I think i have a trojan

Skatez · May 6, 2013

Hi!

I scanned my PC a few days ago because it was working slow after starting it, and found this with ESET( preinstalled anti-virus):

Operating memory » svchost.exe(3340) - a variant of Win32/Remtasu.S trojan - unable to clean

So I used Malawarebytes program, and found a few more malicious things.

It deleted them, all was auto-selected, and when i scanned again still found that remtasu.s Trojan.

So this are the Logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476

Run by user at 11:20:01 on 2013-05-06

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8174.6083 [GMT 3:00]

.

AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Windows\SysWOW64\secpro.exe

C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

D:\Join Air\AssistantServices.exe

C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe

D:\Jocuri)\WTGService.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

svchost.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

D:\Jocuri\InternetEverywhere\InternetEverywhere.exe

D:\Jocuri\InternetEverywhere\Launcher.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=DE96020054746872

uSearch Bar = Preserve

mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={54316D26-01AF-11E2-AFE9-002522B3C2F7}

mWinlogon: Userinit = userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: SmartView VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - LocalServer32 - <no file>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - LocalServer32 - <no file>

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - LocalServer32 - <no file>

TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll

uRun: [Kernel_32] C:\Users\user\AppData\Roaming\Isp_32\Kernel.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun

uRun: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Kernel_32] C:\Users\user\AppData\Roaming\Isp_32\Kernel.exe

mRun: [smartviewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - D:\PokerStars.EU\PokerStarsUpdate.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: NameServer = 62.217.213.71 93.122.135.199

TCP: Interfaces\{0452D3CD-7DDB-466F-B21A-848B81470D55} : DHCPNameServer = 62.217.213.71 93.122.135.199

TCP: Interfaces\{15D9700E-F9BC-4D09-BFB0-2ECFDCB62E45} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{16C86BFE-5ED6-44EC-A5F1-10220F6FD6B2} : DHCPNameServer = 62.217.213.71 93.122.135.199

TCP: Interfaces\{386444E4-ACD2-4D13-9FE3-993FB2A04A90} : DHCPNameServer = 93.122.135.199 62.217.213.71

TCP: Interfaces\{73BE1673-CA78-4C7E-A22B-9C7C23162ED6} : DHCPNameServer = 62.217.213.71 93.122.135.199

TCP: Interfaces\{C7B4ADD7-1598-4410-8596-5ACA81644348} : DHCPNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{CC06F36A-86AA-43BE-B388-BE187DA0B2FC} : DHCPNameServer = 62.217.213.71 93.122.135.199

TCP: Interfaces\{D4BD5439-349B-473B-9B68-508312C479F5} : DHCPNameServer = 62.217.213.71 93.122.135.199

TCP: Interfaces\{EC754192-8687-4508-A192-1D5DD70AD17F} : DHCPNameServer = 93.122.135.199 62.217.213.71

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll c:\progra~2\browse~1\sprote~1.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {WBNAJGF4-O51K-0P61-SXTQ-F75D0HHY2722} - C:\Users\user\AppData\Roaming\Isp_32\Kernel.exe restart

x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,D:\SAFCE\wpk.exe

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]

R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2011-12-13 15368]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]

R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-3-18 2569168]

R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-5-31 75144]

R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-5-31 385416]

R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 SecStore;Secure Storage;C:\Windows\SysWOW64\secpro.exe [2013-3-18 61440]

R2 SmartViewService;SmartView service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-9-2 125216]

R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-24 370688]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

R2 UI Assistant Service;UI Assistant Service;D:\Join Air\AssistantServices.exe [2012-7-12 246272]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-13 2656280]

R2 WCUService;SmartView Software Updater Service;C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-9-2 456976]

R2 WTGService;WTGService;D:\Jocuri)\WTGService.exe [2012-1-9 308688]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2010-12-29 122856]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2010-12-29 370152]

R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2013-2-15 20784]

R3 GTUHSBUS;GT UHS BUS;C:\Windows\System32\drivers\gtuhsbus.sys [2011-12-25 88576]

R3 GTUHSNDISIPXP;GT UHS IP NDIS;C:\Windows\System32\drivers\gtuhs51.sys [2011-12-25 129536]

R3 GTUHSSER;GT UHS SER;C:\Windows\System32\drivers\gtuhsser.sys [2011-12-25 10496]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-13 76912]

R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2013-1-27 15896]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2013-1-27 327576]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;D:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-6 418376]

S2 MBAMService;MBAMService;D:\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-6 701512]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-5-31 397704]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-25 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-13 79360]

S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-11-30 131912]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-3-16 102368]

S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-3-13 37344]

S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-7-12 11776]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-6 25928]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-26 20992]

S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-12-13 79360]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-3-16 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-3-16 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-3-16 177640]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-3-16 203104]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 tenCapture;tenCapture;C:\Windows\System32\drivers\tenCapture.sys [2013-2-5 23736]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-28 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-13 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-05-06 06:43:57 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes

2013-05-06 06:43:49 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-06 06:43:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-05 15:09:43 232904 ----a-w- C:\Windows\SysWow64\poclbm121016GeForceGTS450gv1w256l4pOpenCL1_1CUDA4_2_1.bin

2013-05-05 13:05:32 232904 ----a-w- C:\Users\user\AppData\Roaming\poclbm121016GeForceGTS450gv1w256l4pOpenCL1_1CUDA4_2_1.bin

2013-05-04 13:21:33 -------- d-----w- C:\Users\user\AppData\Roaming\ZombiePirates

2013-05-04 12:35:05 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2013-05-03 14:30:09 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{908770DE-A06B-4970-A023-CA85E2827215}\mpengine.dll

2013-05-03 10:57:55 1409 ----a-w- C:\Windows\SysWow64\tmp8B607.FOT

2013-04-30 16:53:49 -------- d-----w- C:\Users\user\AppData\Roaming\Spore

2013-04-28 17:25:36 -------- d-----w- C:\Users\user\AppData\Roaming\SpeedyPC Software

2013-04-28 17:25:36 -------- d-----w- C:\Users\user\AppData\Roaming\DriverCure

2013-04-28 17:25:25 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software

