Infected with a wow.dll Virus, need help removing it completely

[DeadbeamZERO]

Hi, a couple days ago I recieved a message when I booted up my PC. After a few seconds, the taskbar stopped working and the computer had to restart Windows Explorer. Afterwards a message popped up saying

"There was a problem starting C:\Users\Fahad\AppData\Local\Temp\spsheqq\srnvxpy\wow.dll

A Dynamic Link Library (DLL) Initialization Route Failed"

I ran the command sfc/scannow, with no integrity infractions coming up. I ran my antivirus, Trend Micro Titanium and scanned the Temps folder which yielded no malware results. However I believe this is a virus, the directory or junction address looks supsicious and is no where to be found in the temps folder. I need help getting this thing off my system, without resetting it to factory settings. wow.dll hasn't caused any harm yet, but I fear that if I leave it alone, it could do some potential damage in the future.

Please help.

[D-FRED-BROWN]

Hello DeadbeamZERO and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.
  

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

----------Step 5----------------

In your next reply, please include the following:

• TDSSKiller's logfile
  
• MBAR mbar-log.txt and system-log.txt
  
• ComboFix's report (C:\ComboFix.txt)
  
• Security Check checkup.txt
  

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

[DeadbeamZERO]

Hi I have followed step one and am currently doing the other steps as well, here is the log from the first step:

18:30:07.0674 5684 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19

18:30:07.0896 5684 ============================================================

18:30:07.0896 5684 Current date / time: 2013/06/12 18:30:07.0896

18:30:07.0896 5684 SystemInfo:

18:30:07.0896 5684

18:30:07.0896 5684 OS Version: 6.1.7601 ServicePack: 1.0

18:30:07.0896 5684 Product type: Workstation

18:30:07.0896 5684 ComputerName: FAHAD-PC

18:30:07.0896 5684 UserName: Fahad

18:30:07.0896 5684 Windows directory: C:\Windows

18:30:07.0896 5684 System windows directory: C:\Windows

18:30:07.0896 5684 Running under WOW64

18:30:07.0896 5684 Processor architecture: Intel x64

18:30:07.0896 5684 Number of processors: 4

18:30:07.0896 5684 Page size: 0x1000

18:30:07.0896 5684 Boot type: Normal boot

18:30:07.0896 5684 ============================================================

18:30:08.0790 5684 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:30:08.0792 5684 ============================================================

18:30:08.0792 5684 \Device\Harddisk0\DR0:

18:30:08.0792 5684 MBR partitions:

18:30:08.0792 5684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x32000

18:30:08.0792 5684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x33AE0, BlocksNum 0x746D32D0

18:30:08.0792 5684 ============================================================

18:30:08.0813 5684 C: <-> \Device\Harddisk0\DR0\Partition2

18:30:08.0813 5684 ============================================================

18:30:08.0813 5684 Initialize success

18:30:08.0813 5684 ============================================================

18:30:43.0347 4148 ============================================================

18:30:43.0347 4148 Scan started

18:30:43.0347 4148 Mode: Manual;

18:30:43.0347 4148 ============================================================

18:30:43.0915 4148 ================ Scan system memory ========================

18:30:43.0915 4148 System memory - ok

18:30:43.0915 4148 ================ Scan services =============================

18:30:44.0006 4148 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

18:30:44.0009 4148 1394ohci - ok

18:30:44.0046 4148 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

18:30:44.0049 4148 ACPI - ok

18:30:44.0075 4148 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

18:30:44.0076 4148 AcpiPmi - ok

18:30:44.0166 4148 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

18:30:44.0166 4148 AdobeARMservice - ok

18:30:44.0266 4148 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

18:30:44.0269 4148 AdobeFlashPlayerUpdateSvc - ok

18:30:44.0298 4148 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

18:30:44.0303 4148 adp94xx - ok

18:30:44.0317 4148 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

18:30:44.0321 4148 adpahci - ok

18:30:44.0331 4148 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

18:30:44.0333 4148 adpu320 - ok

18:30:44.0357 4148 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

18:30:44.0359 4148 AeLookupSvc - ok

18:30:44.0397 4148 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

18:30:44.0401 4148 AFD - ok

18:30:44.0413 4148 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

18:30:44.0414 4148 agp440 - ok

18:30:44.0423 4148 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

18:30:44.0425 4148 ALG - ok

18:30:44.0431 4148 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

18:30:44.0432 4148 aliide - ok

18:30:44.0465 4148 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

18:30:44.0467 4148 AMD External Events Utility - ok

18:30:44.0470 4148 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

18:30:44.0471 4148 amdide - ok

18:30:44.0483 4148 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

18:30:44.0484 4148 AmdK8 - ok

18:30:44.0714 4148 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

18:30:44.0842 4148 amdkmdag - ok

18:30:44.0867 4148 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

18:30:44.0872 4148 amdkmdap - ok

18:30:44.0887 4148 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

18:30:44.0889 4148 AmdPPM - ok

18:30:44.0913 4148 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

18:30:44.0915 4148 amdsata - ok

18:30:44.0945 4148 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

18:30:44.0947 4148 amdsbs - ok

18:30:44.0959 4148 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

18:30:44.0960 4148 amdxata - ok

18:30:45.0044 4148 [ 1B7D1F0A0DFADBC797C16364792A7AA5 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

18:30:45.0047 4148 Amsp - ok

18:30:45.0080 4148 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

18:30:45.0081 4148 AppID - ok

18:30:45.0097 4148 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

18:30:45.0098 4148 AppIDSvc - ok

18:30:45.0128 4148 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

18:30:45.0129 4148 Appinfo - ok

18:30:45.0174 4148 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:30:45.0185 4148 Apple Mobile Device - ok

