# Slow internet with searches being redirected!



## Nymfor (Sep 20, 2012)

For about 2 weeks now my computer has been running slower and when I search on google it almost always redirects me else where. My internet also seems to run slower on my main computer but on my laptop which uses the same net signal it has no problems with the net speed. I have also tried to install the Windows 7 SP1 but I always get this error 0x80004005

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4095 Mb
Graphics Card: ATI Radeon HD 4300/4500 Series, 512 Mb
Hard Drives: C: Total - 699928 MB, Free - 596728 MB;
Motherboard: eMachines, EMCP73VT-PM
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:40:50 PM, on 9/20/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Megan\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program Files (x86)/Mystery P.I. - Stolen in San Francisco/Images/stg_drm.ocx
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program Files (x86)/Mystery P.I. - Stolen in San Francisco/Images/armhelper.ocx
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://merlin.telus.net/wizlet/Merlin11/static/controls/TELUSHighSpeedInstallWizard_Combined.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
O18 - Protocol: intu-tt2010 - {97A0575E-2309-4E75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8139 bytes

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by Megan at 18:41:59 on 2012-09-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2820 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\REGSVR32.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program Files (x86)/Mystery P.I. - Stolen in San Francisco/Images/stg_drm.ocx
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program Files (x86)/Mystery P.I. - Stolen in San Francisco/Images/armhelper.ocx
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://merlin.telus.net/wizlet/Merlin11/static/controls/TELUSHighSpeedInstallWizard_Combined.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0DA3F6CC-AF3E-40C9-AB15-B76D22492F57} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{87068506-9FA7-4C9D-AECB-CC56ACEF540F} : DhcpNameServer = 192.168.2.1
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\windows\system32\drivers\SMR311.SYS --> C:\windows\system32\drivers\SMR311.SYS [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120]
R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120919.001\IDSviA64.sys [2012-9-19 513184]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [?]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe [2012-9-17 138272]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-18 138912]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-18 250056]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\windows\system32\DRIVERS\btblan.sys --> C:\windows\system32\DRIVERS\btblan.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-17 676936]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-4-8 517632]
S4 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-14 240160]
.
=============== Created Last 30 ================
.
2012-09-21 00:25:44 95392 ----a-w- C:\windows\System32\drivers\SMR311.SYS
2012-09-21 00:17:35 -------- d-----w- C:\Users\Megan\AppData\Local\NPE
2012-09-20 22:31:50 -------- d-----w- C:\windows\System32\SPReview
2012-09-20 20:37:25 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-20 17:31:59 98816 ----a-w- C:\windows\sed.exe
2012-09-20 17:31:59 518144 ----a-w- C:\windows\SWREG.exe
2012-09-20 17:31:59 256000 ----a-w- C:\windows\PEV.exe
2012-09-20 17:31:59 208896 ----a-w- C:\windows\MBR.exe
2012-09-19 01:27:44 -------- d-----w- C:\N360_BACKUP
2012-09-19 01:12:53 -------- d-----w- C:\Users\Megan\AppData\Roaming\PC Utility Kit
2012-09-19 01:12:53 -------- d-----w- C:\Users\Megan\AppData\Roaming\DriverCure
2012-09-19 01:12:35 -------- d-----w- C:\ProgramData\PC Utility Kit
2012-09-18 22:40:17 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-18 05:06:18 -------- d-----w- C:\Intel
2012-09-18 05:00:05 -------- d-----w- C:\Users\Megan\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 04:59:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-18 04:33:19 737952 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys
2012-09-18 04:33:19 451192 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\symds64.sys
2012-09-18 04:33:19 405624 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\symnets.sys
2012-09-18 04:33:19 37536 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys
2012-09-18 04:33:19 190072 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\ironx64.sys
2012-09-18 04:33:19 167072 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys
2012-09-18 04:33:19 1129120 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\symefa64.sys
2012-09-18 04:33:11 -------- d-----w- C:\windows\System32\drivers\N360x64\0603000.00E
2012-09-18 00:08:07 -------- d-----w- C:\Users\Megan\AppData\Local\LogMeIn Rescue Applet
2012-09-17 23:42:09 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-09-17 23:42:08 -------- d-----w- C:\Program Files\Symantec
2012-09-17 23:42:08 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-09-17 23:41:03 -------- d-----w- C:\windows\System32\drivers\N360x64
2012-09-17 23:41:01 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-09-17 23:40:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-09-16 14:30:59 -------- d-----w- C:\Symbols
2012-09-16 13:46:32 14336 ----a-w- C:\windows\System32\drivers\sffp_sd.sys
2012-09-16 01:54:58 -------- d-----w- C:\Users\Megan\AppData\Local\Diagnostics
2012-09-15 20:09:30 -------- d-----w- C:\windows\CheckSur
2012-09-15 14:33:09 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-09-15 14:18:59 -------- d-----w- C:\windows\SysWow64\N360_BACKUP
2012-09-15 00:36:45 -------- d-----w- C:\windows\System32\EventProviders
2012-09-13 19:34:42 -------- d-----w- C:\Users\Megan\AppData\Roaming\PC Cleaners
2012-09-13 19:34:33 4571448 ----a-w- C:\windows\uninst.exe
2012-09-13 19:34:32 -------- d-----w- C:\Users\Megan\AppData\Roaming\PCPro
2012-09-13 19:34:32 -------- d-----w- C:\ProgramData\PC1Data
2012-09-13 03:11:29 -------- d-----w- C:\Users\Megan\AppData\Roaming\AVG
2012-09-13 03:10:49 -------- d-----w- C:\ProgramData\AVG
2012-09-13 03:10:34 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-12 22:40:01 -------- d-----w- C:\Users\Megan\AppData\Roaming\AVG2013
2012-09-12 22:39:16 -------- d-----w- C:\Users\Megan\AppData\Roaming\TuneUp Software
2012-09-12 22:37:34 -------- d-----w- C:\ProgramData\AVG2013
2012-09-12 22:22:42 -------- d--h--w- C:\ProgramData\Common Files
2012-09-12 22:22:42 -------- d-----w- C:\Users\Megan\AppData\Local\MFAData
2012-09-12 22:22:42 -------- d-----w- C:\Users\Megan\AppData\Local\Avg2013
2012-09-12 22:22:42 -------- d-----w- C:\ProgramData\MFAData
2012-09-12 13:07:47 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-12 13:07:47 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-08-28 21:05:44 -------- d-----w- C:\ProgramData\Battle.net
.
==================== Find3M ====================
.
2012-09-20 22:59:59 152064 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-09-20 22:59:58 175104 ----a-w- C:\windows\System32\msclmd.dll
2012-09-19 00:30:08 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 18:02:22 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-07-18 17:31:12 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-07-04 22:01:38 58880 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:01:38 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:23:55 41472 ----a-w- C:\windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 18:49:59.64 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 3/30/2010 4:57:01 PM
System Uptime: 9/20/2012 6:24:48 PM (0 hours ago)
.
Motherboard: eMachines | | EMCP73VT-PM
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2603/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 582.741 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&EABE7E6&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&EABE7E6&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP41: 9/18/2012 4:44:28 PM - Windows 7 Service Pack 1
RP42: 9/20/2012 11:32:37 AM - ComboFix created restore point
RP43: 9/20/2012 4:29:00 PM - Windows Update
RP44: 9/20/2012 5:57:29 PM - Installed HiJackThis
RP45: 9/20/2012 6:06:59 PM - Removed HiJackThis
RP46: 9/20/2012 6:22:54 PM - Norton_Power_Eraser_20120920182250877
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2 MUI
Apple Application Support
Apple Software Update
Bing Desktop
Castle Link
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Compatibility Pack for the 2007 Office system
Conduit Engine
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
ffdshow [rev 2527] [2008-12-19]
Google Talk Plugin
Identity Card
ImagXpress
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
League of Legends
LeapFrog Connect
LeapFrog Leapster Explorer Plugin
LeapFrog Leapster2 Plugin
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Debugging Symbols
Microsoft Works
Moraff's Maximum MahJongg 1.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Network Play System (Patching)
Norton 360
QuickTime
Realtek High Definition Audio Driver
RPS CRT
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Skins
TurboTax 2010
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Welcome Center
WildTangent Games
WildTangent Games App
WildTangent Games App (eMachines Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
9/20/2012 5:25:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004005: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
9/20/2012 12:14:31 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
9/20/2012 12:12:56 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/20/2012 12:09:16 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/20/2012 11:36:24 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
9/18/2012 5:22:20 PM, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/17/2012 5:32:50 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
9/17/2012 5:32:50 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
9/17/2012 10:50:46 PM, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0a12.
9/16/2012 12:37:14 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
9/16/2012 10:38:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8e5e01fe: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
9/16/2012 10:11:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
9/16/2012 10:11:14 AM, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x80070bc9.
9/15/2012 9:12:20 PM, Error: Service Control Manager [7038] - The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/15/2012 9:12:20 PM, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/15/2012 9:12:20 PM, Error: Service Control Manager [7038] - The FontCache service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/15/2012 9:12:20 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure.
9/15/2012 9:12:20 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not start due to a logon failure.
9/15/2012 9:12:20 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.
9/15/2012 8:16:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
9/15/2012 6:15:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
9/15/2012 6:15:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Office File Validation 2010 (KB2553065), 32-bit Edition.
9/15/2012 5:55:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070308: Update for Windows 7 for x64-based Systems (KB976422).
9/15/2012 1:05:28 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
9/15/2012 1:05:28 PM, Error: atikmdag [43029] - Display is not active
9/14/2012 3:17:56 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================

