Computer Hope

Software => Computer viruses and spyware => Topic started by: Randerson123 on October 14, 2012, 10:31:37 AM

Title: Sh4ldr removal help windows 7
Post by: Randerson123 on October 14, 2012, 10:31:37 AM

I'm being redirected from google searches. It seems i've contracted this dread virus. I followed your instructions from this link: http://www.computerhope.com/forum/index.php?topic=128644.0

Thank you in advance for your help!

Here are my log reports:

SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2012 at 11:18 AM

Application Version : 5.6.1010

Core Rules Database Version : 9401
Trace Rules Database Version: 7213

Scan type : Complete Scan
Total Scan Time : 02:03:47

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 791
Memory threats detected : 0
Registry items scanned : 71751
Registry threats detected : 6
File items scanned : 212553
File threats detected : 2

PUP.FunmoodsToolbar
   (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
   (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}#AppID
   (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ProgID
   (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\Programmable
   (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\TypeLib
   (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\VersionIndependentProgID

Adware.Tracking Cookie
   .adtech.de [ C:\USERS\PLMR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .doubleclick.net [ C:\USERS\PLMR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

*************************************************************************************

Malware:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.14.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
PLMR :: RUPERT [administrator]

Protection: Enabled

10/14/2012 11:58:24 AM
mbam-log-2012-10-14 (11-58-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219663
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\PLMR\AppData\Local\Deployment\AOL\wvsbpify.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Detected: 13
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AOL (Trojan.Agent) -> Data: rundll32.exe "C:\Users\PLMR\AppData\Local\Deployment\AOL\wvsbpify.dll",DllRegisterServerW -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\PLMR\AppData\Local\Deployment\AOL\wvsbpify.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\PLMR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\PLMR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\PLMR\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\PLMR\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\PLMR\Desktop\Click to Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

(end)

************************************************************************

dds:

DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by PLMR at 12:20:12 on 2012-10-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2060 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\Explorer.EXE
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uURLSearchHooks: {72b90932-6338-4345-9fc4-4f94984ed241} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [Google Update] "C:\Users\PLMR\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F933589A-986F-4D7D-9189-D55932ABC060} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = DPPassFilter scecli
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
x64-BHO: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\dpotspluginie8.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-10-2 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-10-2 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-10-2 167072]
R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20121012.001\IDSviA64.sys [2012-10-12 513184]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-10-2 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys [2012-10-2 405624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/08/18 01:58:13];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-8-18 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-4 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-16 203264]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-6 338168]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-4-20 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-14 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-14 676936]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe [2012-10-2 138272]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-1-21 130048]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-20 7767552]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-20 279040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-27 138912]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-14 25928]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-8-18 38456]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-18 239136]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-18 295424]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-30 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 12:20:21.01 ===============

**********************************************************************************

attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/29/2010 2:09:37 AM
System Uptime: 10/14/2012 12:11:41 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1441
Processor: AMD Phenom(tm) II N930 Quad-Core Processor | Socket S1G4 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 445 GiB total, 45.161 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 3.016 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 6500 E709n
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP179: 9/7/2012 6:35:41 PM - Scheduled Checkpoint
RP180: 9/12/2012 6:05:51 AM - HPSF Applying updates
RP181: 9/12/2012 6:08:46 AM - HPSF Applying updates
RP182: 9/20/2012 3:36:54 PM - Scheduled Checkpoint
RP183: 9/28/2012 12:00:02 AM - Scheduled Checkpoint
RP184: 10/5/2012 1:12:06 PM - Scheduled Checkpoint
RP185: 10/6/2012 2:20:20 AM - HPSF Restore Point
RP186: 10/12/2012 3:10:36 PM - Norton 360 Registry Clean
RP187: 10/14/2012 7:01:32 AM - Installed SpyHunter
RP188: 10/14/2012 8:52:37 AM - Removed SpyHunter
RP189: 10/14/2012 8:53:22 AM - Removed SpyHunter
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
6500_E709_eDocs
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop 6.0
Adobe Reader 9.3.4
Adobe Reader 9.5.0 MUI
Adobe Shockwave Player
Adobe SVG Viewer
AIM 7
AMD USB Filter Driver
Atheros Driver Installation Program
ATI Catalyst Install Manager
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
D3DX10
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DocMgr
DocProc
Dora's Carnival Adventure
Download Updater (AOL LLC)
DVD Menu Pack for HP MediaSmart Video
Escape Rosecliff Island
ESU for Microsoft Windows 7
Faerie Solitaire
FATE
Fax
Google Chrome
Google Talk Plugin
Google Update Helper
GoToMeeting 4.5.0.457
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.2.0
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP Imaging Device Functions 13.0
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Movies and TV
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Officejet 6500 E709 Series
HP Photo Creations
HP Power Plan Utility
HP Quick Launch
HP QuickWeb Installer
HP Setup
HP SimplePass Identity Protection
HP Smart Web Printing 4.51
HP Software Framework
HP Solution Center 13.0
HP Support Assistant
HP Tone Control
HP Update
HP User Guides 0193
HP Wireless Assistant
HPProductAssistant
HPSSupply
Hulu Desktop
IDT Audio
ISO Recorder
Java Auto Updater
Java(TM) 6 Update 17 (64-bit)
Java(TM) 6 Update 24
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 1.65.0.1400
MarketResearch
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft IntelliPoint 8.2
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
Network64
Norton 360
Norton Online Backup
OCR Software by I.R.I.S. 13.0
Opera 10.62
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
ProductContext
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Scan
SecondLifeBetaViewer (remove only)
Shop for HP Supplies
Skype™ 5.1
SmartWebPrinting
SolutionCenter
SpyHunter
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
TextTwist 2
Toolbox
TrayApp
Validity Sensors DDK
Virtual Families
Virtual Villagers - The Secret City
VLC media player 2.0.2
WD SmartWare
WebReg
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
10/14/2012 8:26:36 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
10/14/2012 8:26:36 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 2 time(s).
10/14/2012 7:36:44 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
10/14/2012 7:36:44 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
10/14/2012 7:02:38 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 2 time(s).
10/14/2012 12:12:16 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Title: Re: Sh4ldr removal help windows 7
Post by: Dr Jay on October 14, 2012, 11:18:35 AM

Hi there!

ComboFix scan

Please download ComboFix(http://img7.imageshack.us/img7/4930/combofix.gif) by sUBs
From BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here (http://www.bleepingcomputer.com/forums/topic114351.html) if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Title: Re: Sh4ldr removal help windows 7
Post by: Randerson123 on October 15, 2012, 07:42:23 AM

Thanks for the help... here's the report!

ComboFix 12-10-14.03 - PLMR 10/15/2012 9:27.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2159 [GMT -4:00]
Running from: c:\users\PLMR\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\programdata\vlc-1.1.4-win32.exe
c:\users\PLMR\g2mdlhlpx.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-14 15:57 . 2012-10-14 15:57   --------   d-----w-   c:\users\PLMR\AppData\Roaming\Malwarebytes
2012-10-14 15:57 . 2012-10-14 15:57   --------   d-----w-   c:\programdata\Malwarebytes
2012-10-14 15:57 . 2012-10-14 15:57   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-14 15:57 . 2012-09-07 21:04   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-10-14 13:10 . 2012-10-14 13:10   --------   d-----w-   c:\users\PLMR\AppData\Roaming\SUPERAntiSpyware.com
2012-10-14 13:10 . 2012-10-14 13:10   --------   d-----w-   c:\program files (x86)\Google
2012-10-14 13:09 . 2012-10-14 13:10   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-10-14 13:09 . 2012-10-14 13:09   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-10-14 11:02 . 2012-10-14 11:02   110080   ----a-r-   c:\users\PLMR\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-10-14 11:02 . 2012-10-14 11:02   110080   ----a-r-   c:\users\PLMR\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-10-14 11:02 . 2012-10-14 11:02   110080   ----a-r-   c:\users\PLMR\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-10-14 11:02 . 2012-10-14 11:02   --------   d-----w-   C:\sh4ldr
2012-10-14 11:02 . 2012-10-14 11:02   --------   d-----w-   c:\program files\Enigma Software Group
2012-10-14 10:59 . 2012-10-14 11:02   --------   d-----w-   c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-10-14 10:59 . 2012-10-14 10:59   --------   d-----w-   c:\program files (x86)\Common Files\Wise Installation Wizard
2012-10-02 10:20 . 2012-10-12 15:49   --------   d-----w-   c:\windows\system32\drivers\N360x64\0604000.009
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-24 270336]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ     DPPassFilter scecli
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 136176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 20056]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20121012.001\IDSvia64.sys [2012-09-06 513184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/08/18 01:58];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-02-23 00:23 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-05 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-20 203264]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-06 338168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-04-20 30520]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-20 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-20 279040]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-27 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 13:10]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 13:10]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483458109-1383661742-3786623851-1001Core.job
- c:\users\PLMR\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 14:26]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483458109-1383661742-3786623851-1001UA.job
- c:\users\PLMR\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 14:26]
.
2012-10-12 c:\windows\Tasks\HPCeeScheduleForPLMR.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-18 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-05 487424]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: skype.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{72b90932-6338-4345-9fc4-4f94984ed241} - (no file)
Wow6432Node-HKCU-Run-TomTomHOME.exe - c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{72B90932-6338-4345-9FC4-4F94984ED241} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-10-15 09:44:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-15 13:44
.
Pre-Run: 47,911,088,128 bytes free
Post-Run: 47,552,421,888 bytes free
.
- - End Of File - - A4758A9E3859164ED5874E16FA2DC9E0

Title: Re: Sh4ldr removal help windows 7
Post by: Dr Jay on October 15, 2012, 07:46:30 AM

TDSSKiller Scan

Please download and run TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

(http://img.photobucket.com/albums/v257/MrChalee/tdss_1.jpg)

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

(http://img.photobucket.com/albums/v257/MrChalee/tdss_2.jpg)

------------------------

Click the Start Scan button.