18:30:45.0203 4148 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

18:30:45.0205 4148 arc - ok

18:30:45.0208 4148 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

18:30:45.0208 4148 arcsas - ok

18:30:45.0286 4148 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

18:30:45.0297 4148 aspnet_state - ok

18:30:45.0314 4148 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

18:30:45.0315 4148 AsyncMac - ok

18:30:45.0320 4148 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

18:30:45.0321 4148 atapi - ok

18:30:45.0361 4148 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

18:30:45.0363 4148 AtiHDAudioService - ok

18:30:45.0377 4148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

18:30:45.0382 4148 AudioEndpointBuilder - ok

18:30:45.0390 4148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

18:30:45.0393 4148 AudioSrv - ok

18:30:45.0416 4148 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

18:30:45.0417 4148 AxInstSV - ok

18:30:45.0438 4148 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

18:30:45.0442 4148 b06bdrv - ok

18:30:45.0472 4148 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

18:30:45.0475 4148 b57nd60a - ok

18:30:45.0537 4148 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

18:30:45.0539 4148 BBSvc - ok

18:30:45.0549 4148 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

18:30:45.0551 4148 BBUpdate - ok

18:30:45.0570 4148 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

18:30:45.0572 4148 BDESVC - ok

18:30:45.0583 4148 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

18:30:45.0583 4148 Beep - ok

18:30:45.0612 4148 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

18:30:45.0638 4148 BITS - ok

18:30:45.0657 4148 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

18:30:45.0658 4148 blbdrive - ok

18:30:45.0692 4148 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

18:30:45.0696 4148 Bonjour Service - ok

18:30:45.0722 4148 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

18:30:45.0723 4148 bowser - ok

18:30:45.0745 4148 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

18:30:45.0747 4148 BrFiltLo - ok

18:30:45.0751 4148 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

18:30:45.0752 4148 BrFiltUp - ok

18:30:45.0791 4148 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

18:30:45.0792 4148 Browser - ok

18:30:45.0809 4148 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

18:30:45.0812 4148 Brserid - ok

18:30:45.0829 4148 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

18:30:45.0830 4148 BrSerWdm - ok

18:30:45.0837 4148 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

18:30:45.0839 4148 BrUsbMdm - ok

18:30:45.0841 4148 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

18:30:45.0842 4148 BrUsbSer - ok

18:30:45.0863 4148 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

18:30:45.0865 4148 BTHMODEM - ok

18:30:45.0881 4148 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

18:30:45.0883 4148 bthserv - ok

18:30:45.0896 4148 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

18:30:45.0897 4148 cdfs - ok

18:30:45.0917 4148 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

18:30:45.0919 4148 cdrom - ok

18:30:45.0939 4148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

18:30:45.0940 4148 CertPropSvc - ok

18:30:45.0952 4148 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

18:30:45.0954 4148 circlass - ok

18:30:45.0964 4148 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

18:30:45.0967 4148 CLFS - ok

18:30:46.0004 4148 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:30:46.0006 4148 clr_optimization_v2.0.50727_32 - ok

18:30:46.0041 4148 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:30:46.0043 4148 clr_optimization_v2.0.50727_64 - ok

18:30:46.0089 4148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:30:46.0100 4148 clr_optimization_v4.0.30319_32 - ok

18:30:46.0112 4148 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:30:46.0115 4148 clr_optimization_v4.0.30319_64 - ok

18:30:46.0137 4148 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

18:30:46.0138 4148 CmBatt - ok

18:30:46.0156 4148 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

18:30:46.0158 4148 cmdide - ok

18:30:46.0181 4148 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

18:30:46.0185 4148 CNG - ok

18:30:46.0193 4148 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

18:30:46.0195 4148 Compbatt - ok

18:30:46.0220 4148 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

18:30:46.0221 4148 CompositeBus - ok

18:30:46.0223 4148 COMSysApp - ok

18:30:46.0239 4148 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

18:30:46.0240 4148 crcdisk - ok

18:30:46.0288 4148 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

18:30:46.0290 4148 CryptSvc - ok

18:30:46.0312 4148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

18:30:46.0316 4148 DcomLaunch - ok

18:30:46.0338 4148 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

18:30:46.0341 4148 defragsvc - ok

18:30:46.0385 4148 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe

18:30:46.0404 4148 Desura Install Service - ok

18:30:46.0427 4148 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

18:30:46.0429 4148 DfsC - ok

18:30:46.0449 4148 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

18:30:46.0453 4148 Dhcp - ok

18:30:46.0460 4148 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

18:30:46.0461 4148 discache - ok

18:30:46.0489 4148 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

18:30:46.0490 4148 Disk - ok

18:30:46.0517 4148 dlcx_device - ok

18:30:46.0537 4148 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

18:30:46.0540 4148 Dnscache - ok

18:30:46.0545 4148 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

18:30:46.0548 4148 dot3svc - ok

18:30:46.0559 4148 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

18:30:46.0562 4148 DPS - ok

18:30:46.0577 4148 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

18:30:46.0578 4148 drmkaud - ok

18:30:46.0612 4148 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

18:30:46.0620 4148 DXGKrnl - ok

18:30:46.0632 4148 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

18:30:46.0633 4148 EapHost - ok

18:30:46.0693 4148 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

18:30:46.0735 4148 ebdrv - ok

18:30:46.0769 4148 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

18:30:46.0783 4148 EFS - ok

18:30:46.0821 4148 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

18:30:46.0827 4148 ehRecvr - ok

18:30:46.0838 4148 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

18:30:46.0840 4148 ehSched - ok

18:30:46.0867 4148 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

18:30:46.0872 4148 elxstor - ok

18:30:46.0907 4148 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

18:30:47.0119 4148 EpsonBidirectionalService - ok

18:30:47.0156 4148 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

18:30:47.0180 4148 EpsonCustomerParticipation - ok

18:30:47.0343 4148 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe

18:30:47.0417 4148 EpsonScanSvc - ok

18:30:47.0436 4148 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

18:30:47.0437 4148 ErrDev - ok

18:30:47.0458 4148 [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys

18:30:47.0458 4148 EtronHub3 - ok

18:30:47.0464 4148 [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys

18:30:47.0466 4148 EtronXHCI - ok

18:30:47.0492 4148 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

18:30:47.0496 4148 EventSystem - ok

18:30:47.0527 4148 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

18:30:47.0529 4148 exfat - ok

18:30:47.0540 4148 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

18:30:47.0541 4148 fastfat - ok

18:30:47.0575 4148 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

18:30:47.0580 4148 Fax - ok

18:30:47.0596 4148 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

18:30:47.0597 4148 fdc - ok

18:30:47.0606 4148 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

18:30:47.0618 4148 fdPHost - ok

18:30:47.0624 4148 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

18:30:47.0625 4148 FDResPub - ok

18:30:47.0632 4148 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

18:30:47.0634 4148 FileInfo - ok

18:30:47.0642 4148 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

18:30:47.0643 4148 Filetrace - ok

18:30:47.0713 4148 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

18:30:47.0748 4148 FLEXnet Licensing Service 64 - ok

18:30:47.0769 4148 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

18:30:47.0770 4148 flpydisk - ok

18:30:47.0787 4148 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

18:30:47.0790 4148 FltMgr - ok

18:30:47.0829 4148 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

18:30:47.0836 4148 FontCache - ok

18:30:47.0879 4148 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:30:47.0881 4148 FontCache3.0.0.0 - ok

18:30:47.0943 4148 [ 46532E80E18BB25D3B568DA10A160653 ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe

18:30:47.0954 4148 FreemakeVideoCapture - ok

18:30:47.0957 4148 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

18:30:47.0958 4148 FsDepends - ok

18:30:47.0981 4148 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

18:30:47.0983 4148 fssfltr - ok

18:30:48.0029 4148 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

18:30:48.0039 4148 fsssvc - ok

18:30:48.0076 4148 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

18:30:48.0078 4148 Fs_Rec - ok

18:30:48.0125 4148 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

18:30:48.0126 4148 fvevol - ok

18:30:48.0145 4148 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

18:30:48.0146 4148 gagp30kx - ok

18:30:48.0183 4148 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:30:48.0184 4148 GEARAspiWDM - ok

18:30:48.0220 4148 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

18:30:48.0245 4148 gpsvc - ok

18:30:48.0325 4148 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:30:48.0327 4148 gupdate - ok

18:30:48.0329 4148 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:30:48.0330 4148 gupdatem - ok