Please I would really love to fix this as I can't afford a new computer and I can't afford to take it into a shop. Thanks in advance and I hope you guys can help.


----------



## Nymfor (Sep 20, 2012)

Could I get this bumed please  I don't know what else to do and I really cant afford a new computer or to bring it in to a shop. Please, please could I get some help with this.

Thanks


----------



## Nymfor (Sep 20, 2012)

Is there anyone who may be able to help fix this, I really would like this issue to get fixed. please, please


----------



## Mark1956 (May 7, 2011)

Hi, my name is Mark and I will be helping you.

*IMPORTANT*:* Please take the time to read this first.*
For the *benefit of others* that are waiting for help please try to respond *as fast as you can *and make sure you *read all of the instructions* I will be giving you to follow. Time spent waiting for replies or having to repeat questions keeps *other people waiting in the queue* for help.

I am in Spain at GMT+1 hour, I check my emails several times a day so will usually reply to your responses within a few hours or less unless it is night time here. During the evening here I will usually reply within minutes. Please *try to do the same* for a swift clean up. Some Malware needs to be dealt with quickly or it will multiply and become deeply embedded in your system and *more difficult to find and remove*, so quick replies will have *more than one benefit.*

Keep in mind that *I cannot see your PC*, so please give as much detail as possible if something goes wrong or you receive any error messages.

Malware can be unpredictable and often time consuming to remove, on rare occasions something can go awry and your system may need to have Windows re-installed. Please make sure before we start that you have *copies of all your important data* saved to an external hard drive or CD/DVD's. Please make sure you *disconnect any external hard drives and/or Flash drives* during the clean up.

If you have run *any scans that found an infection* please let me know.

*DO NOT* run any scans or make any changes that I have not asked you to do as this can cause misleading results and make my job much harder in trying to help you. Please also uninstall *any file sharing software* i.e. uTorrent, BitTorrent, etc, if you insist on keeping it *do not use it* until we are finished. Use of file sharing software is one of the easiest ways to get your PC infected.

If I get *no reply from you for three days* I will mark the thread as Solved and move on to helping someone else. If you know you will be unable to reply for any length of time please let me know in advance.

Please* don't abandon the thread* as soon as your PC starts to work normally again as there will be other* important checks* to make to help protect your system from re-infection. It is also important to follow the correct procedure when removing the tools used to ensure *all quarantined infections are completely removed and infected Restore Points are safely deleted.*

Stick with me and we can quickly clean up your PC, if you *cannot dedicate the time* then a Reformat and Re-install will be your quickest option.

_________________________________________________________________

You appear to have installed AVG2013. If you have uninstalled it then please run this tool to clean up the remnants: AVG Removal tool

If you have not uninstalled it then please do so and then run the Removal tool from the above link. You need to select the tool version for AVG2013 64bit.

Please also uninstall all Java components.

Next run these scans in the order listed and post the logs:

*SCAN 1*
Click on this link to download : ADWCleaner and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.
Close your browser and click on this icon on your desktop:









You will then see the screen below, click on the *Delete* button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.










*SCAN 2*
Please download* GooredFix* from one of the locations below and *save it to your Desktop*
*Download Mirror #1*

*Download Mirror #2*

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select *Run As Administrator* (Vista & Win 7).
When prompted to run the scan, click *Yes*.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply 
(it can also be found on your desktop, called GooredFix.txt).
*SCAN 3*

Please run Malwarebytes and post the log as follows:

Open Malwarebytes and allow it to update with the latest definitions, then run a Quick Scan.
When finished, a message box will say "_The scan completed successfully. Click *Show Results* to display all objects found_".
Click *OK* to close the message box, then click the *Show Results* button to see a list of any malware that was found.
Make sure that *everything is checked* and then click *Remove Selected*.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the *Logs* tab .
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes when done.
_If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. *Failure to reboot normally* will prevent Malwarebytes from removing all the malware._

*SCAN 4*
Download RogueKiller (by tigzy) and save direct to your Desktop.

On the web page click on this:









Quit all running programs
Start RogueKiller.exe
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*










*NOTE:* When these scans have completed run the PC for a while and report back on it's performance and if the problem has changed. We will deal with the update problem once we know the PC is clear of any infections.


----------



## Nymfor (Sep 20, 2012)

Here is the ADW Cleaner report, and thanks for helping )

# AdwCleaner v2.002 - Logfile created 09/23/2012 at 07:08:41
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Megan - MEGANANDTREVOR
# Boot Mode : Normal
# Running from : C:\Users\Megan\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\PageRage
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Megan\AppData\Local\Conduit
Folder Deleted : C:\Users\Megan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Megan\AppData\LocalLow\PageRage
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PageRage
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\PageRage
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A7E199F-35A7-4759-AFE8-E19D02B32D59}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9104AB5C-B780-401C-BA54-4857EE8E2EF5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9565115D-C7D6-46D3-BD63-B67B481A4368}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9565115D-C7D6-46D3-BD63-B67B481A4368}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [5097 octets] - [23/09/2012 07:08:41]
########## EOF - C:\AdwCleaner[S1].txt - [5157 octets] ##########


----------



## Nymfor (Sep 20, 2012)

GooredFix by jpshortstuff (03.07.10.1)
Log created at 07:14 on 23/09/2012 (Megan)
Firefox version [Unable to determine]
========== GooredScan ==========
Removing Orphan:
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\" -> Success!
========== GooredLog ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\
(none)
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\" [23:42 17/09/2012]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\" [13:11 23/09/2012]
-=E.O.F=-


----------



## Nymfor (Sep 20, 2012)

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.20.07
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Megan :: MEGANANDTREVOR [administrator]
9/23/2012 7:16:19 AM
mbam-log-2012-09-23 (07-16-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220114
Time elapsed: 4 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## Nymfor (Sep 20, 2012)

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Megan [Admin rights]
Mode : Scan -- Date : 09/23/2012 07:29:12
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 9 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4669 : wscript.exe -> FOUND
[TASK][ROGUE ST] 4781 : wscript.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++
--- User ---
[MBR] 82526e4a8b51a12dd257c8ab32455040
[BSP] 496fff889250efa3b6cace997732a2d0 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 699928 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## Nymfor (Sep 20, 2012)

Hi, I am still noticing my computer running slower with the internet and not loading various pages all the way, also still getting search redirects.


----------



## Mark1956 (May 7, 2011)

Please confirm what you did with AVG and that you uninstalled Java.

Please run RogueKiller again, when the Pre-scan has completed hit the Scan button. When that completes hit the Delete button, click on Report when it has finished and post the log.

Then check how well the internet is running and if the problem is still there.