2013-04-28 17:25:22 -------- d-----w- C:\ProgramData\SpeedyPC Software

2013-04-28 17:25:22 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software

2013-04-28 17:07:45 274432 ----a-w- C:\Windows\SysWow64\ssleay32.dll

2013-04-28 17:07:45 1122304 ----a-w- C:\Windows\SysWow64\libeay32.dll

2013-04-28 17:07:44 81920 ----a-w- C:\Windows\eSellerateControl350.dll

2013-04-28 17:07:44 356352 ----a-w- C:\Windows\eSellerateEngine.dll

2013-04-28 17:07:43 -------- d-----w- C:\Program Files (x86)\Trojan Svchost Removal Tool

2013-04-28 10:54:28 -------- d-----w- C:\Program Files (x86)\HideIPVPN

2013-04-23 18:00:01 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-22 08:27:42 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys

2013-04-22 07:50:52 -------- d-----w- C:\Users\user\AppData\Roaming\Tunngle

2013-04-21 17:57:50 -------- d-----w- C:\Users\user\AppData\Local\Tube Bot

2013-04-21 17:57:32 -------- d-----w- C:\Program Files (x86)\Tube Bot

2013-04-19 08:24:47 -------- d-----w- C:\Program Files\zzzz

2013-04-18 18:08:28 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy

2013-04-17 18:05:02 -------- d-----w- C:\Program Files (x86)\FTDownloader.com

2013-04-16 17:24:06 -------- d-----w- C:\Users\user\AppData\Local\EA Games

2013-04-16 17:23:04 -------- d-----w- C:\Users\user\AppData\Roaming\Dead Space 3

2013-04-13 06:42:59 -------- d-----w- C:\Users\user\AppData\Roaming\Theta

2013-04-13 06:42:18 -------- d-----w- C:\Users\user\AppData\Roaming\Assassin's Creed III

2013-04-12 12:18:14 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2013-04-12 12:18:09 -------- d-----w- C:\Users\user\AppData\Roaming\PingPlotter

2013-04-12 12:17:37 -------- d-----w- C:\Users\user\AppData\Roaming\Downloaded Installations

2013-04-11 12:37:46 -------- d-----w- C:\Users\user\AppData\Local\EdgeOfReality

2013-04-11 09:28:56 -------- d-----w- C:\Users\user\AppData\Local\Introversion

2013-04-11 08:34:24 -------- d-----w- C:\Program Files (x86)\PrivitizeVPN

2013-04-10 06:40:29 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-04-10 06:40:28 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-04-10 06:40:27 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-04-10 06:40:27 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-04-10 06:40:27 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-04-10 06:40:27 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-04-10 06:33:18 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-10 05:49:28 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-04-10 05:40:30 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-10 05:40:29 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-10 05:40:28 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-10 05:40:27 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-10 05:40:27 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-10 05:40:27 112640 ----a-w- C:\Windows\System32\smss.exe

.

==================== Find3M ====================

.

2013-05-01 23:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-19 21:29:51 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-03-19 21:29:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-02-26 10:15:53 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-26 10:15:53 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-12 04:12:06 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys

2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-02-09 21:55:19 114176 ----a-w- C:\Users\user\AppData\Roaming\BabMaint.exe

2013-02-05 08:54:40 37344 ----a-w- C:\Windows\SysWow64\FsUsbExDisk.Sys

2013-02-05 08:54:40 37344 ----a-w- C:\Windows\SysWow64\FsUsbExDisk.Sy_

2013-02-05 08:54:40 233472 ----a-w- C:\Windows\SysWow64\FsUsbExService.Exe

.

============= FINISH: 11:20:34.41 ===============

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 14-Dec-11 7:39:41 AM

System Uptime: 06-May-13 11:00:13 AM (0 hours ago)

.

Motherboard: ASRock | | H61iCafe

Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPUSocket | 3196/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 195 GiB total, 100.867 GiB free.

D: is FIXED (NTFS) - 361 GiB total, 171.324 GiB free.

E: is FIXED (NTFS) - 375 GiB total, 192.773 GiB free.

F: is CDROM ()

G: is CDROM ()

H: is Removable

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP225: 28-Apr-13 7:43:03 PM - Windows Update

RP226: 28-Apr-13 8:46:31 PM - SpeedyPC Pro Backup

RP227: 28-Apr-13 9:02:50 PM - SpeedyPC Pro Backup

RP228: 28-Apr-13 9:04:24 PM - SpeedyPC Pro Backup

RP229: 29-Apr-13 8:06:44 PM - Installed DirectX

RP230: 29-Apr-13 9:13:20 PM - Installed DirectX

RP231: 30-Apr-13 9:00:59 PM - Installed DirectX

RP232: 01-May-13 10:53:15 PM - Restore Operation

RP233: 01-May-13 11:03:07 PM - Windows Update

RP234: 04-May-13 3:34:42 PM - Installed Microsoft XNA Framework Redistributable 4.0

RP235: 04-May-13 3:47:23 PM - Installed DirectX

RP236: 04-May-13 3:54:12 PM - Windows Modules Installer

RP237: 04-May-13 3:56:08 PM - Windows Modules Installer

RP238: 04-May-13 4:20:40 PM - Installed Microsoft XNA Framework Redistributable 3.1

.

==== Installed Programs ======================

.