18:30:48.0344 4148 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

18:30:48.0345 4148 hcw85cir - ok

18:30:48.0374 4148 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

18:30:48.0377 4148 HdAudAddService - ok

18:30:48.0398 4148 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

18:30:48.0400 4148 HDAudBus - ok

18:30:48.0411 4148 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

18:30:48.0412 4148 HidBatt - ok

18:30:48.0425 4148 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

18:30:48.0427 4148 HidBth - ok

18:30:48.0434 4148 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

18:30:48.0435 4148 HidIr - ok

18:30:48.0447 4148 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

18:30:48.0459 4148 hidserv - ok

18:30:48.0478 4148 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

18:30:48.0479 4148 HidUsb - ok

18:30:48.0505 4148 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

18:30:48.0507 4148 hkmsvc - ok

18:30:48.0523 4148 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

18:30:48.0541 4148 HomeGroupListener - ok

18:30:48.0556 4148 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

18:30:48.0559 4148 HomeGroupProvider - ok

18:30:48.0588 4148 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

18:30:48.0589 4148 HpSAMD - ok

18:30:48.0626 4148 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

18:30:48.0631 4148 HTTP - ok

18:30:48.0638 4148 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

18:30:48.0639 4148 hwpolicy - ok

18:30:48.0660 4148 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

18:30:48.0662 4148 i8042prt - ok

18:30:48.0677 4148 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

18:30:48.0680 4148 iaStorV - ok

18:30:48.0708 4148 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:30:48.0715 4148 idsvc - ok

18:30:48.0718 4148 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

18:30:48.0719 4148 iirsp - ok

18:30:48.0753 4148 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

18:30:48.0760 4148 IKEEXT - ok

18:30:48.0820 4148 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

18:30:48.0890 4148 IntcAzAudAddService - ok

18:30:48.0924 4148 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

18:30:48.0926 4148 intelide - ok

18:30:48.0943 4148 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

18:30:48.0945 4148 intelppm - ok

18:30:48.0950 4148 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

18:30:48.0964 4148 IPBusEnum - ok

18:30:48.0979 4148 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:30:48.0981 4148 IpFilterDriver - ok

18:30:49.0016 4148 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

18:30:49.0018 4148 IPMIDRV - ok

18:30:49.0025 4148 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

18:30:49.0027 4148 IPNAT - ok

18:30:49.0073 4148 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

18:30:49.0077 4148 iPod Service - ok

18:30:49.0085 4148 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

18:30:49.0086 4148 IRENUM - ok

18:30:49.0103 4148 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

18:30:49.0104 4148 isapnp - ok

18:30:49.0118 4148 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

18:30:49.0121 4148 iScsiPrt - ok

18:30:49.0146 4148 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

18:30:49.0147 4148 kbdclass - ok

18:30:49.0154 4148 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

18:30:49.0155 4148 kbdhid - ok

18:30:49.0169 4148 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

18:30:49.0170 4148 KeyIso - ok

18:30:49.0197 4148 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

18:30:49.0199 4148 KSecDD - ok

18:30:49.0206 4148 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

18:30:49.0208 4148 KSecPkg - ok

18:30:49.0217 4148 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

18:30:49.0218 4148 ksthunk - ok

18:30:49.0243 4148 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

18:30:49.0262 4148 KtmRm - ok

18:30:49.0289 4148 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

18:30:49.0302 4148 L1C - ok

18:30:49.0327 4148 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

18:30:49.0330 4148 LanmanServer - ok

18:30:49.0350 4148 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

18:30:49.0352 4148 LanmanWorkstation - ok

18:30:49.0376 4148 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

18:30:49.0378 4148 lltdio - ok

18:30:49.0412 4148 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

18:30:49.0415 4148 lltdsvc - ok

18:30:49.0420 4148 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

18:30:49.0421 4148 lmhosts - ok

18:30:49.0453 4148 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

18:30:49.0455 4148 LSI_FC - ok

18:30:49.0464 4148 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

18:30:49.0466 4148 LSI_SAS - ok

18:30:49.0476 4148 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

18:30:49.0477 4148 LSI_SAS2 - ok

18:30:49.0502 4148 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

18:30:49.0503 4148 LSI_SCSI - ok

18:30:49.0529 4148 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

18:30:49.0530 4148 luafv - ok

18:30:49.0601 4148 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe

18:30:49.0603 4148 McComponentHostService - ok

18:30:49.0619 4148 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

18:30:49.0621 4148 Mcx2Svc - ok

18:30:49.0635 4148 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

18:30:49.0636 4148 megasas - ok

18:30:49.0646 4148 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

18:30:49.0649 4148 MegaSR - ok

18:30:49.0690 4148 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

18:30:49.0691 4148 MEIx64 - ok

18:30:49.0782 4148 [ 551A5E070F5DF69A64463852E93009DD ] mitsijm2013 C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe

18:30:49.0786 4148 mitsijm2013 - ok

18:30:49.0803 4148 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

18:30:49.0805 4148 MMCSS - ok

18:30:49.0815 4148 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

18:30:49.0817 4148 Modem - ok

18:30:49.0828 4148 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

18:30:49.0829 4148 monitor - ok

18:30:49.0848 4148 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

18:30:49.0849 4148 mouclass - ok

18:30:49.0865 4148 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

18:30:49.0866 4148 mouhid - ok

18:30:49.0881 4148 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

18:30:49.0882 4148 mountmgr - ok

18:30:49.0916 4148 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

18:30:49.0918 4148 MozillaMaintenance - ok

18:30:49.0931 4148 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

18:30:49.0933 4148 mpio - ok

18:30:49.0938 4148 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

18:30:49.0939 4148 mpsdrv - ok

18:30:49.0953 4148 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

18:30:49.0955 4148 MRxDAV - ok

18:30:49.0982 4148 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

18:30:49.0984 4148 mrxsmb - ok

18:30:49.0998 4148 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:30:50.0000 4148 mrxsmb10 - ok

18:30:50.0033 4148 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:30:50.0035 4148 mrxsmb20 - ok

18:30:50.0042 4148 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

18:30:50.0043 4148 msahci - ok

18:30:50.0056 4148 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

18:30:50.0058 4148 msdsm - ok

18:30:50.0065 4148 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

18:30:50.0067 4148 MSDTC - ok

18:30:50.0082 4148 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

18:30:50.0083 4148 Msfs - ok

18:30:50.0088 4148 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

18:30:50.0089 4148 mshidkmdf - ok

18:30:50.0107 4148 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

18:30:50.0108 4148 msisadrv - ok

18:30:50.0149 4148 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

18:30:50.0151 4148 MSiSCSI - ok

18:30:50.0153 4148 msiserver - ok

18:30:50.0165 4148 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

18:30:50.0166 4148 MSKSSRV - ok

18:30:50.0172 4148 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

18:30:50.0173 4148 MSPCLOCK - ok

18:30:50.0182 4148 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

18:30:50.0183 4148 MSPQM - ok

18:30:50.0199 4148 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

18:30:50.0203 4148 MsRPC - ok

18:30:50.0206 4148 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

18:30:50.0208 4148 mssmbios - ok

18:30:50.0209 4148 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

18:30:50.0210 4148 MSTEE - ok

18:30:50.0227 4148 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

18:30:50.0228 4148 MTConfig - ok

18:30:50.0241 4148 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

18:30:50.0243 4148 Mup - ok

18:30:50.0269 4148 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

18:30:50.0273 4148 napagent - ok

18:30:50.0293 4148 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

18:30:50.0296 4148 NativeWifiP - ok

18:30:50.0344 4148 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

18:30:50.0351 4148 NDIS - ok

18:30:50.0364 4148 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

18:30:50.0365 4148 NdisCap - ok

18:30:50.0384 4148 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

18:30:50.0386 4148 NdisTapi - ok

18:30:50.0401 4148 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

18:30:50.0402 4148 Ndisuio - ok

18:30:50.0423 4148 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

18:30:50.0425 4148 NdisWan - ok

18:30:50.0434 4148 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

18:30:50.0436 4148 NDProxy - ok

18:30:50.0442 4148 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

18:30:50.0444 4148 NetBIOS - ok

18:30:50.0456 4148 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

18:30:50.0458 4148 NetBT - ok

18:30:50.0469 4148 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

18:30:50.0470 4148 Netlogon - ok

18:30:50.0501 4148 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

18:30:50.0505 4148 Netman - ok

18:30:50.0535 4148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:30:50.0537 4148 NetMsmqActivator - ok

