for a antivirus program? i did have AVG. Thanks again for all you help!

[MrCharlie]

Do i need to delete the files found by the Roguekiller?

We'll do this when we're done.

What would you suggest for a antivirus program? i did have AVG.

Avast:

http://www.avast.com/en-us/index

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Lets clean up some of the junk and clutter on the system:

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.
   

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

[j9845]

I will be gone this weekend but will perform scans sunday night. thank you for the help!

[j9845]

# AdwCleaner v2.002 - Logfile created 09/16/2012 at 17:09:05

# Updated 16/09/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : J. METHER - JMETHER-PC

# Boot Mode : Normal

# Running from : C:\Users\J. METHER\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

Folder Found : C:\Program Files (x86)\Funmoods

Folder Found : C:\Program Files (x86)\Yontoo

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\J. METHER\AppData\LocalLow\Funmoods

***** [Registry] *****

Key Found : HKCU\Software\Funmoods

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\Software\Funmoods

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\SOFTWARE\Tarma Installer

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [7275 octets] - [16/09/2012 17:09:05]

########## EOF - C:\AdwCleaner[R1].txt - [7335 octets] ##########

[MrCharlie]

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
   

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

[j9845]

# AdwCleaner v2.002 - Logfile created 09/16/2012 at 19:11:56

# Updated 16/09/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : J. METHER - JMETHER-PC

# Boot Mode : Normal

# Running from : C:\Users\J. METHER\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

Folder Deleted : C:\Program Files (x86)\Funmoods

Folder Deleted : C:\Program Files (x86)\Yontoo

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\J. METHER\AppData\LocalLow\Funmoods

***** [Registry] *****

Key Deleted : HKCU\Software\Funmoods

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\Funmoods

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[R1].txt - [7366 octets] - [16/09/2012 17:09:05]

AdwCleaner[s1].txt - [8110 octets] - [16/09/2012 19:11:56]

########## EOF - C:\AdwCleaner[s1].txt - [8170 octets] ##########

[MrCharlie]

Looks Good.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

MrC

[j9845]

I am not running any antivirus right now. I had AVG but deleted it prior to running tests and scans. At this time it is not connected to the interent due to my landline. I wanted to make sure everything was good and working properly.

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 33

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

[MrCharlie]

Malwarebytes Anti-Malware version 1.62.0.1300 <--------please update should be 1.65.0.1400

Java™ 6 Update 33 <---please uninstall from add/remove programs

Java version out of Date! <-------download and install latest version

Adobe Flash Player 10 Flash Player out of Date! <---please update

Adobe Reader 9 Adobe Reader out of Date! <----please update

You have out dated programs on the system which are vulnerable to malware.

Please update or delete them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!