µTorrent

1Mobile Market

7-Zip 9.20

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX 64-bit

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.4)

Advanced Video Compressor 2012

Aliens: Colonial Marines

Apple Application Support

Apple Software Update

Asmedia ASM104x USB 3.0 Host Controller Driver

ASRock App Charger v1.0.4

ASRock eXtreme Tuner v0.1.61

ASRock InstantBoot v1.26

Assassin's Creed III

Assassin's Creed III 1.01

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Avidemux 2.6

Batman: Arkham Asylum Demo

Bcool

Beroowse22suavee

BlueStacks

BrowserProtect

BrowseToSave 1.74

BS.Player PRO

CCProxy 7.3

Cheat Engine 6.1

City Car Driving 1.2.5

Clownfish for Skype

Dead Space 3

Debut Video Capture Software

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Delta Chrome Toolbar

Delta toolbar

Desura

Detector-Invisible.com v2.1

Diablo II

Don't Starve

Dota 2

Draw Free

EasyTether

EasyTether ADB USB driver

ESET Smart Security

EXPERTool 7.21

Faster Than Light

FIFA 12

FifaRomania DB Changer

Fraps (remove only)

Free Audio Editor

Free RAR Password Recovery

Fruit Ninja Free

Garena Classic 2011

Garena Plus

Google Chrome

Google Earth

Google Update Helper

Grand Theft Auto: Episodes From Liberty City

GunsNGlory WW2

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Intel® Management Engine Components

Java 7 Update 10 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 10 (64-bit)

Java 6 Update 30

Join Air

K-Lite Codec Pack 7.2.0 (Full)

Limba pentru sfaturi ecran Microsoft Office 2010 - Româna

Logitech Webcam Software

Logitech Webcam Software Driver Package

Macro Recorder

Madagascar

Magical Jelly Bean KeyFinder

Malwarebytes Anti-Malware versiunea 1.75.0.1300

Math Blaster Ages 6-8

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Corporation

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft LifeCam

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual Basic 6.0 Upgrade Assessment Tool

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Minecraft Beta Cracked

MixPad Audio Mixer

MSVCRT Redists

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFreeCodec

Need for Speed™ SHIFT

Nero 7 Ultra Edition

neroxml

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 280.19

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.2.23.3

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

OpenAL

Origin

PDF Settings CS5

PFConfig 1.0.296

PhotoStage Slideshow Producer

PingPlotter Standard 3.40.2s

Poker Night 2

PowerISO

Prism Video File Converter

PrivitizeVPN

Quake Live Mozilla Plugin

QuickTime

Realtek High Definition Audio Driver

RollerCoaster Tycoon 3 Demo

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

SDFormatter

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition

Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

Serial Key Maker

SILENT HILL 4

Skype™ 6.3

SmartView for IE

SmartView Software Updater

Sound Blaster X-Fi MB

SpeedyPC Pro

Spider-man

Spy Masters Unmask the Prankster

Steam

SweetIM Bundle by SweetPacks

SweetIM for Messenger 3.7

Switch Sound File Converter

The Walking Dead Episode 5 © Telltales version 1

The Walking Dead Survival Instinct

TNod User & Password Finder

Toolbar 4.7 by SweetPacks

Trojan Svchost Removal Tool

Tube Bot 2.55

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

Update Manager for SweetPacks 1.1

Vegas Pro 11.0 (64-bit)

VibrateGameDeviceDriver

VideoPad Video Editor

Virtua Tennis 2009

VLC media player 1.1.5

Warrior Kings - Battles

WavePad Sound Editor

WiFi HotSpot Creator

Winamp

Winamp Detector Plug-in

WindowsApplication-paypal2

WinRAR 4.00 beta 2 (32-bit)

Xvid Video Codec

XZONE REACTOR Application

Yahoo! Messenger

Yahoo! Toolbar

Your Product

YTD Video Downloader 3.9.4

ZackZero © Crocodile Entertainment version 1

Zombie Pirates

.

==== Event Viewer Messages From Past Week ========

.

29-Apr-13 11:14:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

29-Apr-13 11:14:09 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

29-Apr-13 10:10:05 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

29-Apr-13 10:09:35 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

29-Apr-13 10:09:35 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

06-May-13 11:04:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

06-May-13 11:04:24 AM, Error: Service Control Manager [7000] - The Intel® Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

06-May-13 11:03:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

06-May-13 11:03:26 AM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=23) while initializing logging resources for channel Microsoft-Windows-Bits-Client/Operational.

06-May-13 11:00:35 AM, Error: Service Control Manager [7000] - The TBPanel service failed to start due to the following error: The system cannot find the file specified.

06-May-13 11:00:31 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\Dyncal.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

06-May-13 10:21:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

05-May-13 8:41:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

05-May-13 10:51:00 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

05-May-13 10:22:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

05-May-13 10:22:16 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

01-May-13 8:04:05 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

01-May-13 8:04:01 PM, Error: Service Control Manager [7038] - The wscsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

01-May-13 8:04:01 PM, Error: Service Control Manager [7038] - The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

01-May-13 8:04:01 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure.

01-May-13 8:04:01 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not start due to a logon failure.

01-May-13 10:13:30 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

01-May-13 10:12:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Update Service Daemon service to connect.

.

==== End Of File ===========================

Maniac · May 6, 2013

Hello Skatez and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall the following applications:

µTorrent

Delta Chrome Toolbar

Delta toolbar

PrivitizeVPN

SweetIM Bundle by SweetPacks

SweetIM for Messenger 3.7

Toolbar 4.7 by SweetPacks

SmartView for IE

SmartView Software Updater

Step 2

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 5

Please download AdwCleaner from here and save it on your Desktop.

Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 6

Download on the desktop RogueKiller
Quit all programs
Start RogueKiller.exe
Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

Junkware Removal Tool log
TDSSKiller log
Malwarebytes' Anti-Malware log
AdwCleaner log
RogueKiller log
a new fresh DDS log

Skatez · May 6, 2013

<div>Junkware Removal Tool (JRT) by Thisisu</div>

<div>Version: 4.9.3 (04.29.2013:2)</div>

<div>OS: Windows 7 Ultimate x64</div>

<div>~~~ Services</div>

<div>~~~ Registry Values</div>

<div>Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs</div>

<div>Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page</div>

<div>Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page</div>

<div>Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page</div>

<div>Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page</div>

<div>Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page</div>

<div>Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2329451185-1891167183-329065827-1000\Software\Microsoft\Internet Explorer\Main\\Start Page</div>

<div>Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page</div>

<div>Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope</div>

<div>~~~ Registry Keys</div>

<div>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc</div>

<div>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1</div>

<div>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin</div>

<div>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1</div>

<div>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon</div>

<div>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit</div>

<div>Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr</div>

<div>Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr</div>

<div>Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com</div>

<div>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic</div>

<div>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch</div>

<div>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim</div>

<div>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit</div>

<div>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar</div>

<div>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\nctaudiocdgrabber2.dll</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bhoclass.bho.bhoclass.bho</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bhoclass.bho.bhoclass.bho.1.0</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetie.ietoolbar</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetie.ietoolbar.1</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.sweetie</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.sweetie.1</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasapi32</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasmancs</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs</div>