18:30:50.0539 4148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:30:50.0540 4148 NetPipeActivator - ok

18:30:50.0555 4148 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

18:30:50.0559 4148 netprofm - ok

18:30:50.0576 4148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:30:50.0577 4148 NetTcpActivator - ok

18:30:50.0581 4148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:30:50.0582 4148 NetTcpPortSharing - ok

18:30:50.0591 4148 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

18:30:50.0592 4148 nfrd960 - ok

18:30:50.0620 4148 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

18:30:50.0638 4148 NlaSvc - ok

18:30:50.0690 4148 [ 351533ACC2A069B94E80BBFC177E8FDF ] npf C:\Windows\system32\drivers\npf.sys

18:30:50.0692 4148 npf - ok

18:30:50.0696 4148 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

18:30:50.0697 4148 Npfs - ok

18:30:50.0708 4148 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

18:30:50.0709 4148 nsi - ok

18:30:50.0711 4148 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

18:30:50.0713 4148 nsiproxy - ok

18:30:50.0760 4148 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

18:30:50.0781 4148 Ntfs - ok

18:30:50.0809 4148 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

18:30:50.0810 4148 Null - ok

18:30:50.0828 4148 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

18:30:50.0830 4148 nvraid - ok

18:30:50.0836 4148 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

18:30:50.0838 4148 nvstor - ok

18:30:50.0872 4148 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

18:30:50.0874 4148 nv_agp - ok

18:30:50.0884 4148 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

18:30:50.0885 4148 ohci1394 - ok

18:30:50.0941 4148 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:30:50.0943 4148 ose - ok

18:30:51.0032 4148 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:30:51.0091 4148 osppsvc - ok

18:30:51.0149 4148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

18:30:51.0168 4148 p2pimsvc - ok

18:30:51.0191 4148 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

18:30:51.0211 4148 p2psvc - ok

18:30:51.0233 4148 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

18:30:51.0235 4148 Parport - ok

18:30:51.0256 4148 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

18:30:51.0257 4148 partmgr - ok

18:30:51.0270 4148 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

18:30:51.0286 4148 PcaSvc - ok

18:30:51.0298 4148 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

18:30:51.0300 4148 pci - ok

18:30:51.0315 4148 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

18:30:51.0316 4148 pciide - ok

18:30:51.0322 4148 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

18:30:51.0324 4148 pcmcia - ok

18:30:51.0340 4148 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

18:30:51.0341 4148 pcw - ok

18:30:51.0353 4148 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

18:30:51.0358 4148 PEAUTH - ok

18:30:51.0418 4148 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

18:30:51.0420 4148 PerfHost - ok

18:30:51.0451 4148 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

18:30:51.0460 4148 pla - ok

18:30:51.0522 4148 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

18:30:51.0526 4148 PlugPlay - ok

18:30:51.0531 4148 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

18:30:51.0532 4148 PNRPAutoReg - ok

18:30:51.0541 4148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

18:30:51.0542 4148 PNRPsvc - ok

18:30:51.0574 4148 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

18:30:51.0579 4148 PolicyAgent - ok

18:30:51.0613 4148 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

18:30:51.0616 4148 Power - ok

18:30:51.0635 4148 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

18:30:51.0637 4148 PptpMiniport - ok

18:30:51.0649 4148 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

18:30:51.0650 4148 Processor - ok

18:30:51.0680 4148 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

18:30:51.0682 4148 ProfSvc - ok

18:30:51.0694 4148 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

18:30:51.0695 4148 ProtectedStorage - ok

18:30:51.0714 4148 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

18:30:51.0715 4148 Psched - ok

18:30:51.0756 4148 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

18:30:51.0766 4148 ql2300 - ok

18:30:51.0769 4148 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

18:30:51.0771 4148 ql40xx - ok

18:30:51.0808 4148 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

18:30:51.0826 4148 QWAVE - ok

18:30:51.0834 4148 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

18:30:51.0836 4148 QWAVEdrv - ok

18:30:51.0842 4148 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

18:30:51.0844 4148 RasAcd - ok

18:30:51.0873 4148 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

18:30:51.0875 4148 RasAgileVpn - ok

18:30:51.0881 4148 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

18:30:51.0883 4148 RasAuto - ok

18:30:51.0889 4148 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

18:30:51.0891 4148 Rasl2tp - ok

18:30:51.0915 4148 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

18:30:51.0918 4148 RasMan - ok

18:30:51.0926 4148 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

18:30:51.0928 4148 RasPppoe - ok

18:30:51.0938 4148 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

18:30:51.0939 4148 RasSstp - ok

18:30:51.0948 4148 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

18:30:51.0951 4148 rdbss - ok

18:30:51.0956 4148 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

18:30:51.0957 4148 rdpbus - ok

18:30:51.0967 4148 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

18:30:51.0969 4148 RDPCDD - ok

18:30:51.0985 4148 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

18:30:51.0986 4148 RDPENCDD - ok

18:30:51.0989 4148 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

18:30:51.0990 4148 RDPREFMP - ok

18:30:52.0019 4148 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

18:30:52.0022 4148 RDPWD - ok

18:30:52.0036 4148 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

18:30:52.0038 4148 rdyboost - ok

18:30:52.0064 4148 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

18:30:52.0066 4148 RemoteAccess - ok

18:30:52.0075 4148 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

18:30:52.0078 4148 RemoteRegistry - ok

18:30:52.0080 4148 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

18:30:52.0082 4148 RpcEptMapper - ok

18:30:52.0108 4148 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

18:30:52.0110 4148 RpcLocator - ok

18:30:52.0120 4148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

18:30:52.0123 4148 RpcSs - ok

18:30:52.0135 4148 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

18:30:52.0137 4148 rspndr - ok

18:30:52.0155 4148 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

18:30:52.0157 4148 RTL8167 - ok

18:30:52.0169 4148 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

18:30:52.0170 4148 SamSs - ok

18:30:52.0185 4148 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

18:30:52.0187 4148 sbp2port - ok

18:30:52.0202 4148 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

18:30:52.0205 4148 SCardSvr - ok

18:30:52.0229 4148 [ EFD61BD67E5CE72CA5CE8BB6AD3E1FDB ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys

18:30:52.0392 4148 SCDEmu - ok

18:30:52.0400 4148 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

18:30:52.0402 4148 scfilter - ok

18:30:52.0420 4148 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

18:30:52.0461 4148 Schedule - ok

18:30:52.0480 4148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

18:30:52.0481 4148 SCPolicySvc - ok

18:30:52.0488 4148 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

18:30:52.0491 4148 SDRSVC - ok

18:30:52.0507 4148 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

18:30:52.0508 4148 secdrv - ok

18:30:52.0513 4148 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

18:30:52.0526 4148 seclogon - ok

18:30:52.0545 4148 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

18:30:52.0547 4148 SENS - ok

18:30:52.0557 4148 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

18:30:52.0558 4148 SensrSvc - ok

18:30:52.0577 4148 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

18:30:52.0578 4148 Serenum - ok

18:30:52.0601 4148 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

18:30:52.0603 4148 Serial - ok

18:30:52.0634 4148 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

18:30:52.0635 4148 sermouse - ok

18:30:52.0645 4148 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

18:30:52.0647 4148 SessionEnv - ok

18:30:52.0666 4148 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

18:30:52.0667 4148 sffdisk - ok

18:30:52.0687 4148 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

18:30:52.0688 4148 sffp_mmc - ok

18:30:52.0690 4148 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

18:30:52.0691 4148 sffp_sd - ok

18:30:52.0693 4148 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

18:30:52.0694 4148 sfloppy - ok

18:30:52.0709 4148 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:30:52.0714 4148 ShellHWDetection - ok

18:30:52.0727 4148 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

18:30:52.0729 4148 SiSRaid2 - ok

18:30:52.0737 4148 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

18:30:52.0739 4148 SiSRaid4 - ok

18:30:52.0796 4148 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

18:30:52.0798 4148 SkypeUpdate - ok

18:30:52.0818 4148 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

18:30:52.0820 4148 Smb - ok

18:30:52.0846 4148 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

18:30:52.0848 4148 SNMPTRAP - ok

18:30:52.0857 4148 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

18:30:52.0858 4148 spldr - ok

18:30:52.0883 4148 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

18:30:52.0888 4148 Spooler - ok

18:30:52.0939 4148 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

18:30:52.0990 4148 sppsvc - ok

18:30:53.0001 4148 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

18:30:53.0003 4148 sppuinotify - ok

18:30:53.0022 4148 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

18:30:53.0026 4148 srv - ok

18:30:53.0041 4148 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

18:30:53.0046 4148 srv2 - ok

18:30:53.0057 4148 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

18:30:53.0059 4148 srvnet - ok

18:30:53.0078 4148 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

18:30:53.0081 4148 SSDPSRV - ok

18:30:53.0088 4148 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

18:30:53.0090 4148 SstpSvc - ok

18:30:53.0124 4148 Steam Client Service - ok

18:30:53.0135 4148 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

18:30:53.0136 4148 stexstor - ok

18:30:53.0173 4148 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

18:30:53.0196 4148 stisvc - ok

18:30:53.0223 4148 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

18:30:53.0225 4148 swenum - ok

18:30:53.0238 4148 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

18:30:53.0242 4148 swprv - ok

18:30:53.0286 4148 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

18:30:53.0308 4148 SysMain - ok

18:30:53.0319 4148 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

18:30:53.0321 4148 TabletInputService - ok

18:30:53.0335 4148 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

18:30:53.0338 4148 TapiSrv - ok

18:30:53.0347 4148 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

18:30:53.0349 4148 TBS - ok

18:30:53.0393 4148 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

18:30:53.0415 4148 Tcpip - ok

18:30:53.0437 4148 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

18:30:53.0444 4148 TCPIP6 - ok

18:30:53.0472 4148 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

18:30:53.0474 4148 tcpipreg - ok

18:30:53.0500 4148 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

18:30:53.0501 4148 TDPIPE - ok

18:30:53.0525 4148 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

18:30:53.0526 4148 TDTCP - ok

18:30:53.0544 4148 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

18:30:53.0546 4148 tdx - ok

18:30:53.0557 4148 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

18:30:53.0559 4148 TermDD - ok

18:30:53.0576 4148 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

18:30:53.0582 4148 TermService - ok

18:30:53.0584 4148 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

18:30:53.0585 4148 Themes - ok

18:30:53.0603 4148 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

18:30:53.0604 4148 THREADORDER - ok

18:30:53.0648 4148 [ 4C4554287AB3E0F84AE5101117B0C18E ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys

18:30:53.0650 4148 tmactmon - ok

18:30:53.0675 4148 [ E3485981980692756B6D4A561D718368 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys

18:30:53.0677 4148 tmcomm - ok

18:30:53.0688 4148 [ 384C4A844E3DE65E26ED0639375C0D3B ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys

18:30:53.0689 4148 tmevtmgr - ok

18:30:53.0707 4148 [ 065CB7D9278D778FB9EF62CEAD01433F ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys

18:30:53.0708 4148 tmtdi - ok

18:30:53.0717 4148 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

18:30:53.0719 4148 TrkWks - ok

18:30:53.0748 4148 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:30:53.0750 4148 TrustedInstaller - ok

18:30:53.0762 4148 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

18:30:53.0763 4148 tssecsrv - ok

18:30:53.0786 4148 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

18:30:53.0788 4148 TsUsbFlt - ok

18:30:53.0802 4148 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

18:30:53.0803 4148 TsUsbGD - ok

18:30:53.0841 4148 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

18:30:53.0842 4148 tunnel - ok

18:30:53.0862 4148 [ F4EF9498A073122D6139CB2A19554E08 ] t_mouse.sys C:\Windows\system32\DRIVERS\t_mouse.sys

18:30:53.0863 4148 t_mouse.sys - ok

18:30:53.0875 4148 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

18:30:53.0876 4148 uagp35 - ok

18:30:53.0889 4148 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

18:30:53.0892 4148 udfs - ok

18:30:53.0906 4148 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

18:30:53.0908 4148 UI0Detect - ok

18:30:53.0928 4148 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

18:30:53.0930 4148 uliagpkx - ok

18:30:53.0954 4148 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

18:30:53.0955 4148 umbus - ok

18:30:53.0977 4148 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

18:30:53.0979 4148 UmPass - ok

18:30:54.0010 4148 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

18:30:54.0014 4148 upnphost - ok

18:30:54.0024 4148 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

18:30:54.0026 4148 usbaudio - ok

18:30:54.0041 4148 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

18:30:54.0043 4148 usbccgp - ok

18:30:54.0051 4148 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

18:30:54.0053 4148 usbcir - ok

18:30:54.0070 4148 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

18:30:54.0071 4148 usbehci - ok

18:30:54.0085 4148 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

18:30:54.0088 4148 usbhub - ok

18:30:54.0104 4148 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

18:30:54.0105 4148 usbohci - ok

18:30:54.0125 4148 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

18:30:54.0126 4148 usbprint - ok

18:30:54.0156 4148 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

18:30:54.0157 4148 usbscan - ok

18:30:54.0162 4148 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:30:54.0163 4148 USBSTOR - ok