----------



## Nymfor (Sep 20, 2012)

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Megan [Admin rights]
Mode : Remove -- Date : 09/23/2012 09:17:49
¤¤¤ Bad processes : 1 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4669 : wscript.exe -> DELETED
[TASK][ROGUE ST] 4781 : wscript.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files (x86)\Internet Explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++
--- User ---
[MBR] 82526e4a8b51a12dd257c8ab32455040
[BSP] 496fff889250efa3b6cace997732a2d0 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 699928 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive1: Generic Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive2: Generic SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: Generic microSD USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: Generic MS/MS-PRO USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

I used the link you provided to remove AVG and I unistalled java, im pretty sure this time. I will restart my computer and see how it goes and write back to you.


----------



## Nymfor (Sep 20, 2012)

The problem is still there. Web pages aren't being loaded all the way and getting redirected, also the web pages are very slow to load.


----------



## Mark1956 (May 7, 2011)

Is that just with Google or with Internet Explorer as well, try them both.


----------



## Nymfor (Sep 20, 2012)

It is with both, when I search things in google then click it redirects me to a different web page and when I tryo to go onto facebook or any other website it either loads very slow or only loads half way then stops.


----------



## Mark1956 (May 7, 2011)

My mistake, I should have looked before asking, looks like you are using Google as your search engine from within Internet Explorer.

Please follow the instructions here: How to run Firefox and Internet Explorer with no add-ons to start Internet Explorer without Add-ons and tell me if it cures the problem.


----------



## Nymfor (Sep 20, 2012)

It didn't seem to help, sorry.


----------



## Mark1956 (May 7, 2011)

Ok, please follow these instruction and post the log.

It is getting late here now so I will be back in the morning GMT +1.

Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option *DO NOT select delete* as you may remove files needed for the system to operate.
Please download Kaspersky's *TDSSKiller* and *save it to your Desktop. <-Important!*
_-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again._
_Be sure to print out and follow the instructions for performing a scan_.

Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
Alternatively, you can download TDSSKiller.exe and use that instead.
Double-click on *TDSSKiller.exe* to run the tool for known TDSS variants.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
If an update is available, TDSSKiller will prompt you to update and download the most current version. Click *Load Update*. Close TDSSKiller and start again.

When the program opens, click the *Change parameters.*









Under "Additional options", check the boxes next to *Verify file digital signatures* and *Detect TDLFS file system*, then click *OK*.









Click the *Start Scan* button.









Do not use the computer during the scan
If the scan completes with nothing found, click *Close* to exit.
If '*Suspicious objects*' are detected, the default action will be *Skip*. Leave the default set to Skip and click on *Continue*.
If *Malicious objects* are detected, they will show in the Scan results - Select action for found objects and offer three options.









Ensure *Cure* is selected...then click *Continue* -> *Reboot computer* *for cure completion.*









*Important! ->* If *Cure* *is not available*, please choose *Skip* instead. *Do not choose Delete unless instructed.* If you choose *Delete* you may *remove critical system files* and make your PC *unstable* or possibly *unbootable*.
A log file named *TDSSKiller_version_date_time_log.txt* will be created and saved to the root directory (usually Local Disk C: ).
Copy and paste the contents of that file in your next reply.
_-- If TDSSKiller does not run, try renaming it. To do this, right-click on *TDSSKiller.exe*, select *Rename* and give it a random name with the *.com* file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else *before* beginning the download and saving to the computer or to perform the scan in "safe mode"._


----------



## Nymfor (Sep 20, 2012)

I am trying to run the TDSSkiller but it wont run. When I click on run as admin it asks me to give permission to make changes to this computer I click on yes and nothing happens. I've tried clicking on no and still nothing opens to run. I did try the first one with un-zipping and that to didn't work.

ETA: Going to try to rename it.


----------



## Nymfor (Sep 20, 2012)

I have also tried renaming and attemoting to run it in safe mode with no results. I can't seem to get it to open to run the scan.


----------



## Mark1956 (May 7, 2011)

Try runing this tool:

Download *Yorkyt.exe* and save to your Desktop.
Double click the *Yorkyt.exe* to run it, Vista or Windows 7 user right click and "Run as Administrator"








Select Yes to restart at the prompt.








Let it restart again when prompted.








Be patient as the tool is working after the 2nd reboot.








Attach the Yorkyt.exe.log to your next message (it should be on your desktop)