<div>Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector</div>

<div>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</div>

<div>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}</div>

<div>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}</div>

<div>Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" </div>

<div>Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" </div>

<div>~~~ Files</div>

<div>Successfully deleted: [File] C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job</div>

<div>Successfully deleted: [File] C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job</div>

<div>~~~ Folders</div>

<div>Successfully deleted: [Folder] "C:\ProgramData\babylon"</div>

<div>Successfully deleted: [Folder] "C:\ProgramData\bcool"</div>

<div>Failed to delete: [Folder] "C:\ProgramData\browserprotect"</div>

<div>Successfully deleted: [Folder] "C:\ProgramData\installmate"</div>

<div>Successfully deleted: [Folder] "C:\ProgramData\premium"</div>

<div>Successfully deleted: [Folder] "C:\ProgramData\speedypc software"</div>

<div>Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"</div>

<div>Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"</div>

<div>Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\drivercure"</div>

<div>Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\opencandy"</div>

<div>Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\speedypc software"</div>

<div>Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\bcool"</div>

<div>Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit"</div>

<div>Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\delta"</div>

<div>Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"</div>

<div>Successfully deleted: [Folder] "C:\Program Files (x86)\mybrowsercash"</div>

<div>Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"</div>

<div>Successfully deleted: [Folder] "C:\Program Files (x86)\speedypc software"</div>

<div>Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"</div>

<div>Successfully deleted: [Folder] "C:\Program Files (x86)\your product"</div>

<div>Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"</div>

<div>Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bcool"</div>

<div>Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"</div>

<div>Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\microsoft\windows\start menu\programs\speedypc software"</div>

<div>Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"</div>

<div>~~~ Event Viewer Logs were cleared</div>

<div>Scan was completed on 06-May-13 at 16:51:03.25</div>

<div>

<div>17:00:56.0345 3144 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42</div>

<div>17:00:56.0392 3144 Current date / time: 2013/05/06 17:00:56.0392</div>

<div>17:00:56.0392 3144 SystemInfo:</div>

<div>17:00:56.0392 3144 OS Version: 6.1.7601 ServicePack: 1.0</div>

<div>17:00:56.0392 3144 Product type: Workstation</div>

<div>17:00:56.0392 3144 ComputerName: USER-PC</div>

<div>17:00:56.0392 3144 UserName: user</div>

<div>17:00:56.0392 3144 Windows directory: C:\Windows</div>

<div>17:00:56.0392 3144 System windows directory: C:\Windows</div>

<div>17:00:56.0392 3144 Running under WOW64</div>

<div>17:00:56.0392 3144 Processor architecture: Intel x64</div>

<div>17:00:56.0392 3144 Number of processors: 8</div>

<div>17:00:56.0392 3144 Boot type: Normal boot</div>

<div>17:01:13.0412 3144 BG loaded</div>

<div>17:01:14.0004 3144 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040</div>

<div>17:01:14.0036 3144 \Device\Harddisk0\DR0:</div>

<div>17:01:14.0067 3144 MBR partitions:</div>

<div>17:01:14.0067 3144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000</div>

<div>17:01:14.0067 3144 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866D800</div>

<div>17:01:14.0067 3144 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0x2D2A8000</div>

<div>17:01:14.0067 3144 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x45948000, BlocksNum 0x2EDBE000</div>

<div>17:01:14.0114 3144 C: <-> \Device\Harddisk0\DR0\Partition2</div>

<div>17:01:14.0348 3144 D: <-> \Device\Harddisk0\DR0\Partition3</div>

<div>17:01:14.0457 3144 E: <-> \Device\Harddisk0\DR0\Partition4</div>

<div>17:01:14.0457 3144 Initialize success</div>

<div>17:01:20.0265 3600 Scan started</div>

<div>17:01:20.0265 3600 Mode: Manual; SigCheck; TDLFS; </div>

<div>17:01:24.0700 3600 ================ Scan system memory ========================</div>

<div>17:01:24.0700 3600 System memory - ok</div>

<div>17:01:24.0700 3600 ================ Scan services =============================</div>

<div>17:01:26.0822 3600 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys</div>

<div>17:01:27.0243 3600 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys</div>

<div>17:01:27.0337 3600 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys</div>

<div>17:01:27.0914 3600 AcpiPmi - ok</div>

<div>17:01:28.0413 3600 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe</div>

<div>17:01:28.0491 3600 AdobeARMservice - ok</div>

<div>17:01:28.0819 3600 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys</div>

<div>17:01:29.0240 3600 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys</div>

<div>17:01:29.0287 3600 adpahci - ok</div>

<div>17:01:29.0334 3600 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys</div>

<div>17:01:29.0459 3600 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll</div>

<div>17:01:31.0377 3600 AeLookupSvc - ok</div>

<div>17:01:31.0549 3600 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys</div>

<div>17:01:31.0767 3600 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys</div>

<div>17:01:31.0923 3600 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe</div>

<div>17:01:32.0220 3600 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys</div>

<div>17:01:32.0298 3600 aliide - ok</div>

<div>17:01:32.0313 3600 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys</div>

<div>17:01:32.0329 3600 amdide - ok</div>

<div>17:01:32.0391 3600 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys</div>

<div>17:01:32.0501 3600 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys</div>

<div>17:01:32.0563 3600 AmdPPM - ok</div>

<div>17:01:32.0625 3600 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys</div>

<div>17:01:32.0719 3600 amdsata - ok</div>

<div>17:01:32.0781 3600 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys</div>

<div>17:01:32.0813 3600 amdsbs - ok</div>

<div>17:01:32.0859 3600 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys</div>

<div>17:01:32.0891 3600 amdxata - ok</div>

<div>17:01:32.0969 3600 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys</div>