18:30:54.0175 4148 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

18:30:54.0177 4148 usbuhci - ok

18:30:54.0179 4148 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

18:30:54.0193 4148 UxSms - ok

18:30:54.0203 4148 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

18:30:54.0204 4148 VaultSvc - ok

18:30:54.0224 4148 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

18:30:54.0225 4148 vdrvroot - ok

18:30:54.0243 4148 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

18:30:54.0248 4148 vds - ok

18:30:54.0263 4148 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

18:30:54.0264 4148 vga - ok

18:30:54.0278 4148 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

18:30:54.0279 4148 VgaSave - ok

18:30:54.0293 4148 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

18:30:54.0295 4148 vhdmp - ok

18:30:54.0315 4148 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

18:30:54.0316 4148 viaide - ok

18:30:54.0334 4148 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

18:30:54.0335 4148 volmgr - ok

18:30:54.0344 4148 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

18:30:54.0348 4148 volmgrx - ok

18:30:54.0366 4148 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

18:30:54.0369 4148 volsnap - ok

18:30:54.0378 4148 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

18:30:54.0380 4148 vsmraid - ok

18:30:54.0407 4148 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

18:30:54.0423 4148 VSS - ok

18:30:54.0446 4148 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

18:30:54.0448 4148 vwifibus - ok

18:30:54.0471 4148 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

18:30:54.0474 4148 W32Time - ok

18:30:54.0484 4148 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

18:30:54.0485 4148 WacomPen - ok

18:30:54.0497 4148 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

18:30:54.0498 4148 WANARP - ok

18:30:54.0500 4148 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

18:30:54.0500 4148 Wanarpv6 - ok

18:30:54.0551 4148 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

18:30:54.0586 4148 WatAdminSvc - ok

18:30:54.0634 4148 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

18:30:54.0681 4148 wbengine - ok

18:30:54.0705 4148 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

18:30:54.0708 4148 WbioSrvc - ok

18:30:54.0717 4148 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

18:30:54.0721 4148 wcncsvc - ok

18:30:54.0727 4148 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:30:54.0741 4148 WcsPlugInService - ok

18:30:54.0756 4148 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

18:30:54.0757 4148 Wd - ok

18:30:54.0792 4148 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

18:30:54.0798 4148 Wdf01000 - ok

18:30:54.0810 4148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

18:30:54.0825 4148 WdiServiceHost - ok

18:30:54.0827 4148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

18:30:54.0829 4148 WdiSystemHost - ok

18:30:54.0841 4148 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

18:30:54.0860 4148 WebClient - ok

18:30:54.0868 4148 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

18:30:54.0885 4148 Wecsvc - ok

18:30:54.0892 4148 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

18:30:54.0894 4148 wercplsupport - ok

18:30:54.0912 4148 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

18:30:54.0914 4148 WerSvc - ok

18:30:54.0921 4148 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

18:30:54.0923 4148 WfpLwf - ok

18:30:54.0939 4148 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

18:30:54.0940 4148 WIMMount - ok

18:30:54.0965 4148 WinHttpAutoProxySvc - ok

18:30:55.0025 4148 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

18:30:55.0028 4148 Winmgmt - ok

18:30:55.0060 4148 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

18:30:55.0081 4148 WinRM - ok

18:30:55.0112 4148 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

18:30:55.0118 4148 Wlansvc - ok

18:30:55.0179 4148 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

18:30:55.0181 4148 wlcrasvc - ok

18:30:55.0247 4148 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:30:55.0279 4148 wlidsvc - ok

18:30:55.0308 4148 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

18:30:55.0309 4148 WmiAcpi - ok

18:30:55.0327 4148 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

18:30:55.0329 4148 wmiApSrv - ok

18:30:55.0336 4148 WMPNetworkSvc - ok

18:30:55.0341 4148 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

18:30:55.0343 4148 WPCSvc - ok

18:30:55.0351 4148 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

18:30:55.0354 4148 WPDBusEnum - ok

18:30:55.0376 4148 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

18:30:55.0377 4148 ws2ifsl - ok

18:30:55.0392 4148 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

18:30:55.0407 4148 wscsvc - ok

18:30:55.0409 4148 WSearch - ok

18:30:55.0460 4148 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

18:30:55.0519 4148 wuauserv - ok

18:30:55.0571 4148 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

18:30:55.0573 4148 WudfPf - ok

18:30:55.0589 4148 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

18:30:55.0591 4148 WUDFRd - ok

18:30:55.0618 4148 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

18:30:55.0620 4148 wudfsvc - ok

18:30:55.0646 4148 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

18:30:55.0649 4148 WwanSvc - ok

18:30:55.0699 4148 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

18:30:55.0700 4148 xusb21 - ok

18:30:55.0702 4148 ================ Scan global ===============================

18:30:55.0726 4148 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

18:30:55.0761 4148 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

18:30:55.0767 4148 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

18:30:55.0778 4148 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

18:30:55.0797 4148 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

18:30:55.0800 4148 [Global] - ok

18:30:55.0801 4148 ================ Scan MBR ==================================

18:30:55.0812 4148 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

18:30:55.0933 4148 \Device\Harddisk0\DR0 - ok

18:30:55.0934 4148 ================ Scan VBR ==================================

18:30:55.0935 4148 [ 14B8148170B9FE82D6E163A7A9EDD9D0 ] \Device\Harddisk0\DR0\Partition1

18:30:55.0936 4148 \Device\Harddisk0\DR0\Partition1 - ok

18:30:55.0951 4148 [ 8DCD3371F01F0C7E30E7F297CAAB5195 ] \Device\Harddisk0\DR0\Partition2

18:30:55.0952 4148 \Device\Harddisk0\DR0\Partition2 - ok

18:30:55.0952 4148 ============================================================

18:30:55.0952 4148 Scan finished

18:30:55.0952 4148 ============================================================

18:30:55.0958 6164 Detected object count: 0

18:30:55.0958 6164 Actual detected object count: 0

I will wait for your response before I go ahead and do the rest of the steps, just incase you can solve the problem without going through them

[D-FRED-BROWN]

Go ahead and run the other programs

[DeadbeamZERO]

Will do

[D-FRED-BROWN]

Sounds good

[DeadbeamZERO]

Just a heads up, this scan will probably take a while, but it is finding malware so that is good

[D-FRED-BROWN]

Yeah the more it digs up the longer it will take. Keep me posted on how it goes.

[DeadbeamZERO]

alright, so it has found six malicious files and is cleaning them, gonna reboot my pc like it says to.

[D-FRED-BROWN]

Sounds good

[DeadbeamZERO]

Here is the system log file from step 2

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.292000 GHz

Memory total: 8571768832, free: 5277528064

Downloaded database version: v2013.06.12.08

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

06/12/2013 18:41:29

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\tmcomm.sys

\SystemRoot\system32\DRIVERS\tmevtmgr.sys

\SystemRoot\system32\DRIVERS\tmactmon.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\tmtdi.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\System32\Drivers\EtronXHCI.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\EtronHub3.sys

\SystemRoot\System32\Drivers\USBD.SYS

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\DRIVERS\t_mouse.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\lpk.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007aeb060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa80077df680

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007aeb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007aebab0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007aeb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80077e3520, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80077df680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: EF126E8

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 211680 Numsec = 1953313488

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...

Done!

Infected: c:\Users\Fahad\Downloads\the fellowship of the ring (1).exe --> [Trojan.Agent]

Infected: c:\Users\Fahad\Downloads\the fellowship of the ring.exe --> [Trojan.Agent]

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.292000 GHz

Memory total: 8571768832, free: 4622905344

Initializing...

------------ Kernel report ------------

06/12/2013 18:59:59

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\tmcomm.sys

\SystemRoot\system32\DRIVERS\tmevtmgr.sys

\SystemRoot\system32\DRIVERS\tmactmon.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\tmtdi.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\System32\Drivers\EtronXHCI.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\EtronHub3.sys

\SystemRoot\System32\Drivers\USBD.SYS

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\DRIVERS\t_mouse.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\lpk.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007aeb060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa80077df680

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007aeb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007aebab0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007aeb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80077e3520, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80077df680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: EF126E8

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 211680 Numsec = 1953313488

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...