----------



## Nymfor (Sep 20, 2012)

2012-09-24 07:15:22: ****************************************************
2012-09-24 07:15:22: Starting UP ... v 0.0.0.220
2012-09-24 07:15:22: ****************************************************
2012-09-24 07:15:25: Stop TPSRV returns: 2
2012-09-24 07:15:40: Listing processes...
2012-09-24 07:15:40: :[System Process]:0
2012-09-24 07:15:40: :System:4
2012-09-24 07:15:40: :smss.exe:296
2012-09-24 07:15:40: :csrss.exe:420
2012-09-24 07:15:40: :wininit.exe:500
2012-09-24 07:15:40: :csrss.exe:512
2012-09-24 07:15:40: :services.exe:548
2012-09-24 07:15:40: :lsass.exe:564
2012-09-24 07:15:40: :lsm.exe:572
2012-09-24 07:15:40: :winlogon.exe:612
2012-09-24 07:15:40: :svchost.exe:732
2012-09-24 07:15:40: :svchost.exe:812
2012-09-24 07:15:40: :svchost.exe:880
2012-09-24 07:15:40: :svchost.exe:948
2012-09-24 07:15:40: :svchost.exe:980
2012-09-24 07:15:40: :svchost.exe:332
2012-09-24 07:15:40: :svchost.exe:492
2012-09-24 07:15:40: :spoolsv.exe:1160
2012-09-24 07:15:40: :svchost.exe:1192
2012-09-24 07:15:40: :BingDesktopUpdater.exe:1332
2012-09-24 07:15:40: :taskhost.exe:1352
2012-09-24 07:15:40: :svchost.exe:1444
2012-09-24 07:15:40: :ccsvchst.exe:1520
2012-09-24 07:15:40: :dwm.exe:1548
2012-09-24 07:15:40: :explorer.exe:1608
2012-09-24 07:15:40: :svchost.exe:1684
2012-09-24 07:15:40: :WLIDSVC.EXE:1772
2012-09-24 07:15:40: :ccsvchst.exe:2004
2012-09-24 07:15:40: :WLIDSVCM.EXE:1052
2012-09-24 07:15:40: :sidebar.exe:2132
2012-09-24 07:15:40: :SearchIndexer.exe:2284
2012-09-24 07:15:40: :svchost.exe:2560
2012-09-24 07:15:40: :WUDFHost.exe:2644
2012-09-24 07:15:40: :wmpnetwk.exe:2956
2012-09-24 07:15:40: :wuauclt.exe:2820
2012-09-24 07:15:40: :audiodg.exe:3340
2012-09-24 07:15:40: :SearchProtocolHost.exe:204
2012-09-24 07:15:40: :SearchFilterHost.exe:3820
2012-09-24 07:15:40: :SearchProtocolHost.exe:2572
2012-09-24 07:15:40: :yorkyt.exe:3956
2012-09-24 07:15:40: :WmiPrvSE.exe:3468
2012-09-24 07:15:40: 
2012-09-24 07:15:40: Setting restore point
2012-09-24 07:15:57: RUN mode
2012-09-24 07:15:57: Determining autonomous or dropped mode...
2012-09-24 07:15:57: Autonomus mode
2012-09-24 07:15:57: ---------------------------------------------------------------------
2012-09-24 07:15:57: Found Service: AeLookupSvc
2012-09-24 07:15:57: Real Path: C:\windows\System32\aelupsvc.dll
2012-09-24 07:15:57: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-09-24 07:15:57: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-09-24 07:15:57: ServiceDLL: System32\aelupsvc.dll
2012-09-24 07:15:57: File size: 0
2012-09-24 07:15:57: DLL File name: aelupsvc.dll
2012-09-24 07:15:57: Original File Name: aelupsvc.dll.mui
2012-09-24 07:15:57: Company: 
2012-09-24 07:15:57: Mod/Cre/Acc time: 
2012-09-24 07:15:57: ---------------------------------------------------------------------
2012-09-24 07:15:57: Found Service: AppIDSvc
2012-09-24 07:15:57: Real Path: C:\windows\System32\appidsvc.dll
2012-09-24 07:15:57: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-09-24 07:15:57: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-09-24 07:15:57: ServiceDLL: System32\appidsvc.dll
2012-09-24 07:15:57: File size: 0
2012-09-24 07:15:57: DLL File name: appidsvc.dll
2012-09-24 07:15:57: Original File Name: appidsvc.dll.mui
2012-09-24 07:15:57: Company: 
2012-09-24 07:15:57: Mod/Cre/Acc time: 
2012-09-24 07:15:57: ---------------------------------------------------------------------
2012-09-24 07:15:57: Found Service: Appinfo
2012-09-24 07:15:57: Real Path: C:\windows\System32\appinfo.dll
2012-09-24 07:15:57: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-09-24 07:15:57: Description: @%systemroot%\system32\appinfo.dll,-101
2012-09-24 07:15:57: ServiceDLL: System32\appinfo.dll
2012-09-24 07:15:57: File size: 0
2012-09-24 07:15:57: DLL File name: appinfo.dll
2012-09-24 07:15:57: Original File Name: appinfo.dll.mui
2012-09-24 07:15:57: Company: 
2012-09-24 07:15:57: Mod/Cre/Acc time: 
2012-09-24 07:15:57: !!!!!!!
2012-09-24 07:15:57: Found Service: AppMgmt
2012-09-24 07:15:57: Real Path: C:\windows\System32\appmgmts.dll
2012-09-24 07:15:57: Display Name: 
2012-09-24 07:15:57: Description: 
2012-09-24 07:15:57: ServiceDLL: System32\appmgmts.dll
2012-09-24 07:15:57: File size: 0
2012-09-24 07:15:57: DLL File name: appmgmts.dll
2012-09-24 07:15:57: Original File Name: 
2012-09-24 07:15:57: Company: 
2012-09-24 07:15:57: Mod/Cre/Acc time: 
2012-09-24 07:15:57: !!!!!!!!!
2012-09-24 07:15:57: ---------------------------------------------------------------------
2012-09-24 07:15:57: Found Service: AudioEndpointBuilder
2012-09-24 07:15:57: Real Path: C:\windows\System32\Audiosrv.dll
2012-09-24 07:15:57: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-09-24 07:15:57: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-09-24 07:15:57: ServiceDLL: System32\Audiosrv.dll
2012-09-24 07:15:57: File size: 0
2012-09-24 07:15:57: DLL File name: Audiosrv.dll
2012-09-24 07:15:57: Original File Name: audiosrv.dll.mui
2012-09-24 07:15:57: Company: 
2012-09-24 07:15:57: Mod/Cre/Acc time: 
2012-09-24 07:15:57: ---------------------------------------------------------------------
2012-09-24 07:15:57: Found Service: AudioSrv
2012-09-24 07:15:57: Real Path: C:\windows\System32\Audiosrv.dll
2012-09-24 07:15:57: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-09-24 07:15:57: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-09-24 07:15:57: ServiceDLL: System32\Audiosrv.dll
2012-09-24 07:15:57: File size: 0
2012-09-24 07:15:57: DLL File name: Audiosrv.dll
2012-09-24 07:15:57: Original File Name: audiosrv.dll.mui
2012-09-24 07:15:57: Company: 
2012-09-24 07:15:57: Mod/Cre/Acc time: 
2012-09-24 07:15:57: ---------------------------------------------------------------------
2012-09-24 07:15:57: Found Service: AxInstSV
2012-09-24 07:15:57: Real Path: C:\windows\System32\AxInstSV.dll
2012-09-24 07:15:57: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-09-24 07:15:57: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-09-24 07:15:57: ServiceDLL: System32\AxInstSV.dll
2012-09-24 07:15:57: File size: 0
2012-09-24 07:15:57: DLL File name: AxInstSV.dll
2012-09-24 07:15:57: Original File Name: AxInstSv.dll.mui
2012-09-24 07:15:57: Company: 
2012-09-24 07:15:57: Mod/Cre/Acc time: 
2012-09-24 07:15:57: ---------------------------------------------------------------------
2012-09-24 07:15:57: Found Service: BDESVC
2012-09-24 07:15:57: Real Path: C:\windows\System32\bdesvc.dll
2012-09-24 07:15:57: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-09-24 07:15:57: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-09-24 07:15:57: ServiceDLL: System32\bdesvc.dll
2012-09-24 07:15:57: File size: 0
2012-09-24 07:15:57: DLL File name: bdesvc.dll
2012-09-24 07:15:57: Original File Name: BDESVC.DLL.MUI
2012-09-24 07:15:57: Company: 
2012-09-24 07:15:57: Mod/Cre/Acc time: 
2012-09-24 07:15:57: ---------------------------------------------------------------------
2012-09-24 07:15:57: Found Service: BFE
2012-09-24 07:15:57: Real Path: C:\windows\System32\bfe.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-09-24 07:15:58: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-09-24 07:15:58: ServiceDLL: System32\bfe.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: bfe.dll
2012-09-24 07:15:58: Original File Name: BFE.DLL.MUI
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: BITS
2012-09-24 07:15:58: Real Path: C:\windows\system32\qmgr.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-09-24 07:15:58: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-09-24 07:15:58: ServiceDLL: system32\qmgr.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: qmgr.dll
2012-09-24 07:15:58: Original File Name: qmgr.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: Browser
2012-09-24 07:15:58: Real Path: C:\windows\System32\browser.dll
2012-09-24 07:15:58: Display Name: @%systemroot%\system32\browser.dll,-100
2012-09-24 07:15:58: Description: @%systemroot%\system32\browser.dll,-101
2012-09-24 07:15:58: ServiceDLL: System32\browser.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: browser.dll
2012-09-24 07:15:58: Original File Name: browser.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: bthserv
2012-09-24 07:15:58: Real Path: C:\windows\system32\bthserv.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-09-24 07:15:58: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-09-24 07:15:58: ServiceDLL: system32\bthserv.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: bthserv.dll
2012-09-24 07:15:58: Original File Name: BTHSERV.DLL.MUI
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: CertPropSvc
2012-09-24 07:15:58: Real Path: C:\windows\System32\certprop.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-09-24 07:15:58: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-09-24 07:15:58: ServiceDLL: System32\certprop.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: certprop.dll
2012-09-24 07:15:58: Original File Name: certprop.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: CryptSvc
2012-09-24 07:15:58: Real Path: C:\windows\system32\cryptsvc.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-09-24 07:15:58: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-09-24 07:15:58: ServiceDLL: system32\cryptsvc.dll
2012-09-24 07:15:58: File size: 139264
2012-09-24 07:15:58: DLL File name: cryptsvc.dll
2012-09-24 07:15:58: Original File Name: cryptsvc.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 20120423224704 20120613203452 20120613203452
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: DcomLaunch
2012-09-24 07:15:58: Real Path: C:\windows\system32\rpcss.dll
2012-09-24 07:15:58: Display Name: @oleres.dll,-5012
2012-09-24 07:15:58: Description: @oleres.dll,-5013