<div>17:01:33.0811 3600 AppID - ok</div>

<div>17:01:33.0827 3600 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll</div>

<div>17:01:33.0889 3600 AppIDSvc - ok</div>

<div>17:01:33.0920 3600 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll</div>

<div>17:01:33.0983 3600 Appinfo - ok</div>

<div>17:01:33.0998 3600 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll</div>

<div>17:01:34.0232 3600 AppMgmt - ok</div>

<div>17:01:34.0248 3600 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys</div>

<div>17:01:34.0404 3600 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys</div>

<div>17:01:34.0419 3600 arcsas - ok</div>

<div>17:01:34.0513 3600 [ 7D64FF29CD50D422C27F4E72643C81FB ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys</div>

<div>17:01:34.0794 3600 asmthub3 - ok</div>

<div>17:01:34.0919 3600 [ AA90B52EE66052543D76587508C1A627 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys</div>

<div>17:01:35.0059 3600 asmtxhci - ok</div>

<div>17:01:35.0605 3600 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe</div>

<div>17:01:35.0683 3600 aspnet_state - ok</div>

<div>17:01:35.0730 3600 [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys</div>

<div>17:01:35.0745 3600 AsrAppCharger - ok</div>

<div>17:01:35.0761 3600 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys</div>

<div>17:01:35.0823 3600 AsyncMac - ok</div>

<div>17:01:35.0839 3600 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys</div>

<div>17:01:35.0855 3600 atapi - ok</div>

<div>17:01:35.0886 3600 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll</div>

<div>17:01:35.0948 3600 AudioEndpointBuilder - ok</div>

<div>17:01:35.0964 3600 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll</div>

<div>17:01:35.0979 3600 AudioSrv - ok</div>

<div>17:01:35.0995 3600 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll</div>

<div>17:01:36.0089 3600 AxInstSV - ok</div>

<div>17:01:36.0120 3600 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys</div>

<div>17:01:36.0213 3600 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys</div>

<div>17:01:36.0276 3600 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll</div>

<div>17:01:36.0307 3600 BDESVC - ok</div>

<div>17:01:36.0338 3600 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys</div>

<div>17:01:36.0432 3600 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll</div>

<div>17:01:36.0494 3600 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll</div>

<div>17:01:36.0572 3600 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys</div>

<div>17:01:36.0572 3600 blbdrive - ok</div>

<div>17:01:36.0603 3600 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys</div>

<div>17:01:36.0635 3600 bowser - ok</div>

<div>17:01:36.0635 3600 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys</div>

<div>17:01:36.0681 3600 BrFiltLo - ok</div>

<div>17:01:36.0681 3600 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys</div>

<div>17:01:36.0697 3600 BrFiltUp - ok</div>

<div>17:01:36.0728 3600 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys</div>

<div>17:01:36.0759 3600 Bridge - ok</div>

<div>17:01:36.0806 3600 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys</div>

<div>17:01:36.0853 3600 BridgeMP - ok</div>

<div>17:01:36.0869 3600 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll</div>

<div>17:01:36.0900 3600 Browser - ok</div>

<div>17:01:36.0900 3600 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys</div>

<div>17:01:36.0931 3600 Brserid - ok</div>

<div>17:01:36.0931 3600 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys</div>

<div>17:01:36.0947 3600 BrSerWdm - ok</div>

<div>17:01:36.0947 3600 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys</div>

<div>17:01:36.0978 3600 BrUsbMdm - ok</div>

<div>17:01:36.0978 3600 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys</div>

<div>17:01:36.0993 3600 BrUsbSer - ok</div>

<div>17:01:37.0118 3600 [ F757545A05C12D64CB6BB9FA39178956 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe</div>

<div>17:01:37.0165 3600 BstHdAndroidSvc - ok</div>

<div>17:01:37.0212 3600 [ D22030F39B71617E5BEA65EBEC3497AF ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys</div>

<div>17:01:37.0243 3600 BstHdDrv - ok</div>

<div>17:01:37.0259 3600 [ E7768B241F6785102A6164CD87B298DE ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe</div>

<div>17:01:37.0274 3600 BstHdLogRotatorSvc - ok</div>

<div>17:01:37.0290 3600 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys</div>

<div>17:01:37.0337 3600 BTHMODEM - ok</div>

<div>17:01:37.0352 3600 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll</div>

<div>17:01:37.0415 3600 bthserv - ok</div>

<div>17:01:37.0430 3600 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys</div>

<div>17:01:37.0524 3600 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys</div>

<div>17:01:37.0555 3600 cdrom - ok</div>

<div>17:01:37.0586 3600 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll</div>

<div>17:01:37.0633 3600 CertPropSvc - ok</div>

<div>17:01:37.0664 3600 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys</div>

<div>17:01:37.0664 3600 circlass - ok</div>

<div>17:01:37.0695 3600 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys</div>

<div>17:01:37.0773 3600 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe</div>

<div>17:01:37.0820 3600 clr_optimization_v2.0.50727_32 - ok</div>

<div>17:01:37.0883 3600 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe</div>

<div>17:01:37.0898 3600 clr_optimization_v2.0.50727_64 - ok</div>

<div>17:01:37.0976 3600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</div>

<div>17:01:38.0101 3600 clr_optimization_v4.0.30319_32 - ok</div>

<div>17:01:38.0132 3600 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe</div>

<div>17:01:38.0179 3600 clr_optimization_v4.0.30319_64 - ok</div>

<div>17:01:38.0195 3600 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys</div>

<div>17:01:38.0210 3600 CmBatt - ok</div>

<div>17:01:38.0241 3600 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys</div>

<div>17:01:38.0257 3600 cmdide - ok</div>

<div>17:01:38.0335 3600 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys</div>

<div>17:01:38.0366 3600 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys</div>

<div>17:01:38.0382 3600 Compbatt - ok</div>

<div>17:01:38.0413 3600 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys</div>

<div>17:01:38.0444 3600 CompositeBus - ok</div>

<div>17:01:38.0444 3600 COMSysApp - ok</div>

<div>17:01:38.0444 3600 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys</div>