(http://img.photobucket.com/albums/v257/MrChalee/tdss_3.jpg)

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

(http://img.photobucket.com/albums/v257/MrChalee/tdss_4.jpg)

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

(http://img.photobucket.com/albums/v257/MrChalee/tdss_5.jpg)

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

avast! aswMBR

Please download aswMBR from here (http://public.avast.com/%7Egmerek/aswMBR.exe)

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Uncheck "Trace disk IO calls".
Click the Scan button to start the scan as illustrated below

(http://i1096.photobucket.com/albums/g328/Crush_PCHF/aswMBR_Scan.jpg)
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

Once the scan finishes click Save log to save the log to your Desktop
(http://i1096.photobucket.com/albums/g328/Crush_PCHF/aswMBR_SaveLog.png)
Copy and paste the contents of aswMBR.txt back here for review
Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

Title: Re: Sh4ldr removal help windows 7
Post by: Randerson123 on October 15, 2012, 10:43:04 AM

Ok, here are the files:

aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-15 10:23:41
-----------------------------
10:23:41.028 OS Version: Windows x64 6.1.7600
10:23:41.028 Number of processors: 4 586 0x503
10:23:41.028 ComputerName: RUPERT UserName: PLMR
10:23:42.963 Initialize success
10:24:42.558 AVAST engine defs: 12101500
10:25:20.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:25:20.560 Disk 0 Vendor: WDC_WD5000BEKT-60KA9T0 01.01A01 Size: 476940MB BusType: 11
10:25:20.607 Disk 0 MBR read successfully
10:25:20.622 Disk 0 MBR scan
10:25:20.622 Disk 0 unknown MBR code
10:25:20.638 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:25:20.669 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 455419 MB offset 409600
10:25:20.700 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21217 MB offset 933107712
10:25:20.716 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
10:25:20.763 Disk 0 scanning C:\Windows\system32\drivers
10:25:30.700 Service scanning
10:25:53.539 Modules scanning
10:25:55.473 AVAST engine scan C:\
12:44:29.510 Scan finished successfully
12:50:38.809 Disk 0 MBR has been saved successfully to "C:\Users\PLMR\Documents\AntiVirus Project 10.2012\antivirusproject day2\MBR.dat"
12:50:38.825 The log file has been saved successfully to "C:\Users\PLMR\Documents\AntiVirus Project 10.2012\antivirusproject day2\aswMBR.txt"

*******************************************************************************

TDSSKiller:

10:16:54.0381 4524 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
10:16:55.0601 4524 ============================================================
10:16:55.0601 4524 Current date / time: 2012/10/15 10:16:55.0601
10:16:55.0601 4524 SystemInfo:
10:16:55.0601 4524
10:16:55.0601 4524 OS Version: 6.1.7600 ServicePack: 0.0
10:16:55.0601 4524 Product type: Workstation
10:16:55.0601 4524 ComputerName: RUPERT
10:16:55.0601 4524 UserName: PLMR
10:16:55.0601 4524 Windows directory: C:\Windows
10:16:55.0601 4524 System windows directory: C:\Windows
10:16:55.0601 4524 Running under WOW64
10:16:55.0601 4524 Processor architecture: Intel x64
10:16:55.0601 4524 Number of processors: 4
10:16:55.0601 4524 Page size: 0x1000
10:16:55.0601 4524 Boot type: Normal boot
10:16:55.0601 4524 ============================================================
10:16:56.0981 4524 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:16:56.0991 4524 ============================================================
10:16:56.0991 4524 \Device\Harddisk0\DR0:
10:16:56.0991 4524 MBR partitions:
10:16:56.0991 4524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:16:56.0991 4524 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3797D800
10:16:56.0991 4524 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x379E1800, BlocksNum 0x2970800
10:16:56.0991 4524 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
10:16:56.0991 4524 ============================================================
10:16:57.0011 4524 C: <-> \Device\Harddisk0\DR0\Partition2
10:16:57.0051 4524 D: <-> \Device\Harddisk0\DR0\Partition3
10:16:57.0061 4524 E: <-> \Device\Harddisk0\DR0\Partition4
10:16:57.0061 4524 ============================================================
10:16:57.0061 4524 Initialize success
10:16:57.0061 4524 ============================================================
10:18:12.0891 3728 ============================================================
10:18:12.0891 3728 Scan started
10:18:12.0891 3728 Mode: Manual; SigCheck; TDLFS;
10:18:12.0891 3728 ============================================================
10:18:13.0471 3728 ================ Scan system memory ========================
10:18:13.0471 3728 System memory - ok
10:18:13.0471 3728 ================ Scan services =============================
10:18:13.0601 3728 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:18:13.0701 3728 !SASCORE - ok
10:18:13.0901 3728 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
10:18:14.0001 3728 1394ohci - ok
10:18:14.0041 3728 [ 7BB93BB5A578984090748F310ED895EF ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
10:18:14.0091 3728 Accelerometer - ok
10:18:14.0131 3728 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
10:18:14.0141 3728 ACPI - ok
10:18:14.0171 3728 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
10:18:14.0261 3728 AcpiPmi - ok
10:18:14.0291 3728 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:18:14.0331 3728 adp94xx - ok
10:18:14.0361 3728 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:18:14.0401 3728 adpahci - ok
10:18:14.0431 3728 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:18:14.0441 3728 adpu320 - ok
10:18:14.0471 3728 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:18:14.0561 3728 AeLookupSvc - ok
10:18:14.0661 3728 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
10:18:14.0731 3728 AESTFilters - ok
10:18:14.0761 3728 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
10:18:14.0831 3728 AFD - ok
10:18:14.0841 3728 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
10:18:14.0861 3728 agp440 - ok
10:18:14.0881 3728 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:18:14.0901 3728 ALG - ok
10:18:14.0921 3728 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
10:18:14.0941 3728 aliide - ok
10:18:14.0981 3728 [ 29C151492510640343B00B63996E4070 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:18:15.0071 3728 AMD External Events Utility - ok
10:18:15.0091 3728 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
10:18:15.0121 3728 amdide - ok
10:18:15.0141 3728 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:18:15.0191 3728 AmdK8 - ok
10:18:15.0381 3728 [ 2C9C4824664C61351FF1E0169262D026 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:18:15.0601 3728 amdkmdag - ok
10:18:15.0621 3728 [ EF7382689D3B17AC2983202E7A40AB45 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:18:15.0681 3728 amdkmdap - ok
10:18:15.0701 3728 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:18:15.0731 3728 AmdPPM - ok
10:18:15.0751 3728 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
10:18:15.0761 3728 amdsata - ok
10:18:15.0781 3728 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:18:15.0801 3728 amdsbs - ok
10:18:15.0821 3728 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
10:18:15.0841 3728 amdxata - ok
10:18:15.0881 3728 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
10:18:15.0921 3728 AppID - ok
10:18:15.0951 3728 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:18:16.0021 3728 AppIDSvc - ok
10:18:16.0031 3728 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
10:18:16.0071 3728 Appinfo - ok
10:18:16.0101 3728 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:18:16.0121 3728 arc - ok
10:18:16.0131 3728 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:18:16.0151 3728 arcsas - ok
10:18:16.0181 3728 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:18:16.0241 3728 AsyncMac - ok
10:18:16.0251 3728 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
10:18:16.0281 3728 atapi - ok
10:18:16.0351 3728 [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:18:16.0521 3728 athr - ok
10:18:16.0561 3728 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:18:16.0641 3728 AtiHdmiService - ok
10:18:16.0671 3728 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
10:18:16.0701 3728 AtiPcie - ok
10:18:16.0751 3728 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:18:16.0881 3728 AudioEndpointBuilder - ok
10:18:16.0911 3728 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:18:16.0971 3728 AudioSrv - ok
10:18:16.0991 3728 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:18:17.0061 3728 AxInstSV - ok
10:18:17.0091 3728 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:18:17.0151 3728 b06bdrv - ok
10:18:17.0171 3728 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:18:17.0221 3728 b57nd60a - ok
10:18:17.0241 3728 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:18:17.0291 3728 BDESVC - ok
10:18:17.0301 3728 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:18:17.0361 3728 Beep - ok
10:18:17.0421 3728 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
10:18:17.0531 3728 BFE - ok
10:18:17.0751 3728 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
10:18:17.0811 3728 BHDrvx64 - ok
10:18:17.0851 3728 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
10:18:17.0921 3728 BITS - ok
10:18:17.0941 3728 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:18:17.0981 3728 blbdrive - ok
10:18:18.0001 3728 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:18:18.0031 3728 bowser - ok
10:18:18.0071 3728 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:18:18.0101 3728 BrFiltLo - ok
10:18:18.0111 3728 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:18:18.0131 3728 BrFiltUp - ok
10:18:18.0161 3728 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:18:18.0201 3728 BridgeMP - ok
10:18:18.0221 3728 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
10:18:18.0261 3728 Browser - ok
10:18:18.0291 3728 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:18:18.0331 3728 Brserid - ok
10:18:18.0351 3728 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:18:18.0381 3728 BrSerWdm - ok
10:18:18.0401 3728 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:18:18.0441 3728 BrUsbMdm - ok
10:18:18.0451 3728 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:18:18.0491 3728 BrUsbSer - ok
10:18:18.0511 3728 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:18:18.0541 3728 BTHMODEM - ok
10:18:18.0571 3728 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:18:18.0661 3728 bthserv - ok
10:18:18.0691 3728 catchme - ok
10:18:18.0791 3728 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
10:18:18.0831 3728 ccSet_N360 - ok
10:18:18.0851 3728 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:18:18.0931 3728 cdfs - ok
10:18:18.0971 3728 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:18:19.0011 3728 cdrom - ok
10:18:19.0031 3728 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
10:18:19.0101 3728 CertPropSvc - ok
10:18:19.0171 3728 [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
10:18:19.0211 3728 CinemaNow Service - ok
10:18:19.0251 3728 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:18:19.0301 3728 circlass - ok
10:18:19.0321 3728 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:18:19.0351 3728 CLFS - ok
10:18:19.0431 3728 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:18:19.0461 3728 clr_optimization_v2.0.50727_32 - ok
10:18:19.0501 3728 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:18:19.0541 3728 clr_optimization_v2.0.50727_64 - ok
10:18:19.0561 3728 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:18:19.0581 3728 CmBatt - ok
10:18:19.0601 3728 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
10:18:19.0611 3728 cmdide - ok
10:18:19.0631 3728 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
10:18:19.0671 3728 CNG - ok
10:18:19.0691 3728 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:18:19.0701 3728 Compbatt - ok
10:18:19.0731 3728 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:18:19.0761 3728 CompositeBus - ok
10:18:19.0771 3728 COMSysApp - ok
10:18:19.0801 3728 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:18:19.0811 3728 crcdisk - ok
10:18:19.0851 3728 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:18:19.0921 3728 CryptSvc - ok
10:18:20.0001 3728 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
10:18:20.0031 3728 dc3d - ok
10:18:20.0091 3728 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:18:20.0161 3728 DcomLaunch - ok
10:18:20.0181 3728 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:18:20.0271 3728 defragsvc - ok
10:18:20.0291 3728 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:18:20.0371 3728 DfsC - ok
10:18:20.0411 3728 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
10:18:20.0461 3728 Dhcp - ok
10:18:20.0481 3728 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:18:20.0531 3728 discache - ok
10:18:20.0571 3728 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:18:20.0611 3728 Disk - ok
10:18:20.0651 3728 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:18:20.0721 3728 Dnscache - ok
10:18:20.0741 3728 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
10:18:20.0811 3728 dot3svc - ok
10:18:20.0881 3728 [ 8CBE9EB5088E36DB88013D9D5858B87F ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
10:18:20.0921 3728 DpHost - ok
10:18:20.0951 3728 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
10:18:20.0991 3728 DPS - ok
10:18:21.0011 3728 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:18:21.0041 3728 drmkaud - ok
10:18:21.0081 3728 [ A298AEA9FCA253E7EFF040A08C7C6376 ] DVMIO C:\Windows\system32\DRIVERS\dvmio.sys
10:18:21.0131 3728 DVMIO - ok
10:18:21.0211 3728 [ 5EB46032ECA199F4721EB1915B5383C8 ] DvmMDES C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
10:18:21.0241 3728 DvmMDES - ok
10:18:21.0311 3728 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:18:21.0351 3728 DXGKrnl - ok
10:18:21.0371 3728 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:18:21.0421 3728 EapHost - ok
10:18:21.0511 3728 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:18:21.0641 3728 ebdrv - ok
10:18:21.0711 3728 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:18:21.0751 3728 eeCtrl - ok
10:18:21.0781 3728 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
10:18:21.0811 3728 EFS - ok
10:18:21.0891 3728 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:18:22.0011 3728 ehRecvr - ok
10:18:22.0051 3728 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:18:22.0121 3728 ehSched - ok
10:18:22.0161 3728 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:18:22.0191 3728 elxstor - ok
10:18:22.0221 3728 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:18:22.0261 3728 EraserUtilRebootDrv - ok
10:18:22.0281 3728 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
10:18:22.0311 3728 ErrDev - ok
10:18:22.0391 3728 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
10:18:22.0431 3728 esgiguard - ok
10:18:22.0471 3728 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:18:22.0531 3728 EventSystem - ok
10:18:22.0551 3728 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:18:22.0611 3728 exfat - ok
10:18:22.0641 3728 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:18:22.0721 3728 fastfat - ok
10:18:22.0751 3728 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
10:18:22.0811 3728 Fax - ok
10:18:22.0841 3728 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:18:22.0881 3728 fdc - ok
10:18:22.0911 3728 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:18:22.0981 3728 fdPHost - ok
10:18:22.0991 3728 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:18:23.0051 3728 FDResPub - ok
10:18:23.0061 3728 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:18:23.0081 3728 FileInfo - ok
10:18:23.0101 3728 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:18:23.0151 3728 Filetrace - ok
10:18:23.0161 3728 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:18:23.0191 3728 flpydisk - ok
10:18:23.0201 3728 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:18:23.0221 3728 FltMgr - ok
10:18:23.0281 3728 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
10:18:23.0391 3728 FontCache - ok
10:18:23.0441 3728 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:18:23.0461 3728 FontCache3.0.0.0 - ok
10:18:23.0481 3728 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:18:23.0501 3728 FsDepends - ok
10:18:23.0511 3728 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:18:23.0541 3728 Fs_Rec - ok
10:18:23.0581 3728 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:18:23.0611 3728 fvevol - ok
10:18:23.0631 3728 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:18:23.0651 3728 gagp30kx - ok
10:18:23.0681 3728 [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10:18:23.0711 3728 GameConsoleService - ok
10:18:23.0741 3728 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
10:18:23.0791 3728 gpsvc - ok
10:18:23.0871 3728 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:18:23.0901 3728 gupdate - ok
10:18:23.0921 3728 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:18:23.0931 3728 gupdatem - ok
10:18:23.0951 3728 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:18:24.0011 3728 hcw85cir - ok
10:18:24.0031 3728 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:18:24.0081 3728 HdAudAddService - ok
10:18:24.0101 3728 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:18:24.0151 3728 HDAudBus - ok
10:18:24.0171 3728 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:18:24.0201 3728 HidBatt - ok
10:18:24.0211 3728 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:18:24.0251 3728 HidBth - ok
10:18:24.0271 3728 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:18:24.0301 3728 HidIr - ok
10:18:24.0311 3728 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:18:24.0391 3728 hidserv - ok
10:18:24.0431 3728 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:18:24.0471 3728 HidUsb - ok
10:18:24.0481 3728 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:18:24.0531 3728 hkmsvc - ok
10:18:24.0551 3728 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:18:24.0581 3728 HomeGroupListener - ok
10:18:24.0621 3728 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:18:24.0671 3728 HomeGroupProvider - ok
10:18:24.0781 3728 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:18:24.0811 3728 HP Support Assistant Service - ok
10:18:24.0851 3728 [ 9ABD12FCE4A62905731C286BB1D66789 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
10:18:24.0891 3728 HP Wireless Assistant Service - ok
10:18:24.0951 3728 [ C958976C7DAAF47084A33EBBC6E28B84 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:18:24.0971 3728 HPDrvMntSvc.exe - ok
10:18:24.0991 3728 [ 0193C30760032CC044EF47A1919F20DC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
10:18:25.0011 3728 hpdskflt - ok
10:18:25.0131 3728 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:18:25.0151 3728 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:18:25.0151 3728 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:18:25.0191 3728 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:18:25.0221 3728 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
10:18:25.0221 3728 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
10:18:25.0281 3728 [ 09FBD4C4DB2FD84B9AB1C5BFDCC95559 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:18:25.0361 3728 hpqwmiex - ok
10:18:25.0401 3728 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
10:18:25.0451 3728 HpSAMD - ok
10:18:25.0501 3728 [ 2ADF33F93991C4E24E86FFA5F906417B ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:18:25.0571 3728 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
10:18:25.0571 3728 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
10:18:25.0601 3728 [ 65A2B4B003D733C6FAA16F22212BB86D ] hpsrv C:\Windows\system32\Hpservice.exe
10:18:25.0611 3728 hpsrv - ok
10:18:25.0641 3728 [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:18:25.0661 3728 HPWMISVC ( UnsignedFile.Multi.Generic ) - warning
10:18:25.0661 3728 HPWMISVC - detected UnsignedFile.Multi.Generic (1)
10:18:25.0711 3728 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:18:25.0821 3728 HTTP - ok
10:18:25.0831 3728 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:18:25.0851 3728 hwpolicy - ok
10:18:25.0881 3728 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:18:25.0911 3728 i8042prt - ok
10:18:25.0951 3728 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
10:18:25.0971 3728 iaStorV - ok
10:18:26.0011 3728 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:18:26.0061 3728 idsvc - ok