2012-09-24 07:15:58: ServiceDLL: system32\rpcss.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: rpcss.dll
2012-09-24 07:15:58: Original File Name: rpcss.dll
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: defragsvc
2012-09-24 07:15:58: Real Path: C:\windows\System32\defragsvc.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-09-24 07:15:58: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-09-24 07:15:58: ServiceDLL: System32\defragsvc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: defragsvc.dll
2012-09-24 07:15:58: Original File Name: defragsvc.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: Dhcp
2012-09-24 07:15:58: Real Path: C:\windows\system32\dhcpcore.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-09-24 07:15:58: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-09-24 07:15:58: ServiceDLL: system32\dhcpcore.dll
2012-09-24 07:15:58: File size: 253440
2012-09-24 07:15:58: DLL File name: dhcpcore.dll
2012-09-24 07:15:58: Original File Name: dhcpcore.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 20090713191511 20090713171216 20090713171216
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: Dnscache
2012-09-24 07:15:58: Real Path: C:\windows\System32\dnsrslvr.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-09-24 07:15:58: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-09-24 07:15:58: ServiceDLL: System32\dnsrslvr.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: dnsrslvr.dll
2012-09-24 07:15:58: Original File Name: dnsrslvr.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: dot3svc
2012-09-24 07:15:58: Real Path: C:\windows\System32\dot3svc.dll
2012-09-24 07:15:58: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-09-24 07:15:58: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-09-24 07:15:58: ServiceDLL: System32\dot3svc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: dot3svc.dll
2012-09-24 07:15:58: Original File Name: dot3svc.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: DPS
2012-09-24 07:15:58: Real Path: C:\windows\system32\dps.dll
2012-09-24 07:15:58: Display Name: @%systemroot%\system32\dps.dll,-500
2012-09-24 07:15:58: Description: @%systemroot%\system32\dps.dll,-501
2012-09-24 07:15:58: ServiceDLL: system32\dps.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: dps.dll
2012-09-24 07:15:58: Original File Name: dps.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: EapHost
2012-09-24 07:15:58: Real Path: C:\windows\System32\eapsvc.dll
2012-09-24 07:15:58: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-09-24 07:15:58: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-09-24 07:15:58: ServiceDLL: System32\eapsvc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: eapsvc.dll
2012-09-24 07:15:58: Original File Name: eapsvc.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: EventSystem
2012-09-24 07:15:58: Real Path: C:\windows\system32\es.dll
2012-09-24 07:15:58: Display Name: @comres.dll,-2450
2012-09-24 07:15:58: Description: @comres.dll,-2451
2012-09-24 07:15:58: ServiceDLL: system32\es.dll
2012-09-24 07:15:58: File size: 271360
2012-09-24 07:15:58: DLL File name: es.dll
2012-09-24 07:15:58: Original File Name: ES.DLL
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 20090713191519 20090713174438 20090713174438
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: fdPHost
2012-09-24 07:15:58: Real Path: C:\windows\system32\fdPHost.dll
2012-09-24 07:15:58: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-09-24 07:15:58: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-09-24 07:15:58: ServiceDLL: system32\fdPHost.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: fdPHost.dll
2012-09-24 07:15:58: Original File Name: fdPHost.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: FDResPub
2012-09-24 07:15:58: Real Path: C:\windows\system32\fdrespub.dll
2012-09-24 07:15:58: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-09-24 07:15:58: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-09-24 07:15:58: ServiceDLL: system32\fdrespub.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: fdrespub.dll
2012-09-24 07:15:58: Original File Name: FDResPub.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: !!!!!!!
2012-09-24 07:15:58: Found Service: FontCache
2012-09-24 07:15:58: Real Path: C:\windows\system32\FntCache.dll
2012-09-24 07:15:58: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-09-24 07:15:58: Description: @%systemroot%\system32\FntCache.dll,-101
2012-09-24 07:15:58: ServiceDLL: system32\FntCache.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: FntCache.dll
2012-09-24 07:15:58: Original File Name: FontCacheService
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: !!!!!!!!!
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: gpsvc
2012-09-24 07:15:58: Real Path: C:\windows\System32\gpsvc.dll
2012-09-24 07:15:58: Display Name: @gpapi.dll,-112
2012-09-24 07:15:58: Description: @gpapi.dll,-113
2012-09-24 07:15:58: ServiceDLL: System32\gpsvc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: gpsvc.dll
2012-09-24 07:15:58: Original File Name: gpsvc.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: hidserv
2012-09-24 07:15:58: Real Path: C:\windows\System32\hidserv.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-09-24 07:15:58: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-09-24 07:15:58: ServiceDLL: System32\hidserv.dll
2012-09-24 07:15:58: File size: 49152
2012-09-24 07:15:58: DLL File name: hidserv.dll
2012-09-24 07:15:58: Original File Name: HIDSERV.DLL.MUI
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 20090713191524 20090713175109 20090713175109
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: hkmsvc
2012-09-24 07:15:58: Real Path: C:\windows\system32\kmsvc.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-09-24 07:15:58: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-09-24 07:15:58: ServiceDLL: system32\kmsvc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: kmsvc.dll
2012-09-24 07:15:58: Original File Name: KmSvc.DLL.MUI
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: HomeGroupListener
2012-09-24 07:15:58: Real Path: C:\windows\system32\ListSvc.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-09-24 07:15:58: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-09-24 07:15:58: ServiceDLL: system32\ListSvc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: ListSvc.dll
2012-09-24 07:15:58: Original File Name: ListSvc.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: HomeGroupProvider
2012-09-24 07:15:58: Real Path: C:\windows\system32\provsvc.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-09-24 07:15:58: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-09-24 07:15:58: ServiceDLL: system32\provsvc.dll
2012-09-24 07:15:58: File size: 165376
2012-09-24 07:15:58: DLL File name: provsvc.dll
2012-09-24 07:15:58: Original File Name: provsvc.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 20090713191612 20090713173941 20090713173941
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: IKEEXT
2012-09-24 07:15:58: Real Path: C:\windows\System32\ikeext.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-09-24 07:15:58: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-09-24 07:15:58: ServiceDLL: System32\ikeext.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: ikeext.dll
2012-09-24 07:15:58: Original File Name: IKEEXT.DLL.MUI
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: IPBusEnum
2012-09-24 07:15:58: Real Path: C:\windows\system32\ipbusenum.dll
2012-09-24 07:15:58: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-09-24 07:15:58: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-09-24 07:15:58: ServiceDLL: system32\ipbusenum.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: ipbusenum.dll
2012-09-24 07:15:58: Original File Name: IPBusEnum.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: iphlpsvc
2012-09-24 07:15:58: Real Path: C:\windows\System32\iphlpsvc.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500
2012-09-24 07:15:58: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
2012-09-24 07:15:58: ServiceDLL: System32\iphlpsvc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: iphlpsvc.dll
2012-09-24 07:15:58: Original File Name: iphlpsvc.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: KtmRm
2012-09-24 07:15:58: Real Path: C:\windows\system32\msdtckrm.dll
2012-09-24 07:15:58: Display Name: @comres.dll,-2946
2012-09-24 07:15:58: Description: @comres.dll,-2947
2012-09-24 07:15:58: ServiceDLL: system32\msdtckrm.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: msdtckrm.dll
2012-09-24 07:15:58: Original File Name: MSDTCKRM.DLL
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: LanmanServer
2012-09-24 07:15:58: Real Path: C:\windows\System32\srvsvc.dll
2012-09-24 07:15:58: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-09-24 07:15:58: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-09-24 07:15:58: ServiceDLL: System32\srvsvc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: srvsvc.dll
2012-09-24 07:15:58: Original File Name: SRVSVC.DLL.MUI
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: LanmanWorkstation
2012-09-24 07:15:58: Real Path: C:\windows\System32\wkssvc.dll
2012-09-24 07:15:58: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-09-24 07:15:58: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-09-24 07:15:58: ServiceDLL: System32\wkssvc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: wkssvc.dll
2012-09-24 07:15:58: Original File Name: WKSSVC.DLL.MUI
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: lltdsvc
2012-09-24 07:15:58: Real Path: C:\windows\System32\lltdsvc.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-09-24 07:15:58: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-09-24 07:15:58: ServiceDLL: System32\lltdsvc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: lltdsvc.dll