<div>17:01:38.0444 3600 crcdisk - ok</div>

<div>17:01:38.0507 3600 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe</div>

<div>17:01:38.0522 3600 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning</div>

<div>17:01:38.0522 3600 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)</div>

<div>17:01:38.0553 3600 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe</div>

<div>17:01:38.0616 3600 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning</div>

<div>17:01:38.0616 3600 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)</div>

<div>17:01:38.0647 3600 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll</div>

<div>17:01:38.0694 3600 CryptSvc - ok</div>

<div>17:01:38.0741 3600 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys</div>

<div>17:01:38.0834 3600 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll</div>

<div>17:01:38.0865 3600 CscService - ok</div>

<div>17:01:38.0928 3600 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe</div>

<div>17:01:39.0536 3600 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning</div>

<div>17:01:39.0536 3600 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)</div>

<div>17:01:39.0583 3600 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll</div>

<div>17:01:39.0645 3600 DcomLaunch - ok</div>

<div>17:01:39.0692 3600 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll</div>

<div>17:01:39.0739 3600 defragsvc - ok</div>

<div>17:01:39.0817 3600 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe</div>

<div>17:01:39.0833 3600 Desura Install Service - ok</div>

<div>17:01:39.0879 3600 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys</div>

<div>17:01:39.0942 3600 dgderdrv - ok</div>

<div>17:01:39.0989 3600 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys</div>

<div>17:01:40.0004 3600 dg_ssudbus - ok</div>

<div>17:01:40.0035 3600 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll</div>

<div>17:01:40.0098 3600 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys</div>

<div>17:01:40.0160 3600 discache - ok</div>

<div>17:01:40.0207 3600 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys</div>

<div>17:01:40.0269 3600 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll</div>

<div>17:01:40.0316 3600 Dnscache - ok</div>

<div>17:01:40.0379 3600 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll</div>

<div>17:01:40.0488 3600 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll</div>

<div>17:01:40.0581 3600 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys</div>

<div>17:01:40.0628 3600 drmkaud - ok</div>

<div>17:01:40.0644 3600 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys</div>

<div>17:01:40.0675 3600 DXGKrnl - ok</div>

<div>17:01:40.0691 3600 DynCal - ok</div>

<div>17:01:40.0722 3600 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys</div>

<div>17:01:40.0753 3600 eamonm - ok</div>

<div>17:01:40.0769 3600 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll</div>

<div>17:01:40.0815 3600 EapHost - ok</div>

<div>17:01:40.0847 3600 [ 3C9BE677ACA31AF8F2B7E5270B2BEED3 ] easytether C:\Windows\system32\DRIVERS\easytthr.sys</div>

<div>17:01:40.0847 3600 easytether - ok</div>

<div>17:01:41.0112 3600 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys</div>

<div>17:01:41.0205 3600 ebdrv - ok</div>

<div>17:01:41.0252 3600 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe</div>

<div>17:01:41.0330 3600 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys</div>

<div>17:01:41.0346 3600 ehdrv - ok</div>

<div>17:01:41.0408 3600 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe</div>

<div>17:01:41.0455 3600 ehRecvr - ok</div>

<div>17:01:41.0471 3600 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe</div>

<div>17:01:41.0517 3600 ehSched - ok</div>

<div>17:01:41.0627 3600 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe</div>

<div>17:01:41.0689 3600 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys</div>

<div>17:01:41.0720 3600 elxstor - ok</div>

<div>17:01:41.0736 3600 [ 198C6FBC30BBD9632EA051203DCCF204 ] epfw C:\Windows\system32\DRIVERS\epfw.sys</div>

<div>17:01:41.0767 3600 [ 56DE463F517710A8AA44EEF82C35B3C9 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys</div>

<div>17:01:41.0798 3600 EpfwLWF - ok</div>

<div>17:01:41.0798 3600 [ 710B0442BB2F99278D7B8E02A8849C11 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys</div>

<div>17:01:41.0814 3600 epfwwfp - ok</div>

<div>17:01:41.0845 3600 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys</div>

<div>17:01:41.0892 3600 ErrDev - ok</div>

<div>17:01:41.0923 3600 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll</div>

<div>17:01:41.0954 3600 EventSystem - ok</div>

<div>17:01:41.0970 3600 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys</div>

<div>17:01:42.0001 3600 exfat - ok</div>

<div>17:01:42.0017 3600 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys</div>

<div>17:01:42.0079 3600 fastfat - ok</div>

<div>17:01:42.0110 3600 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe</div>

<div>17:01:42.0141 3600 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys</div>

<div>17:01:42.0173 3600 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll</div>

<div>17:01:42.0219 3600 fdPHost - ok</div>

<div>17:01:42.0235 3600 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll</div>

<div>17:01:42.0282 3600 FDResPub - ok</div>

<div>17:01:42.0313 3600 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys</div>

<div>17:01:42.0313 3600 FileInfo - ok</div>

<div>17:01:42.0329 3600 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys</div>

<div>17:01:42.0360 3600 Filetrace - ok</div>

<div>17:01:42.0360 3600 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys</div>

<div>17:01:42.0360 3600 flpydisk - ok</div>

<div>17:01:42.0391 3600 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys</div>

<div>17:01:42.0391 3600 FltMgr - ok</div>

<div>17:01:42.0703 3600 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll</div>

<div>17:01:42.0750 3600 FontCache - ok</div>

<div>17:01:42.0812 3600 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe</div>

<div>17:01:42.0859 3600 FontCache3.0.0.0 - ok</div>

<div>17:01:42.0875 3600 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys</div>

<div>17:01:42.0890 3600 FsDepends - ok</div>

<div>17:01:43.0015 3600 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS</div>

<div>17:01:43.0062 3600 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning</div>

<div>17:01:43.0062 3600 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)</div>

<div>17:01:43.0077 3600 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys</div>

<div>17:01:43.0124 3600 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys</div>

<div>17:01:43.0155 3600 fvevol - ok</div>

<div>17:01:43.0171 3600 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys</div>