10:18:26.0191 3728 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20121012.001\IDSvia64.sys
10:18:26.0221 3728 IDSVia64 - ok
10:18:26.0351 3728 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:18:26.0561 3728 igfx - ok
10:18:26.0591 3728 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:18:26.0601 3728 iirsp - ok
10:18:26.0641 3728 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
10:18:26.0721 3728 IKEEXT - ok
10:18:26.0741 3728 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
10:18:26.0751 3728 intelide - ok
10:18:26.0791 3728 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:18:26.0831 3728 intelppm - ok
10:18:26.0861 3728 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:18:26.0931 3728 IPBusEnum - ok
10:18:26.0951 3728 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:18:26.0991 3728 IpFilterDriver - ok
10:18:27.0021 3728 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:18:27.0071 3728 iphlpsvc - ok
10:18:27.0091 3728 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:18:27.0111 3728 IPMIDRV - ok
10:18:27.0131 3728 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:18:27.0191 3728 IPNAT - ok
10:18:27.0211 3728 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:18:27.0231 3728 IRENUM - ok
10:18:27.0251 3728 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
10:18:27.0261 3728 isapnp - ok
10:18:27.0281 3728 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:18:27.0321 3728 iScsiPrt - ok
10:18:27.0341 3728 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:18:27.0371 3728 kbdclass - ok
10:18:27.0391 3728 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:18:27.0411 3728 kbdhid - ok
10:18:27.0421 3728 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
10:18:27.0461 3728 KeyIso - ok
10:18:27.0481 3728 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:18:27.0501 3728 KSecDD - ok
10:18:27.0531 3728 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:18:27.0551 3728 KSecPkg - ok
10:18:27.0571 3728 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:18:27.0661 3728 ksthunk - ok
10:18:27.0691 3728 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:18:27.0761 3728 KtmRm - ok
10:18:27.0801 3728 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:18:27.0851 3728 LanmanServer - ok
10:18:27.0891 3728 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:18:27.0941 3728 LanmanWorkstation - ok
10:18:27.0961 3728 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:18:28.0041 3728 lltdio - ok
10:18:28.0081 3728 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:18:28.0171 3728 lltdsvc - ok
10:18:28.0181 3728 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:18:28.0251 3728 lmhosts - ok
10:18:28.0291 3728 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:18:28.0301 3728 LSI_FC - ok
10:18:28.0321 3728 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:18:28.0331 3728 LSI_SAS - ok
10:18:28.0361 3728 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:18:28.0401 3728 LSI_SAS2 - ok
10:18:28.0421 3728 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:18:28.0441 3728 LSI_SCSI - ok
10:18:28.0471 3728 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:18:28.0521 3728 luafv - ok
10:18:28.0561 3728 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:18:28.0581 3728 MBAMProtector - ok
10:18:28.0651 3728 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:18:28.0671 3728 MBAMScheduler - ok
10:18:28.0701 3728 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:18:28.0721 3728 MBAMService - ok
10:18:28.0751 3728 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:18:28.0781 3728 Mcx2Svc - ok
10:18:28.0811 3728 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:18:28.0851 3728 megasas - ok
10:18:28.0881 3728 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:18:28.0901 3728 MegaSR - ok
10:18:28.0921 3728 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:18:28.0971 3728 MMCSS - ok
10:18:28.0991 3728 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:18:29.0071 3728 Modem - ok
10:18:29.0091 3728 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:18:29.0121 3728 monitor - ok
10:18:29.0141 3728 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:18:29.0171 3728 mouclass - ok
10:18:29.0181 3728 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:18:29.0201 3728 mouhid - ok
10:18:29.0211 3728 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:18:29.0251 3728 mountmgr - ok
10:18:29.0271 3728 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
10:18:29.0301 3728 mpio - ok
10:18:29.0321 3728 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:18:29.0361 3728 mpsdrv - ok
10:18:29.0391 3728 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:18:29.0441 3728 MpsSvc - ok
10:18:29.0471 3728 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:18:29.0491 3728 MRxDAV - ok
10:18:29.0521 3728 [ B7F3D2C40BDF8FFB73EBFB19C77734E2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:18:29.0581 3728 mrxsmb - ok
10:18:29.0611 3728 [ 86C6F88B5168CE21CF8D69D0B3FF5D19 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:18:29.0651 3728 mrxsmb10 - ok
10:18:29.0671 3728 [ B081069251C8E9F42CB8769D07148F9C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:18:29.0701 3728 mrxsmb20 - ok
10:18:29.0711 3728 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
10:18:29.0721 3728 msahci - ok
10:18:29.0761 3728 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
10:18:29.0771 3728 msdsm - ok
10:18:29.0791 3728 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:18:29.0811 3728 MSDTC - ok
10:18:29.0841 3728 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:18:29.0901 3728 Msfs - ok
10:18:29.0921 3728 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:18:30.0001 3728 mshidkmdf - ok
10:18:30.0021 3728 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
10:18:30.0051 3728 msisadrv - ok
10:18:30.0091 3728 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:18:30.0201 3728 MSiSCSI - ok
10:18:30.0211 3728 msiserver - ok
10:18:30.0231 3728 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:18:30.0291 3728 MSKSSRV - ok
10:18:30.0301 3728 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:18:30.0341 3728 MSPCLOCK - ok
10:18:30.0361 3728 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:18:30.0411 3728 MSPQM - ok
10:18:30.0421 3728 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:18:30.0441 3728 MsRPC - ok
10:18:30.0461 3728 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:18:30.0471 3728 mssmbios - ok
10:18:30.0491 3728 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:18:30.0571 3728 MSTEE - ok
10:18:30.0591 3728 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:18:30.0621 3728 MTConfig - ok
10:18:30.0641 3728 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:18:30.0661 3728 Mup - ok
10:18:30.0781 3728 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
10:18:30.0811 3728 N360 - ok
10:18:30.0851 3728 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
10:18:30.0931 3728 napagent - ok
10:18:30.0951 3728 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:18:30.0971 3728 NativeWifiP - ok
10:18:31.0071 3728 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20121014.006\ENG64.SYS
10:18:31.0111 3728 NAVENG - ok
10:18:31.0181 3728 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20121014.006\EX64.SYS
10:18:31.0251 3728 NAVEX15 - ok
10:18:31.0291 3728 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:18:31.0321 3728 NDIS - ok
10:18:31.0351 3728 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:18:31.0391 3728 NdisCap - ok
10:18:31.0411 3728 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:18:31.0471 3728 NdisTapi - ok
10:18:31.0491 3728 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:18:31.0541 3728 Ndisuio - ok
10:18:31.0551 3728 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:18:31.0601 3728 NdisWan - ok
10:18:31.0621 3728 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:18:31.0661 3728 NDProxy - ok
10:18:31.0701 3728 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:18:31.0721 3728 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:18:31.0721 3728 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:18:31.0731 3728 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:18:31.0811 3728 NetBIOS - ok
10:18:31.0831 3728 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:18:31.0881 3728 NetBT - ok
10:18:31.0891 3728 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
10:18:31.0901 3728 Netlogon - ok
10:18:31.0941 3728 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:18:31.0991 3728 Netman - ok
10:18:32.0011 3728 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:18:32.0081 3728 netprofm - ok
10:18:32.0111 3728 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:18:32.0121 3728 NetTcpPortSharing - ok
10:18:32.0271 3728 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
10:18:32.0441 3728 netw5v64 - ok
10:18:32.0471 3728 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:18:32.0501 3728 nfrd960 - ok
10:18:32.0521 3728 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:18:32.0621 3728 NlaSvc - ok
10:18:32.0631 3728 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:18:32.0711 3728 Npfs - ok
10:18:32.0721 3728 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:18:32.0841 3728 nsi - ok
10:18:32.0851 3728 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:18:32.0951 3728 nsiproxy - ok
10:18:32.0991 3728 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:18:33.0031 3728 Ntfs - ok
10:18:33.0051 3728 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:18:33.0131 3728 Null - ok
10:18:33.0181 3728 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
10:18:33.0211 3728 nvraid - ok
10:18:33.0251 3728 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
10:18:33.0281 3728 nvstor - ok
10:18:33.0301 3728 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
10:18:33.0321 3728 nv_agp - ok
10:18:33.0351 3728 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:18:33.0381 3728 ohci1394 - ok
10:18:33.0421 3728 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:18:33.0461 3728 ose - ok
10:18:33.0491 3728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:18:33.0561 3728 p2pimsvc - ok
10:18:33.0601 3728 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:18:33.0631 3728 p2psvc - ok
10:18:33.0651 3728 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:18:33.0681 3728 Parport - ok
10:18:33.0701 3728 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:18:33.0721 3728 partmgr - ok
10:18:33.0741 3728 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:18:33.0771 3728 PcaSvc - ok
10:18:33.0791 3728 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
10:18:33.0811 3728 pci - ok
10:18:33.0851 3728 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
10:18:33.0871 3728 pciide - ok
10:18:33.0911 3728 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:18:33.0941 3728 pcmcia - ok
10:18:33.0961 3728 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:18:33.0981 3728 pcw - ok
10:18:34.0001 3728 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:18:34.0081 3728 PEAUTH - ok
10:18:34.0171 3728 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:18:34.0191 3728 PerfHost - ok
10:18:34.0261 3728 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
10:18:34.0421 3728 pla - ok
10:18:34.0461 3728 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:18:34.0521 3728 PlugPlay - ok
10:18:34.0571 3728 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:18:34.0611 3728 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:18:34.0611 3728 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:18:34.0631 3728 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:18:34.0671 3728 PNRPAutoReg - ok
10:18:34.0701 3728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:18:34.0721 3728 PNRPsvc - ok
10:18:34.0771 3728 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
10:18:34.0801 3728 Point64 - ok
10:18:34.0841 3728 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:18:34.0901 3728 PolicyAgent - ok
10:18:34.0921 3728 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:18:34.0971 3728 Power - ok
10:18:34.0991 3728 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:18:35.0051 3728 PptpMiniport - ok
10:18:35.0081 3728 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:18:35.0121 3728 Processor - ok
10:18:35.0151 3728 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
10:18:35.0221 3728 ProfSvc - ok
10:18:35.0231 3728 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
10:18:35.0251 3728 ProtectedStorage - ok
10:18:35.0271 3728 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:18:35.0311 3728 Psched - ok
10:18:35.0361 3728 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:18:35.0421 3728 ql2300 - ok
10:18:35.0441 3728 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:18:35.0451 3728 ql40xx - ok
10:18:35.0481 3728 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:18:35.0511 3728 QWAVE - ok
10:18:35.0521 3728 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:18:35.0551 3728 QWAVEdrv - ok
10:18:35.0571 3728 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:18:35.0611 3728 RasAcd - ok
10:18:35.0621 3728 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:18:35.0671 3728 RasAgileVpn - ok
10:18:35.0691 3728 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:18:35.0741 3728 RasAuto - ok
10:18:35.0751 3728 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:18:35.0821 3728 Rasl2tp - ok
10:18:35.0841 3728 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
10:18:35.0891 3728 RasMan - ok
10:18:35.0911 3728 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:18:35.0971 3728 RasPppoe - ok
10:18:35.0991 3728 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:18:36.0031 3728 RasSstp - ok
10:18:36.0041 3728 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:18:36.0101 3728 rdbss - ok
10:18:36.0121 3728 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:18:36.0141 3728 rdpbus - ok
10:18:36.0161 3728 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:18:36.0201 3728 RDPCDD - ok
10:18:36.0231 3728 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:18:36.0291 3728 RDPENCDD - ok
10:18:36.0301 3728 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:18:36.0351 3728 RDPREFMP - ok
10:18:36.0381 3728 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:18:36.0431 3728 RDPWD - ok
10:18:36.0451 3728 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:18:36.0471 3728 rdyboost - ok
10:18:36.0511 3728 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:18:36.0591 3728 RemoteAccess - ok
10:18:36.0611 3728 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:18:36.0651 3728 RemoteRegistry - ok
10:18:36.0671 3728 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:18:36.0711 3728 RpcEptMapper - ok
10:18:36.0741 3728 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:18:36.0761 3728 RpcLocator - ok
10:18:36.0781 3728 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
10:18:36.0831 3728 RpcSs - ok
10:18:36.0851 3728 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:18:36.0891 3728 rspndr - ok
10:18:36.0941 3728 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
10:18:36.0981 3728 RSUSBSTOR - ok
10:18:37.0021 3728 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:18:37.0141 3728 RTL8167 - ok
10:18:37.0161 3728 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
10:18:37.0181 3728 SamSs - ok
10:18:37.0271 3728 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:18:37.0291 3728 SASDIFSV - ok
10:18:37.0311 3728 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:18:37.0331 3728 SASKUTIL - ok
10:18:37.0351 3728 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
10:18:37.0381 3728 sbp2port - ok
10:18:37.0411 3728 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:18:37.0501 3728 SCardSvr - ok
10:18:37.0511 3728 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:18:37.0571 3728 scfilter - ok
10:18:37.0631 3728 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
10:18:37.0661 3728 Schedule - ok
10:18:37.0691 3728 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:18:37.0731 3728 SCPolicySvc - ok
10:18:37.0761 3728 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:18:37.0791 3728 sdbus - ok
10:18:37.0811 3728 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:18:37.0871 3728 SDRSVC - ok
10:18:37.0941 3728 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:18:37.0971 3728 SeaPort - ok
10:18:37.0991 3728 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:18:38.0051 3728 secdrv - ok
10:18:38.0061 3728 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
10:18:38.0111 3728 seclogon - ok
10:18:38.0131 3728 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:18:38.0191 3728 SENS - ok
10:18:38.0201 3728 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:18:38.0251 3728 SensrSvc - ok
10:18:38.0271 3728 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:18:38.0291 3728 Serenum - ok
10:18:38.0311 3728 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:18:38.0341 3728 Serial - ok
10:18:38.0361 3728 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:18:38.0381 3728 sermouse - ok
10:18:38.0421 3728 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
10:18:38.0471 3728 SessionEnv - ok
10:18:38.0511 3728 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:18:38.0581 3728 sffdisk - ok
10:18:38.0601 3728 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:18:38.0631 3728 sffp_mmc - ok
10:18:38.0651 3728 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:18:38.0681 3728 sffp_sd - ok
10:18:38.0701 3728 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:18:38.0721 3728 sfloppy - ok
10:18:38.0781 3728 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:18:38.0851 3728 SharedAccess - ok
10:18:38.0881 3728 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:18:38.0911 3728 ShellHWDetection - ok
10:18:38.0931 3728 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:18:38.0951 3728 SiSRaid2 - ok
10:18:38.0981 3728 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 &<