2012-09-24 07:15:58: Original File Name: LLTDSVC.DLL
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: lmhosts
2012-09-24 07:15:58: Real Path: C:\windows\System32\lmhsvc.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-09-24 07:15:58: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-09-24 07:15:58: ServiceDLL: System32\lmhsvc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: lmhsvc.dll
2012-09-24 07:15:58: Original File Name: lmhsvc.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: Mcx2Svc
2012-09-24 07:15:58: Real Path: C:\windows\system32\Mcx2Svc.dll
2012-09-24 07:15:58: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-09-24 07:15:58: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-09-24 07:15:58: ServiceDLL: system32\Mcx2Svc.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: Mcx2Svc.dll
2012-09-24 07:15:58: Original File Name: Mcx2Svc.dll
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:58: ---------------------------------------------------------------------
2012-09-24 07:15:58: Found Service: MMCSS
2012-09-24 07:15:58: Real Path: C:\windows\system32\mmcss.dll
2012-09-24 07:15:58: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-09-24 07:15:58: Description: @%systemroot%\system32\mmcss.dll,-101
2012-09-24 07:15:58: ServiceDLL: system32\mmcss.dll
2012-09-24 07:15:58: File size: 0
2012-09-24 07:15:58: DLL File name: mmcss.dll
2012-09-24 07:15:58: Original File Name: mmcss.dll.mui
2012-09-24 07:15:58: Company: 
2012-09-24 07:15:58: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: MpsSvc
2012-09-24 07:15:59: Real Path: C:\windows\system32\mpssvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2012-09-24 07:15:59: ServiceDLL: system32\mpssvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: mpssvc.dll
2012-09-24 07:15:59: Original File Name: mpssvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: MSiSCSI
2012-09-24 07:15:59: Real Path: C:\windows\system32\iscsiexe.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-09-24 07:15:59: ServiceDLL: system32\iscsiexe.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: iscsiexe.dll
2012-09-24 07:15:59: Original File Name: iscsiexe.exe.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: napagent
2012-09-24 07:15:59: Real Path: C:\windows\system32\qagentRT.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-09-24 07:15:59: ServiceDLL: system32\qagentRT.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: qagentRT.dll
2012-09-24 07:15:59: Original File Name: QAgentRT.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: Netman
2012-09-24 07:15:59: Real Path: C:\windows\System32\netman.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\netman.dll,-110
2012-09-24 07:15:59: ServiceDLL: System32\netman.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: netman.dll
2012-09-24 07:15:59: Original File Name: netman.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: netprofm
2012-09-24 07:15:59: Real Path: C:\windows\System32\netprofm.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-09-24 07:15:59: ServiceDLL: System32\netprofm.dll
2012-09-24 07:15:59: File size: 360448
2012-09-24 07:15:59: DLL File name: netprofm.dll
2012-09-24 07:15:59: Original File Name: netprofm.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 20090713191603 20090713175658 20090713175658
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: NlaSvc
2012-09-24 07:15:59: Real Path: C:\windows\System32\nlasvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-09-24 07:15:59: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-09-24 07:15:59: ServiceDLL: System32\nlasvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: nlasvc.dll
2012-09-24 07:15:59: Original File Name: nlasvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: nsi
2012-09-24 07:15:59: Real Path: C:\windows\system32\nsisvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-09-24 07:15:59: ServiceDLL: system32\nsisvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: nsisvc.dll
2012-09-24 07:15:59: Original File Name: nsisvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: p2pimsvc
2012-09-24 07:15:59: Real Path: C:\windows\system32\pnrpsvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-09-24 07:15:59: ServiceDLL: system32\pnrpsvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: pnrpsvc.dll
2012-09-24 07:15:59: Original File Name: pnrpsvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: p2psvc
2012-09-24 07:15:59: Real Path: C:\windows\system32\p2psvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-09-24 07:15:59: ServiceDLL: system32\p2psvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: p2psvc.dll
2012-09-24 07:15:59: Original File Name: p2psvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: !!!!!!!
2012-09-24 07:15:59: Found Service: PcaSvc
2012-09-24 07:15:59: Real Path: C:\windows\System32\pcasvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-09-24 07:15:59: ServiceDLL: System32\pcasvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: pcasvc.dll
2012-09-24 07:15:59: Original File Name: 
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: !!!!!!!!!
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: pla
2012-09-24 07:15:59: Real Path: C:\windows\system32\pla.dll
2012-09-24 07:15:59: Display Name: @%systemroot%\system32\pla.dll,-500
2012-09-24 07:15:59: Description: @%systemroot%\system32\pla.dll,-501
2012-09-24 07:15:59: ServiceDLL: system32\pla.dll
2012-09-24 07:15:59: File size: 1508864
2012-09-24 07:15:59: DLL File name: pla.dll
2012-09-24 07:15:59: Original File Name: PLA.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 20090713191612 20090713172013 20090713172013
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: PlugPlay
2012-09-24 07:15:59: Real Path: C:\windows\system32\umpnpmgr.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-09-24 07:15:59: ServiceDLL: system32\umpnpmgr.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: umpnpmgr.dll
2012-09-24 07:15:59: Original File Name: Umpnpmgr.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: PNRPAutoReg
2012-09-24 07:15:59: Real Path: C:\windows\system32\pnrpauto.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-09-24 07:15:59: ServiceDLL: system32\pnrpauto.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: pnrpauto.dll
2012-09-24 07:15:59: Original File Name: pnrpauto.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: PNRPsvc
2012-09-24 07:15:59: Real Path: C:\windows\system32\pnrpsvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-09-24 07:15:59: ServiceDLL: system32\pnrpsvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: pnrpsvc.dll
2012-09-24 07:15:59: Original File Name: pnrpsvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: PolicyAgent
2012-09-24 07:15:59: Real Path: C:\windows\System32\ipsecsvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-09-24 07:15:59: ServiceDLL: System32\ipsecsvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: ipsecsvc.dll
2012-09-24 07:15:59: Original File Name: ipsecsvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: Power
2012-09-24 07:15:59: Real Path: C:\windows\system32\umpo.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-09-24 07:15:59: ServiceDLL: system32\umpo.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: umpo.dll
2012-09-24 07:15:59: Original File Name: Umpo.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: ProfSvc
2012-09-24 07:15:59: Real Path: C:\windows\system32\profsvc.dll
2012-09-24 07:15:59: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-09-24 07:15:59: Description: @%systemroot%\system32\profsvc.dll,-301
2012-09-24 07:15:59: ServiceDLL: system32\profsvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: profsvc.dll
2012-09-24 07:15:59: Original File Name: ProfSvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: QWAVE
2012-09-24 07:15:59: Real Path: C:\windows\system32\qwave.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-09-24 07:15:59: ServiceDLL: system32\qwave.dll
2012-09-24 07:15:59: File size: 210944
2012-09-24 07:15:59: DLL File name: qwave.dll
2012-09-24 07:15:59: Original File Name: qwave.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 20090713191612 20090713175415 20090713175415
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: RasAuto
2012-09-24 07:15:59: Real Path: C:\windows\System32\rasauto.dll
2012-09-24 07:15:59: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-09-24 07:15:59: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-09-24 07:15:59: ServiceDLL: System32\rasauto.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: rasauto.dll
2012-09-24 07:15:59: Original File Name: rasauto.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: RasMan
2012-09-24 07:15:59: Real Path: C:\windows\System32\rasmans.dll
2012-09-24 07:15:59: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-09-24 07:15:59: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-09-24 07:15:59: ServiceDLL: System32\rasmans.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: rasmans.dll
2012-09-24 07:15:59: Original File Name: Rasmans.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: RemoteAccess
2012-09-24 07:15:59: Real Path: C:\windows\System32\mprdim.dll
2012-09-24 07:15:59: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-09-24 07:15:59: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-09-24 07:15:59: ServiceDLL: System32\mprdim.dll
2012-09-24 07:15:59: File size: 75264
2012-09-24 07:15:59: DLL File name: mprdim.dll
2012-09-24 07:15:59: Original File Name: MPRDIM.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 20090713191541 20090713175426 20090713175426
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: RemoteRegistry