<div>17:01:43.0280 3600 GGSAFERDriver - ok</div>

<div>17:01:43.0327 3600 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll</div>

<div>17:01:43.0374 3600 gpsvc - ok</div>

<div>17:01:43.0405 3600 [ E9FF64AEBCC87F9A5A2B70382DD6413B ] GTUHSBUS C:\Windows\system32\DRIVERS\gtuhsbus.sys</div>

<div>17:01:43.0436 3600 GTUHSBUS - ok</div>

<div>17:01:43.0467 3600 [ E828BF42D350A7ABB6C4C29BDBBCFB80 ] GTUHSNDISIPXP C:\Windows\system32\DRIVERS\gtuhs51.sys</div>

<div>17:01:43.0530 3600 GTUHSNDISIPXP - ok</div>

<div>17:01:43.0530 3600 [ 4E82F226B7CB482188FB61892727EFA3 ] GTUHSSER C:\Windows\system32\DRIVERS\gtuhsser.sys</div>

<div>17:01:43.0561 3600 GTUHSSER - ok</div>

<div>17:01:43.0639 3600 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</div>

<div>17:01:43.0655 3600 gupdate - ok</div>

<div>17:01:43.0670 3600 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</div>

<div>17:01:43.0670 3600 gupdatem - ok</div>

<div>17:01:43.0686 3600 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys</div>

<div>17:01:43.0748 3600 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys</div>

<div>17:01:43.0779 3600 HdAudAddService - ok</div>

<div>17:01:43.0826 3600 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys</div>

<div>17:01:43.0842 3600 HDAudBus - ok</div>

<div>17:01:43.0857 3600 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys</div>

<div>17:01:43.0873 3600 HidBatt - ok</div>

<div>17:01:43.0873 3600 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys</div>

<div>17:01:43.0904 3600 HidBth - ok</div>

<div>17:01:43.0920 3600 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys</div>

<div>17:01:43.0935 3600 HidIr - ok</div>

<div>17:01:43.0951 3600 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll</div>

<div>17:01:43.0998 3600 hidserv - ok</div>

<div>17:01:44.0029 3600 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys</div>

<div>17:01:44.0045 3600 HidUsb - ok</div>

<div>17:01:44.0060 3600 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll</div>

<div>17:01:44.0091 3600 hkmsvc - ok</div>

<div>17:01:44.0123 3600 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll</div>

<div>17:01:44.0138 3600 HomeGroupListener - ok</div>

<div>17:01:44.0185 3600 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll</div>

<div>17:01:44.0201 3600 HomeGroupProvider - ok</div>

<div>17:01:44.0216 3600 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys</div>

<div>17:01:44.0232 3600 HpSAMD - ok</div>

<div>17:01:44.0279 3600 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys</div>

<div>17:01:44.0372 3600 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys</div>

<div>17:01:44.0388 3600 hwpolicy - ok</div>

<div>17:01:44.0466 3600 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys</div>

<div>17:01:44.0497 3600 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys</div>

<div>17:01:44.0528 3600 iaStorV - ok</div>

<div>17:01:44.0575 3600 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe</div>

<div>17:01:44.0606 3600 idsvc - ok</div>

<div>17:01:44.0622 3600 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys</div>

<div>17:01:44.0637 3600 iirsp - ok</div>

<div>17:01:44.0747 3600 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll</div>

<div>17:01:44.0793 3600 IKEEXT - ok</div>

<div>17:01:45.0027 3600 [ 895C6DD2A3CAB8C2BAEDB201DD1A7D40 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys</div>

<div>17:01:45.0074 3600 IntcAzAudAddService - ok</div>

<div>17:01:45.0090 3600 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys</div>

<div>17:01:45.0121 3600 intelide - ok</div>

<div>17:01:45.0137 3600 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys</div>

<div>17:01:45.0168 3600 intelppm - ok</div>

<div>17:01:45.0230 3600 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll</div>

<div>17:01:45.0277 3600 IPBusEnum - ok</div>

<div>17:01:45.0308 3600 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys</div>

<div>17:01:45.0339 3600 IpFilterDriver - ok</div>

<div>17:01:45.0402 3600 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll</div>

<div>17:01:45.0449 3600 iphlpsvc - ok</div>

<div>17:01:45.0480 3600 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys</div>

<div>17:01:45.0527 3600 IPMIDRV - ok</div>

<div>17:01:45.0542 3600 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys</div>

<div>17:01:45.0589 3600 IPNAT - ok</div>

<div>17:01:45.0605 3600 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys</div>

<div>17:01:45.0620 3600 IRENUM - ok</div>

<div>17:01:45.0651 3600 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys</div>

<div>17:01:45.0683 3600 isapnp - ok</div>

<div>17:01:45.0776 3600 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys</div>

<div>17:01:45.0807 3600 iScsiPrt - ok</div>

<div>17:01:45.0823 3600 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys</div>

<div>17:01:45.0839 3600 kbdclass - ok</div>

<div>17:01:45.0870 3600 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys</div>

<div>17:01:45.0901 3600 kbdhid - ok</div>

<div>17:01:45.0917 3600 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe</div>

<div>17:01:45.0932 3600 KeyIso - ok</div>

<div>17:01:45.0995 3600 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys</div>

<div>17:01:45.0995 3600 KSecDD - ok</div>

<div>17:01:46.0010 3600 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys</div>

<div>17:01:46.0026 3600 KSecPkg - ok</div>

<div>17:01:46.0041 3600 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys</div>

<div>17:01:46.0073 3600 ksthunk - ok</div>

<div>17:01:46.0088 3600 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll</div>

<div>17:01:46.0119 3600 KtmRm - ok</div>

<div>17:01:46.0151 3600 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys</div>

<div>17:01:46.0213 3600 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll</div>

<div>17:01:46.0260 3600 LanmanServer - ok</div>

<div>17:01:46.0275 3600 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll</div>

<div>17:01:46.0307 3600 LanmanWorkstation - ok</div>

<div>17:01:46.0353 3600 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys</div>