Done!

Infected: c:\Users\Fahad\Downloads\the fellowship of the ring (1).exe --> [Trojan.Agent]

Infected: c:\Users\Fahad\Downloads\the fellowship of the ring.exe --> [Trojan.Agent]

Infected: c:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]

Infected: c:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]

Infected: c:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\L --> [backdoor.0Access]

Infected: c:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\U --> [backdoor.0Access]

Scan finished

Creating System Restore point...

Cleaning up...

Executing an action fixdamage.exe...

Success!

Queuing an action fixdamage.exe

Removal scheduling successful. System shutdown needed.

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.292000 GHz

Memory total: 8571768832, free: 6275928064

Initializing...

------------ Kernel report ------------

06/12/2013 20:07:35

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\tmcomm.sys

\SystemRoot\system32\DRIVERS\tmevtmgr.sys

\SystemRoot\system32\DRIVERS\tmactmon.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\tmtdi.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\System32\Drivers\EtronXHCI.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\EtronHub3.sys

\SystemRoot\System32\Drivers\USBD.SYS

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\DRIVERS\t_mouse.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007af1060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa800780d060

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007af1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80079329d0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007af1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007803520, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa800780d060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: EF126E8

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 211680 Numsec = 1953313488

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

Here is the MBar log from after the initial scan

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.12.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

Fahad :: FAHAD-PC [administrator]

6/12/2013 7:00:02 PM

mbar-log-2013-06-12 (19-00-02).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 256526

Time elapsed: 18 minute(s), 25 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 2

c:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\L (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}\U (Backdoor.0Access) -> Delete on reboot.

Files Detected: 4

c:\Users\Fahad\Downloads\the fellowship of the ring (1).exe (Trojan.Agent) -> Delete on reboot.

c:\Users\Fahad\Downloads\the fellowship of the ring.exe (Trojan.Agent) -> Delete on reboot.

c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.

c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.

Physical Sectors Detected: 0

(No malicious items detected)

(end)

[DeadbeamZERO]

Hey, just rebooted my computer after I ran ComboFixer, it worked! Thanks alot D-FRED-BROWN, I could not have done this without you. You are a true hero for helping me save my computer and being patient through all this.

[D-FRED-BROWN]

No problem . Please post the log here so I can see what further steps need to be taken.

[DeadbeamZERO]

I'm having trouble accessing the log, I had to restart my computer after the log came up because I could launch my browser due to errors I was getting after the scan.

Where can I find the log from the ComboFix scan?

[D-FRED-BROWN]

The error is normal, just reboot. Log is at C:\ComboFix.txt

[DeadbeamZERO]

ComboFix 13-06-12.02 - Fahad 06/12/2013 20:37:07.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5847 [GMT -4:00]

Running from: c:\users\Fahad\Downloads\ComboFix.exe

AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}

SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\fraps.exe

c:\program files (x86)\fraps32.dll

c:\program files (x86)\fraps64.dat

c:\program files (x86)\fraps64.dll

c:\program files (x86)\frapslcd.dll

c:\program files (x86)\Uninstall.exe

c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll

c:\programdata\Microsoft\Windows\DRM\108D.tmp

c:\programdata\Microsoft\Windows\DRM\E321.tmp

c:\programdata\SPL4A47.tmp

c:\programdata\SPL948A.tmp

c:\programdata\SPLB3A7.tmp

c:\programdata\SPLBE3.tmp

c:\users\Fahad\AppData\Local\WideSearch

c:\users\Fahad\AppData\Roaming\technic-launcher.jar

c:\users\Fahad\Documents\~WRL2337.tmp

c:\users\Fahad\Documents\~WRL2449.tmp

c:\windows\Downloaded Program Files\IDropPTB.dll

c:\windows\SysWow64\frapsvid.dll

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

((((((((((((((((((((((((( Files Created from 2013-05-13 to 2013-06-13 )))))))))))))))))))))))))))))))

.

.

2013-06-13 00:44 . 2013-06-13 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-12 22:40 . 2013-06-12 22:40 -------- d-----w- c:\programdata\Malwarebytes

2013-06-09 20:40 . 2013-06-09 20:40 -------- d-----w- c:\users\Fahad\AppData\Local\Activision

2013-05-16 16:16 . 2013-05-16 16:16 -------- d-----w- c:\programdata\Steam

2013-05-15 00:53 . 2013-05-15 00:53 -------- d-----w- c:\users\Fahad\AppData\Local\4A Games

2013-05-15 00:27 . 2013-05-15 00:27 -------- d-----w- c:\users\Fahad\AppData\Local\Programs

2013-05-14 19:25 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-14 19:25 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-14 19:25 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-14 19:24 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-14 19:24 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-14 19:24 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-14 19:24 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-14 19:24 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-14 19:24 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-14 19:24 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-05-14 19:24 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-14 19:24 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-11 22:57 . 2013-02-09 17:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 22:57 . 2013-02-09 17:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-14 19:59 . 2012-11-22 17:58 22064 ----a-w- c:\windows\DCEBoot64.exe

2013-05-07 22:03 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-04-30 02:36 . 2013-04-30 02:36 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-04-30 02:36 . 2013-04-30 02:36 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-04-30 02:36 . 2013-04-30 02:36 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-04-30 02:36 . 2013-04-30 02:36 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-04-30 02:36 . 2013-04-30 02:36 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-04-30 02:36 . 2013-04-30 02:36 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-04-30 02:36 . 2013-04-30 02:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-04-30 02:36 . 2013-04-30 02:36 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-04-30 02:36 . 2013-04-30 02:36 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-04-30 02:36 . 2013-04-30 02:36 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-04-30 02:36 . 2013-04-30 02:36 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-04-30 02:36 . 2013-04-30 02:36 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-04-30 02:36 . 2013-04-30 02:36 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-04-30 02:36 . 2013-04-30 02:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-04-30 02:36 . 2013-04-30 02:36 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-04-30 02:36 . 2013-04-30 02:36 441856 ----a-w- c:\windows\system32\html.iec

2013-04-30 02:36 . 2013-04-30 02:36 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-04-30 02:36 . 2013-04-30 02:36 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-04-30 02:36 . 2013-04-30 02:36 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-04-30 02:36 . 2013-04-30 02:36 216064 ----a-w- c:\windows\system32\msls31.dll

2013-04-30 02:36 . 2013-04-30 02:36 197120 ----a-w- c:\windows\system32\msrating.dll

2013-04-30 02:36 . 2013-04-30 02:36 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-04-30 02:36 . 2013-04-30 02:36 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-04-30 02:36 . 2013-04-30 02:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-04-30 02:36 . 2013-04-30 02:36 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-04-30 02:36 . 2013-04-30 02:36 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-04-30 02:36 . 2013-04-30 02:36 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-04-30 02:36 . 2013-04-30 02:36 81408 ----a-w- c:\windows\system32\icardie.dll

2013-04-30 02:36 . 2013-04-30 02:36 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-04-30 02:36 . 2013-04-30 02:36 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-04-30 02:36 . 2013-04-30 02:36 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-04-30 02:36 . 2013-04-30 02:36 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-04-30 02:36 . 2013-04-30 02:36 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-04-30 02:36 . 2013-04-30 02:36 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-04-30 02:36 . 2013-04-30 02:36 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-04-30 02:36 . 2013-04-30 02:36 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-30 02:36 . 2013-04-30 02:36 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-04-30 02:36 . 2013-04-30 02:36 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-04-30 02:36 . 2013-04-30 02:36 235008 ----a-w- c:\windows\system32\url.dll