2012-09-24 07:15:59: Real Path: C:\windows\system32\regsvc.dll
2012-09-24 07:15:59: Display Name: @regsvc.dll,-1
2012-09-24 07:15:59: Description: @regsvc.dll,-2
2012-09-24 07:15:59: ServiceDLL: system32\regsvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: regsvc.dll
2012-09-24 07:15:59: Original File Name: REGSVC.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: RpcEptMapper
2012-09-24 07:15:59: Real Path: C:\windows\System32\RpcEpMap.dll
2012-09-24 07:15:59: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-09-24 07:15:59: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-09-24 07:15:59: ServiceDLL: System32\RpcEpMap.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: RpcEpMap.dll
2012-09-24 07:15:59: Original File Name: RpcEpMap.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: RpcSs
2012-09-24 07:15:59: Real Path: C:\windows\system32\rpcss.dll
2012-09-24 07:15:59: Display Name: @oleres.dll,-5010
2012-09-24 07:15:59: Description: @oleres.dll,-5011
2012-09-24 07:15:59: ServiceDLL: system32\rpcss.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: rpcss.dll
2012-09-24 07:15:59: Original File Name: rpcss.dll
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: SCardSvr
2012-09-24 07:15:59: Real Path: C:\windows\System32\SCardSvr.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-09-24 07:15:59: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-09-24 07:15:59: ServiceDLL: System32\SCardSvr.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: SCardSvr.dll
2012-09-24 07:15:59: Original File Name: SCardSvr.exe.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: Schedule
2012-09-24 07:15:59: Real Path: C:\windows\system32\schedsvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-09-24 07:15:59: ServiceDLL: system32\schedsvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: schedsvc.dll
2012-09-24 07:15:59: Original File Name: schedsvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: SCPolicySvc
2012-09-24 07:15:59: Real Path: C:\windows\System32\certprop.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-09-24 07:15:59: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-09-24 07:15:59: ServiceDLL: System32\certprop.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: certprop.dll
2012-09-24 07:15:59: Original File Name: certprop.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: SDRSVC
2012-09-24 07:15:59: Real Path: C:\windows\System32\SDRSVC.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-09-24 07:15:59: ServiceDLL: System32\SDRSVC.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: SDRSVC.dll
2012-09-24 07:15:59: Original File Name: SDRSVC.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: seclogon
2012-09-24 07:15:59: Real Path: C:\windows\system32\seclogon.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-09-24 07:15:59: ServiceDLL: system32\seclogon.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: seclogon.dll
2012-09-24 07:15:59: Original File Name: SECLOGON.EXE.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: SENS
2012-09-24 07:15:59: Real Path: C:\windows\system32\sens.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-09-24 07:15:59: ServiceDLL: system32\sens.dll
2012-09-24 07:15:59: File size: 49664
2012-09-24 07:15:59: DLL File name: sens.dll
2012-09-24 07:15:59: Original File Name: sens.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 20090713191613 20090713172158 20090713172158
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: SensrSvc
2012-09-24 07:15:59: Real Path: C:\windows\system32\sensrsvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-09-24 07:15:59: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-09-24 07:15:59: ServiceDLL: system32\sensrsvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: sensrsvc.dll
2012-09-24 07:15:59: Original File Name: sensrsvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: SessionEnv
2012-09-24 07:15:59: Real Path: C:\windows\system32\sessenv.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-09-24 07:15:59: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-09-24 07:15:59: ServiceDLL: system32\sessenv.dll
2012-09-24 07:15:59: File size: 99328
2012-09-24 07:15:59: DLL File name: sessenv.dll
2012-09-24 07:15:59: Original File Name: SessEnv.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 20090713191613 20090713180228 20090713180228
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: SharedAccess
2012-09-24 07:15:59: Real Path: C:\windows\System32\ipnathlp.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2012-09-24 07:15:59: ServiceDLL: System32\ipnathlp.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: ipnathlp.dll
2012-09-24 07:15:59: Original File Name: IPNATHLP.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: ShellHWDetection
2012-09-24 07:15:59: Real Path: C:\windows\System32\shsvcs.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-09-24 07:15:59: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-09-24 07:15:59: ServiceDLL: System32\shsvcs.dll
2012-09-24 07:15:59: File size: 328192
2012-09-24 07:15:59: DLL File name: shsvcs.dll
2012-09-24 07:15:59: Original File Name: SHSVCS.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 20090713191614 20090713173928 20090713173928
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: sppuinotify
2012-09-24 07:15:59: Real Path: C:\windows\system32\sppuinotify.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-09-24 07:15:59: ServiceDLL: system32\sppuinotify.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: sppuinotify.dll
2012-09-24 07:15:59: Original File Name: sppuinotify.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: SSDPSRV
2012-09-24 07:15:59: Real Path: C:\windows\System32\ssdpsrv.dll
2012-09-24 07:15:59: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-09-24 07:15:59: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-09-24 07:15:59: ServiceDLL: System32\ssdpsrv.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: ssdpsrv.dll
2012-09-24 07:15:59: Original File Name: ssdpsrv.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: SstpSvc
2012-09-24 07:15:59: Real Path: C:\windows\system32\sstpsvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-09-24 07:15:59: ServiceDLL: system32\sstpsvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: sstpsvc.dll
2012-09-24 07:15:59: Original File Name: sstpsvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: stisvc
2012-09-24 07:15:59: Real Path: C:\windows\System32\wiaservc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-09-24 07:15:59: ServiceDLL: System32\wiaservc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: wiaservc.dll
2012-09-24 07:15:59: Original File Name: WIASERVC.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: swprv
2012-09-24 07:15:59: Real Path: C:\windows\System32\swprv.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-09-24 07:15:59: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-09-24 07:15:59: ServiceDLL: System32\swprv.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: swprv.dll
2012-09-24 07:15:59: Original File Name: SWPRV.DLL.MUI
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: SysMain
2012-09-24 07:15:59: Real Path: C:\windows\system32\sysmain.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-09-24 07:15:59: ServiceDLL: system32\sysmain.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: sysmain.dll
2012-09-24 07:15:59: Original File Name: sysmain.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:15:59: ---------------------------------------------------------------------
2012-09-24 07:15:59: Found Service: TabletInputService
2012-09-24 07:15:59: Real Path: C:\windows\System32\TabSvc.dll
2012-09-24 07:15:59: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-09-24 07:15:59: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-09-24 07:15:59: ServiceDLL: System32\TabSvc.dll
2012-09-24 07:15:59: File size: 0
2012-09-24 07:15:59: DLL File name: TabSvc.dll
2012-09-24 07:15:59: Original File Name: TabSvc.dll.mui
2012-09-24 07:15:59: Company: 
2012-09-24 07:15:59: Mod/Cre/Acc time: 
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: TapiSrv
2012-09-24 07:16:00: Real Path: C:\windows\System32\tapisrv.dll
2012-09-24 07:16:00: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-09-24 07:16:00: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-09-24 07:16:00: ServiceDLL: System32\tapisrv.dll
2012-09-24 07:16:00: File size: 241664
2012-09-24 07:16:00: DLL File name: tapisrv.dll
2012-09-24 07:16:00: Original File Name: TAPISRV.EXE.MUI
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 20090713191615 20090713181955 20090713181955
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: TBS
2012-09-24 07:16:00: Real Path: C:\windows\System32\tbssvc.dll
2012-09-24 07:16:00: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-09-24 07:16:00: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-09-24 07:16:00: ServiceDLL: System32\tbssvc.dll
2012-09-24 07:16:00: File size: 0
2012-09-24 07:16:00: DLL File name: tbssvc.dll
2012-09-24 07:16:00: Original File Name: TBSSVC.DLL.MUI
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: TermService
2012-09-24 07:16:00: Real Path: C:\windows\System32\termsrv.dll
2012-09-24 07:16:00: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-09-24 07:16:00: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-09-24 07:16:00: ServiceDLL: System32\termsrv.dll
2012-09-24 07:16:00: File size: 0
2012-09-24 07:16:00: DLL File name: termsrv.dll
2012-09-24 07:16:00: Original File Name: termsrv.dll.mui
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: Themes
2012-09-24 07:16:00: Real Path: C:\windows\system32\themeservice.dll
2012-09-24 07:16:00: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-09-24 07:16:00: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-09-24 07:16:00: ServiceDLL: system32\themeservice.dll