Title: Re: Sh4ldr removal help windows 7
Post by: Randerson123 on October 15, 2012, 11:35:45 AM

It looks like the entire killer file didn't copy so i'm attaching it. Thanks!

[year+ old attachment deleted by admin]

Title: Re: Sh4ldr removal help windows 7
Post by: Dr Jay on October 15, 2012, 12:17:47 PM

Now, re-run aswMBR and post a new log, please.

Title: Re: Sh4ldr removal help windows 7
Post by: Randerson123 on October 15, 2012, 12:26:16 PM

Before i run it again, i have a quick question. This thing took 2 and a half hours to run on my computer, and i ran it just before i posted that log. Would something have changed in that amount of time? I haven't opened or run anything since, and this is the only window i have open. Would the quick scan work?

(And thanks for answering so quickly!)

Title: Re: Sh4ldr removal help windows 7
Post by: Randerson123 on October 15, 2012, 06:23:54 PM

DMJ,

I forgot to mention that i'm using Windows 7, so that might save you a few keystrokes. Here's the MBR log and I attached the Dat/Txt file as well:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-15 14:52:56
-----------------------------
14:52:56.628 OS Version: Windows x64 6.1.7600
14:52:56.628 Number of processors: 4 586 0x503
14:52:56.630 ComputerName: RUPERT UserName: PLMR
14:52:58.406 Initialize success
14:53:14.470 AVAST engine defs: 12101500
14:54:06.073 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:54:06.077 Disk 0 Vendor: WDC_WD5000BEKT-60KA9T0 01.01A01 Size: 476940MB BusType: 11
14:54:06.559 Disk 0 MBR read successfully
14:54:06.565 Disk 0 MBR scan
14:54:06.577 Disk 0 unknown MBR code
14:54:06.627 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:54:06.705 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 455419 MB offset 409600
14:54:06.781 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21217 MB offset 933107712
14:54:06.852 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
14:54:07.096 Disk 0 scanning C:\Windows\system32\drivers
14:55:58.967 Service scanning
14:56:25.000 Modules scanning
14:56:27.179 AVAST engine scan C:\
20:24:32.735 Scan finished successfully
20:26:28.331 Disk 0 MBR has been saved successfully to "C:\Users\PLMR\Documents\AntiVirus Project 10.2012\antivirusproject day2\2nd run\MBR.dat"
20:26:28.331 The log file has been saved successfully to "C:\Users\PLMR\Documents\AntiVirus Project 10.2012\antivirusproject day2\2nd run\aswMBR.txt"

[year+ old attachment deleted by admin]

Title: Re: Sh4ldr removal help windows 7
Post by: Dr Jay on October 16, 2012, 05:56:38 PM

ESET Online Scan

Please run a free online scan with the ESET Online Scanner (http://www.eset.com/onlinescan/)

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
Click Start or wait for the scanner to load.
Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, there are a couple of things to keep in mind:
1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
Open the logfile from wherever you saved it
Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

Title: Re: Sh4ldr removal help windows 7
Post by: Randerson123 on October 17, 2012, 08:30:34 AM

Thanks, DMJ... First, here are the obvious side effects, as requested:

1. The computer is running slow, like it's getting snagged on things running through a briar patch, pauses for a wicked long time, then goes back to flying along.
2. Redirects to unfamiliar search pages. Sometimes it even does that when i type the address directly in the address bar.
3. I'm getting high usage messages from random issues, but the message is always about high usage.

And here's the eset report:

C:\Users\PLMR\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdcdbgfdfdhgfgbdhgbdhdeggdfgc\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\PLMR\Downloads\VLC_32.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined

I eagerly await the next step. :)

Title: Re: Sh4ldr removal help windows 7
Post by: Dr Jay on October 17, 2012, 10:37:13 AM

Run TDSSKiller once more and post a log, please.

Also, the following:

Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Delete.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Title: Re: Sh4ldr removal help windows 7
Post by: Randerson123 on October 17, 2012, 11:07:30 AM

Ok, here are the logs.

TDSSKiller:

13:02:15.0628 7012 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
13:02:16.0013 7012 ============================================================
13:02:16.0013 7012 Current date / time: 2012/10/17 13:02:16.0013
13:02:16.0013 7012 SystemInfo:
13:02:16.0013 7012
13:02:16.0014 7012 OS Version: 6.1.7600 ServicePack: 0.0
13:02:16.0014 7012 Product type: Workstation
13:02:16.0014 7012 ComputerName: RUPERT
13:02:16.0014 7012 UserName: PLMR
13:02:16.0014 7012 Windows directory: C:\Windows
13:02:16.0014 7012 System windows directory: C:\Windows
13:02:16.0014 7012 Running under WOW64
13:02:16.0014 7012 Processor architecture: Intel x64
13:02:16.0014 7012 Number of processors: 4
13:02:16.0014 7012 Page size: 0x1000
13:02:16.0015 7012 Boot type: Normal boot
13:02:16.0015 7012 ============================================================
13:02:17.0301 7012 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:02:17.0308 7012 ============================================================
13:02:17.0308 7012 \Device\Harddisk0\DR0:
13:02:17.0309 7012 MBR partitions:
13:02:17.0309 7012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
13:02:17.0309 7012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3797D800
13:02:17.0309 7012 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x379E1800, BlocksNum 0x2970800
13:02:17.0309 7012 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
13:02:17.0309 7012 ============================================================
13:02:17.0324 7012 C: <-> \Device\Harddisk0\DR0\Partition2
13:02:17.0366 7012 D: <-> \Device\Harddisk0\DR0\Partition3
13:02:17.0377 7012 E: <-> \Device\Harddisk0\DR0\Partition4
13:02:17.0378 7012 ============================================================
13:02:17.0378 7012 Initialize success
13:02:17.0378 7012 ============================================================
13:02:28.0643 6932 ============================================================
13:02:28.0643 6932 Scan started
13:02:28.0643 6932 Mode: Manual;
13:02:28.0643 6932 ============================================================
13:02:29.0368 6932 ================ Scan system memory ========================
13:02:29.0368 6932 System memory - ok
13:02:29.0369 6932 ================ Scan services =============================
13:02:29.0506 6932 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:02:29.0510 6932 !SASCORE - ok
13:02:29.0704 6932 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:02:29.0712 6932 1394ohci - ok
13:02:29.0752 6932 [ 7BB93BB5A578984090748F310ED895EF ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
13:02:29.0755 6932 Accelerometer - ok
13:02:29.0804 6932 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
13:02:29.0811 6932 ACPI - ok
13:02:29.0836 6932 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
13:02:29.0840 6932 AcpiPmi - ok
13:02:29.0870 6932 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:02:29.0886 6932 adp94xx - ok
13:02:29.0933 6932 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:02:29.0943 6932 adpahci - ok
13:02:30.0001 6932 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:02:30.0021 6932 adpu320 - ok
13:02:30.0100 6932 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:02:30.0102 6932 AeLookupSvc - ok
13:02:30.0178 6932 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
13:02:30.0180 6932 AESTFilters - ok
13:02:30.0216 6932 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
13:02:30.0231 6932 AFD - ok
13:02:30.0252 6932 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
13:02:30.0255 6932 agp440 - ok
13:02:30.0278 6932 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:02:30.0282 6932 ALG - ok
13:02:30.0311 6932 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
13:02:30.0314 6932 aliide - ok
13:02:30.0368 6932 [ 29C151492510640343B00B63996E4070 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:02:30.0373 6932 AMD External Events Utility - ok
13:02:30.0399 6932 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
13:02:30.0402 6932 amdide - ok
13:02:30.0418 6932 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:02:30.0422 6932 AmdK8 - ok
13:02:30.0631 6932 [ 2C9C4824664C61351FF1E0169262D026 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:02:30.0792 6932 amdkmdag - ok
13:02:30.0819 6932 [ EF7382689D3B17AC2983202E7A40AB45 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:02:30.0827 6932 amdkmdap - ok
13:02:30.0842 6932 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:02:30.0846 6932 AmdPPM - ok
13:02:30.0863 6932 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
13:02:30.0868 6932 amdsata - ok
13:02:30.0884 6932 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:02:30.0890 6932 amdsbs - ok
13:02:30.0909 6932 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
13:02:30.0910 6932 amdxata - ok
13:02:30.0929 6932 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
13:02:30.0933 6932 AppID - ok
13:02:30.0948 6932 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:02:30.0951 6932 AppIDSvc - ok
13:02:30.0960 6932 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
13:02:30.0963 6932 Appinfo - ok
13:02:31.0019 6932 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:02:31.0023 6932 arc - ok
13:02:31.0036 6932 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:02:31.0040 6932 arcsas - ok
13:02:31.0068 6932 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:02:31.0070 6932 AsyncMac - ok
13:02:31.0084 6932 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
13:02:31.0085 6932 atapi - ok
13:02:31.0185 6932 [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr C:\Windows\system32\DRIVERS\athrx.sys
13:02:31.0257 6932 athr - ok
13:02:31.0302 6932 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:02:31.0305 6932 AtiHdmiService - ok
13:02:31.0341 6932 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
13:02:31.0342 6932 AtiPcie - ok
13:02:31.0377 6932 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:02:31.0403 6932 AudioEndpointBuilder - ok
13:02:31.0424 6932 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:02:31.0430 6932 AudioSrv - ok
13:02:31.0451 6932 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:02:31.0455 6932 AxInstSV - ok
13:02:31.0494 6932 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:02:31.0509 6932 b06bdrv - ok
13:02:31.0534 6932 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:02:31.0542 6932 b57nd60a - ok
13:02:31.0569 6932 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:02:31.0573 6932 BDESVC - ok
13:02:31.0589 6932 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:02:31.0591 6932 Beep - ok
13:02:31.0641 6932 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
13:02:31.0667 6932 BFE - ok
13:02:31.0890 6932 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
13:02:31.0943 6932 BHDrvx64 - ok
13:02:31.0996 6932 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
13:02:32.0023 6932 BITS - ok
13:02:32.0051 6932 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:02:32.0053 6932 blbdrive - ok
13:02:32.0205 6932 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:02:32.0208 6932 bowser - ok
13:02:32.0229 6932 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:02:32.0231 6932 BrFiltLo - ok
13:02:32.0246 6932 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:02:32.0248 6932 BrFiltUp - ok
13:02:32.0274 6932 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:02:32.0278 6932 BridgeMP - ok
13:02:32.0306 6932 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
13:02:32.0310 6932 Browser - ok
13:02:32.0333 6932 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:02:32.0340 6932 Brserid - ok
13:02:32.0355 6932 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:02:32.0358 6932 BrSerWdm - ok
13:02:32.0374 6932 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:02:32.0377 6932 BrUsbMdm - ok
13:02:32.0392 6932 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:02:32.0394 6932 BrUsbSer - ok
13:02:32.0413 6932 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:02:32.0416 6932 BTHMODEM - ok
13:02:32.0435 6932 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:02:32.0438 6932 bthserv - ok
13:02:32.0454 6932 catchme - ok
13:02:32.0558 6932 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
13:02:32.0564 6932 ccSet_N360 - ok
13:02:32.0588 6932 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:02:32.0593 6932 cdfs - ok
13:02:32.0624 6932 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:02:32.0629 6932 cdrom - ok
13:02:32.0660 6932 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
13:02:32.0664 6932 CertPropSvc - ok
13:02:32.0737 6932 [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
13:02:32.0742 6932 CinemaNow Service - ok
13:02:32.0762 6932 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:02:32.0766 6932 circlass - ok
13:02:32.0795 6932 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:02:32.0803 6932 CLFS - ok
13:02:32.0898 6932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:02:32.0902 6932 clr_optimization_v2.0.50727_32 - ok
13:02:32.0954 6932 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:02:32.0959 6932 clr_optimization_v2.0.50727_64 - ok
13:02:32.0979 6932 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:02:32.0982 6932 CmBatt - ok
13:02:33.0004 6932 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
13:02:33.0007 6932 cmdide - ok
13:02:33.0033 6932 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
13:02:33.0044 6932 CNG - ok
13:02:33.0074 6932 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:02:33.0076 6932 Compbatt - ok
13:02:33.0101 6932 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:02:33.0104 6932 CompositeBus - ok
13:02:33.0124 6932 COMSysApp - ok
13:02:33.0151 6932 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:02:33.0154 6932 crcdisk - ok
13:02:33.0197 6932 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:02:33.0203 6932 CryptSvc - ok
13:02:33.0263 6932 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:02:33.0266 6932 dc3d - ok
13:02:33.0319 6932 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:02:33.0336 6932 DcomLaunch - ok
13:02:33.0383 6932 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:02:33.0390 6932 defragsvc - ok
13:02:33.0418 6932 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:02:33.0421 6932 DfsC - ok
13:02:33.0464 6932 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
13:02:33.0472 6932 Dhcp - ok
13:02:33.0495 6932 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:02:33.0496 6932 discache - ok
13:02:33.0525 6932 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:02:33.0528 6932 Disk - ok
13:02:33.0584 6932 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:02:33.0589 6932 Dnscache - ok
13:02:33.0636 6932 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
13:02:33.0644 6932 dot3svc - ok
13:02:33.0722 6932 [ 8CBE9EB5088E36DB88013D9D5858B87F ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
13:02:33.0736 6932 DpHost - ok
13:02:33.0755 6932 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
13:02:33.0760 6932 DPS - ok
13:02:33.0778 6932 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:02:33.0781 6932 drmkaud - ok
13:02:33.0817 6932 [ A298AEA9FCA253E7EFF040A08C7C6376 ] DVMIO C:\Windows\system32\DRIVERS\dvmio.sys
13:02:33.0821 6932 DVMIO - ok
13:02:33.0911 6932 [ 5EB46032ECA199F4721EB1915B5383C8 ] DvmMDES C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
13:02:33.0919 6932 DvmMDES - ok
13:02:33.0993 6932 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:02:34.0028 6932 DXGKrnl - ok
13:02:34.0061 6932 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:02:34.0066 6932 EapHost - ok
13:02:34.0160 6932 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:02:34.0217 6932 ebdrv - ok
13:02:34.0286 6932 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:02:34.0298 6932 eeCtrl - ok
13:02:34.0333 6932 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
13:02:34.0337 6932 EFS - ok
13:02:34.0422 6932 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:02:34.0450 6932 ehRecvr - ok
13:02:34.0495 6932 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:02:34.0500 6932 ehSched - ok
13:02:34.0540 6932 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:02:34.0560 6932 elxstor - ok
13:02:34.0614 6932 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:02:34.0619 6932 EraserUtilRebootDrv - ok
13:02:34.0644 6932 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
13:02:34.0647 6932 ErrDev - ok
13:02:34.0717 6932 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
13:02:34.0719 6932 esgiguard - ok
13:02:34.0761 6932 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:02:34.0770 6932 EventSystem - ok
13:02:34.0796 6932 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:02:34.0800 6932 exfat - ok
13:02:34.0834 6932 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:02:34.0838 6932 fastfat - ok
13:02:34.0874 6932 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
13:02:34.0886 6932 Fax - ok
13:02:34.0926 6932 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:02:34.0929 6932 fdc - ok
13:02:34.0952 6932 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:02:34.0954 6932 fdPHost - ok
13:02:34.0968 6932 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:02:34.0970 6932 FDResPub - ok
13:02:34.0989 6932 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:02:34.0991 6932 FileInfo - ok
13:02:35.0008 6932 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:02:35.0010 6932 Filetrace - ok
13:02:35.0030 6932 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:02:35.0032 6932 flpydisk - ok
13:02:35.0056 6932 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:02:35.0061 6932 FltMgr - ok
13:02:35.0203 6932 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
13:02:35.0229 6932 FontCache - ok
13:02:35.0287 6932 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:02:35.0290 6932 FontCache3.0.0.0 - ok
13:02:35.0301 6932 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:02:35.0304 6932 FsDepends - ok
13:02:35.0324 6932 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:02:35.0331 6932 Fs_Rec - ok
13:02:35.0373 6932 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:02:35.0378 6932 fvevol - ok
13:02:35.0403 6932 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:02:35.0407 6932 gagp30kx - ok
13:02:35.0446 6932 [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
13:02:35.0453 6932 GameConsoleService - ok
13:02:35.0494 6932 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
13:02:35.0524 6932 gpsvc - ok
13:02:35.0599 6932 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:02:35.0602 6932 gupdate - ok
13:02:35.0616 6932 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:02:35.0619 6932 gupdatem - ok
13:02:35.0649 6932 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:02:35.0652 6932 hcw85cir - ok
13:02:35.0686 6932 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:02:35.0695 6932 HdAudAddService - ok
13:02:35.0720 6932 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:02:35.0725 6932 HDAudBus - ok
13:02:35.0751 6932 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:02:35.0753 6932 HidBatt - ok
13:02:35.0774 6932 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:02:35.0779 6932 HidBth - ok
13:02:35.0794 6932 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:02:35.0798 6932 HidIr - ok
13:02:35.0813 6932 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:02:35.0816 6932 hidserv - ok
13:02:35.0851 6932 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:02:35.0854 6932 HidUsb - ok
13:02:35.0875 6932 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:02:35.0879 6932 hkmsvc - ok
13:02:35.0895 6932 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:02:35.0902 6932 HomeGroupListener - ok
13:02:35.0921 6932 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:02:35.0928 6932 HomeGroupProvider - ok
13:02:36.0034 6932 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:02:36.0037 6932 HP Support Assistant Service - ok
13:02:36.0087 6932 [ 9ABD12FCE4A62905731C286BB1D66789 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
13:02:36.0091 6932 HP Wireless Assistant Service - ok
13:02:36.0148 6932 [ C958976C7DAAF47084A33EBBC6E28B84 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:02:36.0151 6932 HPDrvMntSvc.exe - ok
13:02:36.0176 6932 [ 0193C30760032CC044EF47A1919F20DC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
13:02:36.0178 6932 hpdskflt - ok
13:02:36.0289 6932 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:02:36.0295 6932 hpqcxs08 - ok
13:02:36.0332 6932 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:02:36.0336 6932 hpqddsvc - ok
13:02:36.0393 6932 [ 09FBD4C4DB2FD84B9AB1C5BFDCC95559 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:02:36.0419 6932 hpqwmiex - ok
13:02:36.0511 6932 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
13:02:36.0516 6932 HpSAMD - ok
13:02:36.0557 6932 [ 2ADF33F93991C4E24E86FFA5F906417B ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:02:36.0594 6932 HPSLPSVC - ok
13:02:36.0636 6932 [ 65A2B4B003D733C6FAA16F22212BB86D ] hpsrv C:\Windows\system32\Hpservice.exe
13:02:36.0638 6932 hpsrv - ok
13:02:36.0669 6932 [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
13:02:36.0671 6932 HPWMISVC - ok
13:02:36.0720 6932 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:02:36.0746 6932 HTTP - ok
13:02:36.0771 6932 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:02:36.0771 6932 hwpolicy - ok
13:02:36.0787 6932 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:02:36.0791 6932 i8042prt - ok
13:02:36.0825 6932 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
13:02:36.0837 6932 iaStorV - ok
13:02:36.0898 6932 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:02:36.0924 6932 idsvc - ok
13:02:37.0046 6932 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20121016.001\IDSvia64.sys
13:02:37.0064 6932 IDSVia64 - ok
13:02:37.0204 6932 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:02:37.0328 6932 igfx - ok
13:02:37.0351 6932 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:02:37.0353 6932 iirsp - ok
13:02:37.0401 6932 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
13:02:37.0428 6932 IKEEXT - ok
13:02:37.0450 6932 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
13:02:37.0453 6932 intelide - ok
13:02:37.0487 6932 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:02:37.0491 6932 intelppm - ok
13:02:37.0518 6932 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:02:37.0522 6932 IPBusEnum - ok
13:02:37.0538 6932 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:02:37.0542 6932 IpFilterDriver - ok
13:02:37.0571 6932 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:02:37.0588 6932 iphlpsvc - ok