2013-04-30 02:36 . 2013-04-30 02:36 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-04-30 02:36 . 2013-04-30 02:36 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-04-30 02:36 . 2013-04-30 02:36 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-30 02:36 . 2013-04-30 02:36 149504 ----a-w- c:\windows\system32\occache.dll

2013-04-30 02:36 . 2013-04-30 02:36 144896 ----a-w- c:\windows\system32\wextract.exe

2013-04-30 02:36 . 2013-04-30 02:36 13824 ----a-w- c:\windows\system32\mshta.exe

2013-04-30 02:36 . 2013-04-30 02:36 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-04-30 02:36 . 2013-04-30 02:36 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-04-30 02:36 . 2013-04-30 02:36 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-04-30 02:36 . 2013-04-30 02:36 102912 ----a-w- c:\windows\system32\inseng.dll

2013-04-13 05:49 . 2013-05-14 19:25 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-14 19:25 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-14 19:25 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-14 19:25 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-14 19:25 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-14 19:25 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 22:22 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-03-22 23:27 . 2013-03-22 23:27 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-22 23:27 . 2012-09-06 23:10 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-22 23:27 . 2012-04-19 21:51 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-19 06:04 . 2013-04-11 23:33 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-11 23:33 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-11 23:33 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-11 23:33 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-11 23:33 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-11 23:33 112640 ----a-w- c:\windows\system32\smss.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-17 1521352]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-10-17 04:46 1521352 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2012-08-10 22:54 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-17 1521352]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]

"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]

"4Sync"="c:\program files (x86)\4Sync\4Sync.exe" [2012-11-19 12368416]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]

"uTorrent"="c:\users\Fahad\Desktop\uTorrent.exe" [2013-05-04 802136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"FaxCenterServer"="c:\program files (x86)\Dell PC Fax\fm3032.exe" [2006-11-03 312200]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-05-31 336992]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]

"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-17 1573576]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2012-7-26 521216]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]

R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]

S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe;c:\windows\SYSNATIVE\dlcxcoms.exe [x]

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]

S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]

S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]

S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-09 22:57]

.

2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 21:34]

.

2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 21:34]

.

2013-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2619590664-2960565100-3139608370-1001Core.job

- c:\users\Fahad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 21:10]

.

2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2619590664-2960565100-3139608370-1001UA.job

- c:\users\Fahad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 21:10]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt1]

@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"

[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]

2012-11-01 15:02 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt2]

@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"

[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]

2012-11-01 15:02 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt3]

@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"

[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]

2012-11-01 15:02 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt4]

@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"

[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]

2012-11-01 15:02 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-12-18 1304296]

"dlcxmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]

"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]

"DLCXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]

"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]

"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Fahad\AppData\Roaming\Mozilla\Firefox\Profiles\2vypgqu1.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=5FFF723F-CBEF-425B-8C86-1DF588668A59&apn_ptnrs=TV&apn_sauid=34888341-068E-4BFE-9F5E-214DE563DC66&apn_dtid=OSJ000YYUS&&q=

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)

BHO-{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - c:\program files\PrivacySafeGuard\PrivacySafeGuard.dll

Wow6432Node-HKCU-Run-Free Download Manager - c:\program files (x86)\Free Download Manager\fdm.exe

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Fallout Mod Manager_is1 - c:\program files (x86)\Bethesda Softworks\Fallout 3\fomm\uninstall\unins000.exe

AddRemove-Fraps - c:\program files (x86)\uninstall.exe

AddRemove-The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0 - c:\users\Fahad\Desktop\Stuff\Skyrim\Uninstall.exe

AddRemove-{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1 - c:\program files (x86)\FTL\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2013-06-12 20:52:46 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-13 00:52

.

Pre-Run: 353,851,641,856 bytes free

Post-Run: 354,114,211,840 bytes free

.

- - End Of File - - 026AF9DD9E5785087BDED3154CF36DA1

A36C5E4F47E84449FF07ED3517B43A31

Sorry about the wait

got carried away with other things.

[D-FRED-BROWN]

Sorry about the wait

got carried away with other things.

No worries. Take all the time you need.

Your system look a whole lot better. Please run the following scans to see what else needs cleaning:

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the contents of that logfile with your next reply.
  
• You can find the logfile at C:\AdwCleaner[R1].txt as well.
  

----------Step 2----------------

We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  
  • Main Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the OTL icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Change the "Extra Registry" option to "SafeList"

  [*]Push the Run Scan button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

----------Step 3 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
    

  [*]Check

  [*]Click the button.

  [*]Accept any security warnings from your browser.

  [*]Check

  [*]Push the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push

  [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Push the button.

  [*]Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 4----------------

Please post the AdwCleaner logfile, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

[DeadbeamZERO]

AdwCleaner log

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 16:34:18

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Fahad - FAHAD-PC

# Boot Mode : Normal

# Running from : C:\Users\Fahad\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\user.js

Folder Found : C:\Program Files (x86)\1ClickDownload

Folder Found : C:\Program Files (x86)\Ask.com

Folder Found : C:\Program Files (x86)\BabylonToolbar

Folder Found : C:\Program Files (x86)\Yontoo

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\Fahad\AppData\Local\APN

Folder Found : C:\Users\Fahad\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc

Folder Found : C:\Users\Fahad\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Fahad\AppData\Roaming\Babylon

Folder Found : C:\Users\Fahad\AppData\Roaming\BabylonToolbar

Folder Found : C:\Users\Fahad\AppData\Roaming\yourfiledownloader

Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload

Key Found : HKCU\Software\APN

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

Key Found : HKCU\Software\Ask.com

Key Found : HKCU\Software\BabylonToolbar

Key Found : HKCU\Software\Microsoft\Babylon

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\YourFileDownloader

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKLM\Software\APN

Key Found : HKLM\Software\AskToolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\BabylonToolbar

Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile

Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile1

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Found : HKLM\SOFTWARE\Classes\b

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Found : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193

Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD

Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193

Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\oneclick

Key Found : HKLM\SOFTWARE\Classes\oneclickmg

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Found : HKLM\Software\Iminent

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods

Key Found : HKLM\Software\YourFileDownloader

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods

Key Found : HKU\S-1-5-21-2619590664-2960565100-3139608370-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Fahad\AppData\Roaming\Mozilla\Firefox\Profiles\2vypgqu1.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");

Found : user_pref("browser.search.defaultenginename", "Ask.com");

Found : user_pref("browser.search.order.1", "Ask.com");

Found : user_pref("browser.search.selectedEngine", "Ask.com");

Found : user_pref("extensions.asktb.ff-original-keyword-url", "");

Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Fahad\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2539] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=010712_7&babsrc=HP_ss&mntrId=f005ae60000000000000bc5ff42c66e7",

*************************

AdwCleaner[R1].txt - [14391 octets] - [13/06/2013 16:34:18]

########## EOF - C:\AdwCleaner[R1].txt - [14452 octets] ##########

[D-FRED-BROWN]

Please post the OTL and ESET logs as well.

[D-FRED-BROWN]

Are you still with me?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!