<div>17:01:46.0400 3600 lltdio - ok</div>

<div>17:01:46.0431 3600 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll</div>

<div>17:01:46.0463 3600 lltdsvc - ok</div>

<div>17:01:46.0478 3600 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll</div>

<div>17:01:46.0494 3600 lmhosts - ok</div>

<div>17:01:46.0556 3600 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe</div>

<div>17:01:46.0603 3600 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys</div>

<div>17:01:46.0619 3600 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys</div>

<div>17:01:46.0634 3600 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys</div>

<div>17:01:46.0650 3600 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys</div>

<div>17:01:46.0665 3600 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys</div>

<div>17:01:46.0697 3600 luafv - ok</div>

<div>17:01:46.0728 3600 [ 4A503882318BB2F59218D401614E6AF6 ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys</div>

<div>17:01:46.0743 3600 lvpepf64 - ok</div>

<div>17:01:46.0775 3600 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys</div>

<d

Skatez · May 6, 2013

Sorry for my last post, it was too long and idk how it got like that.

So i have to put tdss alone somewhere, it's too big...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.3 (04.29.2013:2)

OS: Windows 7 Ultimate x64

Ran by user on 06-May-13 at 16:48:19.63

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2329451185-1891167183-329065827-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\nctaudiocdgrabber2.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bhoclass.bho.bhoclass.bho

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bhoclass.bho.bhoclass.bho.1.0

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetie.ietoolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetie.ietoolbar.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.sweetie

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.sweetie.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

~~~ Files

Successfully deleted: [File] C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job

Successfully deleted: [File] C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\bcool"

Failed to delete: [Folder] "C:\ProgramData\browserprotect"

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\drivercure"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\speedypc software"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\bcool"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\delta"

Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\mybrowsercash"

Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"

Successfully deleted: [Folder] "C:\Program Files (x86)\speedypc software"

Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"

Successfully deleted: [Folder] "C:\Program Files (x86)\your product"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bcool"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\microsoft\windows\start menu\programs\speedypc software"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 06-May-13 at 16:51:03.25

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.06.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

user :: USER-PC [administrator]

Protection: Enabled

06-May-13 5:08:12 PM

mbam-log-2013-05-06 (17-08-12).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 236892

Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : user [Admin rights]

Mode : Scan -- Date : 05/06/2013 17:18:14

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 20 ¤¤¤

[TASK][sUSP PATH] At1.job : C:\Users\user\AppData\Local\Temp\esev.exe [x] -> FOUND

[TASK][sUSP PATH] At1 : C:\Users\user\AppData\Local\Temp\esev.exe [x] -> FOUND

[TASK][sUSP PATH] {3FD39ED2-F7C5-4005-8263-4A0259AE780A} : C:\Users\user\Desktop\New folder (5)\Joculet\Donald.exe [x] -> FOUND

[TASK][sUSP PATH] {409C923F-4167-46B7-B82E-F33370014D65} : C:\Users\user\Desktop\Joculet\Donald.exe [x] -> FOUND

[TASK][sUSP PATH] {5439D736-9178-4416-88D4-7ECEBDA4143B} : C:\Users\user\Desktop\New folder (5)\Joculet\Donald.exe [x] -> FOUND

[TASK][sUSP PATH] {852EC77D-E9F3-48C7-8D8F-A75A8579A8C2} : C:\Users\user\Desktop\New folder (5)\Tom and Jerry in Fists of Furry\TJPC (release).exe [x] -> FOUND

[TASK][sUSP PATH] {8C3F6386-3876-46A5-93FA-912776F48E7D} : C:\Users\user\Desktop\Joculet\Donald.exe [x] -> FOUND

[TASK][sUSP PATH] {C746871A-EB93-4018-99CA-56288123E9CD} : C:\Users\user\Desktop\New folder (5)\VirtualDub-1.9.11\VirtualDub.exe [x] -> FOUND

[TASK][sUSP PATH] {F470C9A9-513A-4B2A-9641-978B0A3F4F7A} : C:\Users\user\Desktop\Joculet\Donald.exe [x] -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 activate.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EARS-00Y5B1 ATA Device +++++

--- User ---

[MBR] 2c0fc794263fb85580c998820256a9f8

[bSP] 22447fd76532e191b39be104a8baf784 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199899 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600000 | Size: 370000 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1167360000 | Size: 383868 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05062013_02d1718.txt >>

RKreport[1]_S_05062013_02d1718.txt

# AdwCleaner v2.300 - Logfile created 05/06/2013 at 17:13:51

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : user - USER-PC

# Boot Mode : Normal

# Running from : C:\Users\user\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\user.js

Folder Found : C:\Program Files (x86)\Gophoto.it

Folder Found : C:\Program Files (x86)\TornTV.com

Folder Found : C:\ProgramData\APN

Folder Found : C:\ProgramData\Beroowse22suavee

Folder Found : C:\ProgramData\DeviceVM

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beroowse22suavee

Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

***** [Registry] *****

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82EA3E77-7BD2-4744-A8F2-670770767EC5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0180D0F8-C7A2-77F1-4CA8-77021BB1AF86}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\f53d7dfb26fbf12

Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\Software\TENCENT

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Found : HKLM\SOFTWARE\Wow6432Node\f53d7dfb26fbf12

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82EA3E77-7BD2-4744-A8F2-670770767EC5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20E7BC40-33F6-4A81-9D52-B58349326206}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM

Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

*************************

AdwCleaner[R1].txt - [10173 octets] - [06/05/2013 17:13:51]

########## EOF - C:\AdwCleaner[R1].txt - [10234 octets] ##########

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476

Run by user at 17:18:53 on 2013-05-06

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8174.6461 [GMT 3:00]

.

AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Windows\SysWOW64\secpro.exe

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

D:\Join Air\AssistantServices.exe

D:\Jocuri)\WTGService.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

D:\Jocuri\InternetEverywhere\Launcher.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

D:\Jocuri\InternetEverywhere\InternetEverywhere.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearch Bar = Preserve

mStart Page = hxxp://www.google.com