13:02:37.0609 6932 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:02:37.0613 6932 IPMIDRV - ok
13:02:37.0631 6932 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:02:37.0636 6932 IPNAT - ok
13:02:37.0650 6932 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:02:37.0653 6932 IRENUM - ok
13:02:37.0688 6932 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
13:02:37.0691 6932 isapnp - ok
13:02:37.0712 6932 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:02:37.0718 6932 iScsiPrt - ok
13:02:37.0734 6932 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:02:37.0737 6932 kbdclass - ok
13:02:37.0748 6932 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:02:37.0751 6932 kbdhid - ok
13:02:37.0767 6932 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
13:02:37.0769 6932 KeyIso - ok
13:02:37.0785 6932 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:02:37.0788 6932 KSecDD - ok
13:02:37.0824 6932 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:02:37.0828 6932 KSecPkg - ok
13:02:37.0841 6932 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:02:37.0844 6932 ksthunk - ok
13:02:37.0880 6932 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:02:37.0886 6932 KtmRm - ok
13:02:37.0928 6932 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:02:37.0936 6932 LanmanServer - ok
13:02:37.0973 6932 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:02:37.0980 6932 LanmanWorkstation - ok
13:02:38.0015 6932 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:02:38.0019 6932 lltdio - ok
13:02:38.0063 6932 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:02:38.0072 6932 lltdsvc - ok
13:02:38.0082 6932 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:02:38.0085 6932 lmhosts - ok
13:02:38.0132 6932 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:02:38.0135 6932 LSI_FC - ok
13:02:38.0155 6932 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:02:38.0158 6932 LSI_SAS - ok
13:02:38.0178 6932 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:02:38.0180 6932 LSI_SAS2 - ok
13:02:38.0196 6932 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:02:38.0199 6932 LSI_SCSI - ok
13:02:38.0225 6932 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:02:38.0227 6932 luafv - ok
13:02:38.0266 6932 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:02:38.0267 6932 MBAMProtector - ok
13:02:38.0338 6932 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:02:38.0348 6932 MBAMScheduler - ok
13:02:38.0382 6932 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:02:38.0408 6932 MBAMService - ok
13:02:38.0438 6932 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:02:38.0442 6932 Mcx2Svc - ok
13:02:38.0474 6932 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:02:38.0477 6932 megasas - ok
13:02:38.0512 6932 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:02:38.0521 6932 MegaSR - ok
13:02:38.0536 6932 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:02:38.0541 6932 MMCSS - ok
13:02:38.0561 6932 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:02:38.0564 6932 Modem - ok
13:02:38.0585 6932 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:02:38.0588 6932 monitor - ok
13:02:38.0606 6932 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:02:38.0610 6932 mouclass - ok
13:02:38.0633 6932 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:02:38.0636 6932 mouhid - ok
13:02:38.0650 6932 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:02:38.0653 6932 mountmgr - ok
13:02:38.0671 6932 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
13:02:38.0676 6932 mpio - ok
13:02:38.0694 6932 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:02:38.0698 6932 mpsdrv - ok
13:02:38.0737 6932 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:02:38.0758 6932 MpsSvc - ok
13:02:38.0786 6932 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:02:38.0789 6932 MRxDAV - ok
13:02:38.0817 6932 [ B7F3D2C40BDF8FFB73EBFB19C77734E2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:02:38.0820 6932 mrxsmb - ok
13:02:38.0839 6932 [ 86C6F88B5168CE21CF8D69D0B3FF5D19 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:02:38.0844 6932 mrxsmb10 - ok
13:02:38.0873 6932 [ B081069251C8E9F42CB8769D07148F9C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:02:38.0876 6932 mrxsmb20 - ok
13:02:38.0886 6932 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
13:02:38.0887 6932 msahci - ok
13:02:38.0928 6932 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
13:02:38.0934 6932 msdsm - ok
13:02:38.0963 6932 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:02:38.0970 6932 MSDTC - ok
13:02:38.0995 6932 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:02:38.0996 6932 Msfs - ok
13:02:39.0016 6932 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:02:39.0019 6932 mshidkmdf - ok
13:02:39.0048 6932 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
13:02:39.0050 6932 msisadrv - ok
13:02:39.0090 6932 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:02:39.0097 6932 MSiSCSI - ok
13:02:39.0104 6932 msiserver - ok
13:02:39.0123 6932 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:02:39.0125 6932 MSKSSRV - ok
13:02:39.0136 6932 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:02:39.0138 6932 MSPCLOCK - ok
13:02:39.0165 6932 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:02:39.0168 6932 MSPQM - ok
13:02:39.0194 6932 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:02:39.0202 6932 MsRPC - ok
13:02:39.0229 6932 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:02:39.0232 6932 mssmbios - ok
13:02:39.0252 6932 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:02:39.0255 6932 MSTEE - ok
13:02:39.0273 6932 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:02:39.0276 6932 MTConfig - ok
13:02:39.0293 6932 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:02:39.0295 6932 Mup - ok
13:02:39.0414 6932 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
13:02:39.0419 6932 N360 - ok
13:02:39.0456 6932 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
13:02:39.0474 6932 napagent - ok
13:02:39.0517 6932 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:02:39.0526 6932 NativeWifiP - ok
13:02:39.0637 6932 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20121016.021\ENG64.SYS
13:02:39.0643 6932 NAVENG - ok
13:02:39.0720 6932 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20121016.021\EX64.SYS
13:02:39.0776 6932 NAVEX15 - ok
13:02:39.0809 6932 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:02:39.0835 6932 NDIS - ok
13:02:39.0863 6932 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:02:39.0864 6932 NdisCap - ok
13:02:39.0881 6932 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:02:39.0883 6932 NdisTapi - ok
13:02:39.0895 6932 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:02:39.0898 6932 Ndisuio - ok
13:02:39.0914 6932 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:02:39.0917 6932 NdisWan - ok
13:02:39.0928 6932 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:02:39.0930 6932 NDProxy - ok
13:02:39.0970 6932 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:02:39.0972 6932 Net Driver HPZ12 - ok
13:02:39.0984 6932 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:02:39.0986 6932 NetBIOS - ok
13:02:40.0010 6932 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:02:40.0016 6932 NetBT - ok
13:02:40.0023 6932 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
13:02:40.0026 6932 Netlogon - ok
13:02:40.0068 6932 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:02:40.0078 6932 Netman - ok
13:02:40.0105 6932 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:02:40.0114 6932 netprofm - ok
13:02:40.0145 6932 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:02:40.0148 6932 NetTcpPortSharing - ok
13:02:40.0303 6932 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
13:02:40.0437 6932 netw5v64 - ok
13:02:40.0466 6932 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:02:40.0470 6932 nfrd960 - ok
13:02:40.0492 6932 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:02:40.0500 6932 NlaSvc - ok
13:02:40.0511 6932 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:02:40.0512 6932 Npfs - ok
13:02:40.0523 6932 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:02:40.0525 6932 nsi - ok
13:02:40.0532 6932 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:02:40.0532 6932 nsiproxy - ok
13:02:40.0577 6932 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:02:40.0612 6932 Ntfs - ok
13:02:40.0633 6932 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:02:40.0635 6932 Null - ok
13:02:40.0685 6932 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
13:02:40.0689 6932 nvraid - ok
13:02:40.0720 6932 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
13:02:40.0723 6932 nvstor - ok
13:02:40.0750 6932 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
13:02:40.0753 6932 nv_agp - ok
13:02:40.0780 6932 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:02:40.0783 6932 ohci1394 - ok
13:02:40.0833 6932 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:02:40.0838 6932 ose - ok
13:02:40.0862 6932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:02:40.0872 6932 p2pimsvc - ok
13:02:40.0896 6932 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:02:40.0912 6932 p2psvc - ok
13:02:40.0936 6932 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:02:40.0947 6932 Parport - ok
13:02:40.0989 6932 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:02:40.0992 6932 partmgr - ok
13:02:41.0023 6932 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:02:41.0031 6932 PcaSvc - ok
13:02:41.0060 6932 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
13:02:41.0065 6932 pci - ok
13:02:41.0093 6932 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
13:02:41.0096 6932 pciide - ok
13:02:41.0126 6932 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:02:41.0132 6932 pcmcia - ok
13:02:41.0154 6932 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:02:41.0156 6932 pcw - ok
13:02:41.0190 6932 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:02:41.0217 6932 PEAUTH - ok
13:02:41.0321 6932 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:02:41.0326 6932 PerfHost - ok
13:02:41.0390 6932 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
13:02:41.0435 6932 pla - ok
13:02:41.0529 6932 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:02:41.0550 6932 PlugPlay - ok
13:02:41.0630 6932 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:02:41.0634 6932 Pml Driver HPZ12 - ok
13:02:41.0652 6932 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:02:41.0657 6932 PNRPAutoReg - ok
13:02:41.0679 6932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:02:41.0687 6932 PNRPsvc - ok
13:02:41.0732 6932 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
13:02:41.0736 6932 Point64 - ok
13:02:41.0773 6932 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:02:41.0789 6932 PolicyAgent - ok
13:02:41.0817 6932 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:02:41.0824 6932 Power - ok
13:02:41.0841 6932 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:02:41.0846 6932 PptpMiniport - ok
13:02:41.0875 6932 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:02:41.0879 6932 Processor - ok
13:02:41.0905 6932 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
13:02:41.0912 6932 ProfSvc - ok
13:02:41.0925 6932 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
13:02:41.0928 6932 ProtectedStorage - ok
13:02:41.0960 6932 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:02:41.0962 6932 Psched - ok
13:02:42.0018 6932 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:02:42.0054 6932 ql2300 - ok
13:02:42.0090 6932 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:02:42.0093 6932 ql40xx - ok
13:02:42.0126 6932 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:02:42.0133 6932 QWAVE - ok
13:02:42.0147 6932 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:02:42.0148 6932 QWAVEdrv - ok
13:02:42.0168 6932 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:02:42.0171 6932 RasAcd - ok
13:02:42.0190 6932 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:02:42.0193 6932 RasAgileVpn - ok
13:02:42.0209 6932 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:02:42.0214 6932 RasAuto - ok
13:02:42.0230 6932 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:02:42.0233 6932 Rasl2tp - ok
13:02:42.0250 6932 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
13:02:42.0259 6932 RasMan - ok
13:02:42.0281 6932 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:02:42.0284 6932 RasPppoe - ok
13:02:42.0302 6932 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:02:42.0305 6932 RasSstp - ok
13:02:42.0329 6932 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:02:42.0333 6932 rdbss - ok
13:02:42.0352 6932 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:02:42.0354 6932 rdpbus - ok
13:02:42.0365 6932 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:02:42.0366 6932 RDPCDD - ok
13:02:42.0386 6932 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:02:42.0387 6932 RDPENCDD - ok
13:02:42.0396 6932 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:02:42.0397 6932 RDPREFMP - ok
13:02:42.0418 6932 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:02:42.0422 6932 RDPWD - ok
13:02:42.0435 6932 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:02:42.0439 6932 rdyboost - ok
13:02:42.0491 6932 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:02:42.0495 6932 RemoteAccess - ok
13:02:42.0515 6932 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:02:42.0523 6932 RemoteRegistry - ok
13:02:42.0543 6932 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:02:42.0548 6932 RpcEptMapper - ok
13:02:42.0578 6932 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:02:42.0582 6932 RpcLocator - ok
13:02:42.0611 6932 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
13:02:42.0622 6932 RpcSs - ok
13:02:42.0642 6932 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:02:42.0647 6932 rspndr - ok
13:02:42.0695 6932 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
13:02:42.0703 6932 RSUSBSTOR - ok
13:02:42.0734 6932 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:02:42.0742 6932 RTL8167 - ok
13:02:42.0758 6932 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
13:02:42.0761 6932 SamSs - ok
13:02:42.0833 6932 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:02:42.0835 6932 SASDIFSV - ok
13:02:42.0857 6932 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:02:42.0859 6932 SASKUTIL - ok
13:02:42.0888 6932 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
13:02:42.0893 6932 sbp2port - ok
13:02:42.0913 6932 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:02:42.0921 6932 SCardSvr - ok
13:02:42.0939 6932 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:02:42.0942 6932 scfilter - ok
13:02:43.0005 6932 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
13:02:43.0031 6932 Schedule - ok
13:02:43.0078 6932 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:02:43.0080 6932 SCPolicySvc - ok
13:02:43.0134 6932 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:02:43.0138 6932 sdbus - ok
13:02:43.0160 6932 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:02:43.0167 6932 SDRSVC - ok
13:02:43.0234 6932 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:02:43.0241 6932 SeaPort - ok
13:02:43.0259 6932 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:02:43.0262 6932 secdrv - ok
13:02:43.0281 6932 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
13:02:43.0285 6932 seclogon - ok
13:02:43.0296 6932 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:02:43.0301 6932 SENS - ok
13:02:43.0322 6932 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:02:43.0327 6932 SensrSvc - ok
13:02:43.0343 6932 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:02:43.0346 6932 Serenum - ok
13:02:43.0362 6932 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:02:43.0366 6932 Serial - ok
13:02:43.0381 6932 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:02:43.0385 6932 sermouse - ok
13:02:43.0418 6932 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
13:02:43.0424 6932 SessionEnv - ok
13:02:43.0457 6932 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:02:43.0460 6932 sffdisk - ok
13:02:43.0477 6932 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:02:43.0480 6932 sffp_mmc - ok
13:02:43.0501 6932 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:02:43.0504 6932 sffp_sd - ok
13:02:43.0525 6932 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:02:43.0528 6932 sfloppy - ok
13:02:43.0593 6932 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:02:43.0603 6932 SharedAccess - ok
13:02:43.0628 6932 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:02:43.0639 6932 ShellHWDetection - ok
13:02:43.0660 6932 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:02:43.0664 6932 SiSRaid2 - ok
13:02:43.0693 6932 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:02:43.0697 6932 SiSRaid4 - ok
13:02:43.0711 6932 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:02:43.0714 6932 Smb - ok
13:02:43.0735 6932 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:02:43.0740 6932 SNMPTRAP - ok
13:02:43.0750 6932 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:02:43.0751 6932 spldr - ok
13:02:43.0800 6932 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
13:02:43.0826 6932 Spooler - ok
13:02:43.0927 6932 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
13:02:44.0012 6932 sppsvc - ok
13:02:44.0033 6932 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:02:44.0037 6932 sppuinotify - ok
13:02:44.0098 6932 [ 2ED464C8CBC399E69FBF776A8EBC3302 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
13:02:44.0134 6932 SpyHunter 4 Service - ok
13:02:44.0247 6932 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
13:02:44.0273 6932 SRTSP - ok
13:02:44.0302 6932 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
13:02:44.0306 6932 SRTSPX - ok
13:02:44.0350 6932 [ 148D50904D2A0DF29A19778715EB35BB ] srv C:\Windows\system32\DRIVERS\srv.sys
13:02:44.0361 6932 srv - ok
13:02:44.0413 6932 [ CE2189FE31D36678AC9EB7DDEE08EC96 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:02:44.0422 6932 srv2 - ok
13:02:44.0453 6932 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:02:44.0461 6932 SrvHsfHDA - ok
13:02:44.0519 6932 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:02:44.0554 6932 SrvHsfV92 - ok
13:02:44.0583 6932 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:02:44.0597 6932 SrvHsfWinac - ok
13:02:44.0624 6932 [ CB69EDEB069A49577592835659CD0E46 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:

Title: Re: Sh4ldr removal help windows 7
Post by: Dr Jay on October 17, 2012, 11:36:07 AM

Will wait for the other information...

Title: Re: Sh4ldr removal help windows 7
Post by: Randerson123 on October 17, 2012, 12:20:28 PM

Drat! I posted them both then didn't reread to make sure it was all accepted. The killer one was too long last time as well. I'll add them both as attachments this time. Thanks for your patience!

[year+ old attachment deleted by admin]

Title: Re: Sh4ldr removal help windows 7
Post by: Dr Jay on October 17, 2012, 01:41:45 PM

ESET Online Scan

Please run a free online scan with the ESET Online Scanner (http://www.eset.com/onlinescan/)

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
Click Start or wait for the scanner to load.
Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, there are a couple of things to keep in mind:
1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
Open the logfile from wherever you saved it
Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

Title: Re: Sh4ldr removal help windows 7
Post by: Randerson123 on October 17, 2012, 04:15:16 PM

Yay! No threats found! And, so far, i'm not being redirected anywhere. Now can i safely uninstall Spyhunter?

Title: Re: Sh4ldr removal help windows 7
Post by: Randerson123 on October 17, 2012, 04:21:08 PM

DMJ:

Follow up questions. How do I safely remove the malicious SpyHunter 4 program I got tricked into downloading to fix the original sh4ldr virus? I've read that 'Enigma' created both the virus and then the fake fix program. I've heard uninstalling normally can cause it to erase my BIOS?

Also, the sh4ldr folder is still in my C: as well as it's accompaning temp file. I know I need to safely remove them from my computer as well. Lastly, are there registry files that will need to be cleaned?

Thanks again!!!!

From TDSSKiller report:

13:02:44.0098 6932 [ 2ED464C8CBC399E69FBF776A8EBC3302 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
13:02:44.0134 6932 SpyHunter 4 Service - ok

In Combo Fix posted report:

2012-10-14 11:02 . 2012-10-14 11:02 -------- d-----w- C:\sh4ldr
2012-10-14 11:02 . 2012-10-14 11:02 -------- d-----w- c:\program files\Enigma Software Group

Title: Re: Sh4ldr removal help windows 7
Post by: Dr Jay on October 18, 2012, 09:37:33 AM

Enigma Software Group is legitimate software company that have a lot of hating people. It's their fault they ruined their own reputation, but it's not a big deal. I think you can uninstall it via the Control Panel and be in good hands.

Here is a VirusTotal scan of that file that was running in the processes list from SpyHunter: https://www.virustotal.com/file/4a0df1d6220c3d93d0502a576b758705f554af3ae32f65ca5d0208336afa43b4/analysis/

This is a SpyHunter folder: sh4ldr, literally "SpyHunter Folder".

However, your computer was infected by a serious rootkit, which had nothing to do with SpyHunter, Enigma Software Group, or the like.

We will finish up now to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe (http://oldtimer.geekstogo.com/OTC.exe) by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim (http://www.ccleaner.com/download/builds/downloading-slim) and save it to your Desktop - Alternate download link (http://www.majorgeeks.com/CCleaner_Slim_No_Toolbar_d4191.html)

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or Changelog.fr (http://screen317.changelog.fr/SecurityCheck.exe).

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.