2012-09-24 07:16:00: File size: 0
2012-09-24 07:16:00: DLL File name: themeservice.dll
2012-09-24 07:16:00: Original File Name: THEMESERVICE.DLL.MUI
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: THREADORDER
2012-09-24 07:16:00: Real Path: C:\windows\system32\mmcss.dll
2012-09-24 07:16:00: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-09-24 07:16:00: Description: @%systemroot%\system32\mmcss.dll,-103
2012-09-24 07:16:00: ServiceDLL: system32\mmcss.dll
2012-09-24 07:16:00: File size: 0
2012-09-24 07:16:00: DLL File name: mmcss.dll
2012-09-24 07:16:00: Original File Name: mmcss.dll.mui
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: TrkWks
2012-09-24 07:16:00: Real Path: C:\windows\System32\trkwks.dll
2012-09-24 07:16:00: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-09-24 07:16:00: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-09-24 07:16:00: ServiceDLL: System32\trkwks.dll
2012-09-24 07:16:00: File size: 0
2012-09-24 07:16:00: DLL File name: trkwks.dll
2012-09-24 07:16:00: Original File Name: trkwks.dll.mui
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 
2012-09-24 07:16:00: !!!!!!!
2012-09-24 07:16:00: Found Service: upnphost
2012-09-24 07:16:00: Real Path: C:\windows\System32\upnphost.dll
2012-09-24 07:16:00: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-09-24 07:16:00: Description: @%systemroot%\system32\upnphost.dll,-214
2012-09-24 07:16:00: ServiceDLL: System32\upnphost.dll
2012-09-24 07:16:00: File size: 266752
2012-09-24 07:16:00: DLL File name: upnphost.dll
2012-09-24 07:16:00: Original File Name: unpnhost.dll.mui
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 20090713191617 20090713175541 20090713175541
2012-09-24 07:16:00: !!!!!!!!!
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: UxSms
2012-09-24 07:16:00: Real Path: C:\windows\System32\uxsms.dll
2012-09-24 07:16:00: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-09-24 07:16:00: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-09-24 07:16:00: ServiceDLL: System32\uxsms.dll
2012-09-24 07:16:00: File size: 0
2012-09-24 07:16:00: DLL File name: uxsms.dll
2012-09-24 07:16:00: Original File Name: UxSms.dll
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: W32Time
2012-09-24 07:16:00: Real Path: C:\windows\system32\w32time.dll
2012-09-24 07:16:00: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-09-24 07:16:00: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-09-24 07:16:00: ServiceDLL: system32\w32time.dll
2012-09-24 07:16:00: File size: 0
2012-09-24 07:16:00: DLL File name: w32time.dll
2012-09-24 07:16:00: Original File Name: w32time.dll.mui
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: WbioSrvc
2012-09-24 07:16:00: Real Path: C:\windows\System32\wbiosrvc.dll
2012-09-24 07:16:00: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-09-24 07:16:00: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-09-24 07:16:00: ServiceDLL: System32\wbiosrvc.dll
2012-09-24 07:16:00: File size: 0
2012-09-24 07:16:00: DLL File name: wbiosrvc.dll
2012-09-24 07:16:00: Original File Name: wbiosrvc.dll.mui
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: wcncsvc
2012-09-24 07:16:00: Real Path: C:\windows\System32\wcncsvc.dll
2012-09-24 07:16:00: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-09-24 07:16:00: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-09-24 07:16:00: ServiceDLL: System32\wcncsvc.dll
2012-09-24 07:16:00: File size: 276992
2012-09-24 07:16:00: DLL File name: wcncsvc.dll
2012-09-24 07:16:00: Original File Name: WCNCSVC.DLL.MUI
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 20100914000714 20110224040029 20110224040029
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: WcsPlugInService
2012-09-24 07:16:00: Real Path: C:\windows\System32\WcsPlugInService.dll
2012-09-24 07:16:00: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-09-24 07:16:00: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-09-24 07:16:00: ServiceDLL: System32\WcsPlugInService.dll
2012-09-24 07:16:00: File size: 32768
2012-09-24 07:16:00: DLL File name: WcsPlugInService.dll
2012-09-24 07:16:00: Original File Name: WcsPlugInService.DLL.MUI
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 20090713191618 20090713172513 20090713172513
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: WdiServiceHost
2012-09-24 07:16:00: Real Path: C:\windows\system32\wdi.dll
2012-09-24 07:16:00: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-09-24 07:16:00: Description: @%systemroot%\system32\wdi.dll,-503
2012-09-24 07:16:00: ServiceDLL: system32\wdi.dll
2012-09-24 07:16:00: File size: 76288
2012-09-24 07:16:00: DLL File name: wdi.dll
2012-09-24 07:16:00: Original File Name: wdi.dll.mui
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 20090713191618 20090713171947 20090713171947
2012-09-24 07:16:00: ---------------------------------------------------------------------
2012-09-24 07:16:00: Found Service: WdiSystemHost
2012-09-24 07:16:00: Real Path: C:\windows\system32\wdi.dll
2012-09-24 07:16:00: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-09-24 07:16:00: Description: @%systemroot%\system32\wdi.dll,-501
2012-09-24 07:16:00: ServiceDLL: system32\wdi.dll
2012-09-24 07:16:00: File size: 76288
2012-09-24 07:16:00: DLL File name: wdi.dll
2012-09-24 07:16:00: Original File Name: wdi.dll.mui
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 20090713191618 20090713171947 20090713171947
2012-09-24 07:16:00: !!!!!!!
2012-09-24 07:16:00: Found Service: WebClient
2012-09-24 07:16:00: Real Path: C:\windows\System32\webclnt.dll
2012-09-24 07:16:00: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-09-24 07:16:00: Description: @%systemroot%\system32\webclnt.dll,-101
2012-09-24 07:16:00: ServiceDLL: System32\webclnt.dll
2012-09-24 07:16:00: File size: 204800
2012-09-24 07:16:00: DLL File name: webclnt.dll
2012-09-24 07:16:00: Original File Name: davsvc.dll.mui
2012-09-24 07:16:00: Company: 
2012-09-24 07:16:00: Mod/Cre/Acc time: 20101220233821 20110209160522 20110209160522
2012-09-24 07:16:00: !!!!!!!!!
2012-09-24 07:16:01: ---------------------------------------------------------------------
2012-09-24 07:16:01: Found Service: Wecsvc
2012-09-24 07:16:01: Real Path: C:\windows\system32\wecsvc.dll
2012-09-24 07:16:01: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-09-24 07:16:01: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-09-24 07:16:01: ServiceDLL: system32\wecsvc.dll
2012-09-24 07:16:01: File size: 0
2012-09-24 07:16:01: DLL File name: wecsvc.dll
2012-09-24 07:16:01: Original File Name: wecsvc.dll.mui
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 
2012-09-24 07:16:01: !!!!!!!
2012-09-24 07:16:01: Found Service: wercplsupport
2012-09-24 07:16:01: Real Path: C:\windows\System32\wercplsupport.dll
2012-09-24 07:16:01: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-09-24 07:16:01: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-09-24 07:16:01: ServiceDLL: System32\wercplsupport.dll
2012-09-24 07:16:01: File size: 0
2012-09-24 07:16:01: DLL File name: wercplsupport.dll
2012-09-24 07:16:01: Original File Name: ERC
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 
2012-09-24 07:16:01: !!!!!!!!!
2012-09-24 07:16:01: !!!!!!!
2012-09-24 07:16:01: Found Service: WerSvc
2012-09-24 07:16:01: Real Path: C:\windows\System32\WerSvc.dll
2012-09-24 07:16:01: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-09-24 07:16:01: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-09-24 07:16:01: ServiceDLL: System32\WerSvc.dll
2012-09-24 07:16:01: File size: 0
2012-09-24 07:16:01: DLL File name: WerSvc.dll
2012-09-24 07:16:01: Original File Name: wersvc
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 
2012-09-24 07:16:01: !!!!!!!!!
2012-09-24 07:16:01: ---------------------------------------------------------------------
2012-09-24 07:16:01: Found Service: Winmgmt
2012-09-24 07:16:01: Real Path: C:\windows\system32\wbem\WMIsvc.dll
2012-09-24 07:16:01: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-09-24 07:16:01: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-09-24 07:16:01: ServiceDLL: system32\wbem\WMIsvc.dll
2012-09-24 07:16:01: File size: 0
2012-09-24 07:16:01: DLL File name: WMIsvc.dll
2012-09-24 07:16:01: Original File Name: wmisvc.dll.mui
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 
2012-09-24 07:16:01: ---------------------------------------------------------------------
2012-09-24 07:16:01: Found Service: WinRM
2012-09-24 07:16:01: Real Path: C:\windows\system32\WsmSvc.dll
2012-09-24 07:16:01: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-09-24 07:16:01: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-09-24 07:16:01: ServiceDLL: system32\WsmSvc.dll
2012-09-24 07:16:01: File size: 1175040
2012-09-24 07:16:01: DLL File name: WsmSvc.dll
2012-09-24 07:16:01: Original File Name: WsmSvc.dll.mui
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 20090713191620 20090713173143 20090713173143
2012-09-24 07:16:01: ---------------------------------------------------------------------
2012-09-24 07:16:01: Found Service: Wlansvc
2012-09-24 07:16:01: Real Path: C:\windows\System32\wlansvc.dll
2012-09-24 07:16:01: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-09-24 07:16:01: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-09-24 07:16:01: ServiceDLL: System32\wlansvc.dll
2012-09-24 07:16:01: File size: 0
2012-09-24 07:16:01: DLL File name: wlansvc.dll
2012-09-24 07:16:01: Original File Name: wlansvc.dll.mui
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 
2012-09-24 07:16:01: ---------------------------------------------------------------------
2012-09-24 07:16:01: Found Service: WPCSvc
2012-09-24 07:16:01: Real Path: C:\windows\System32\wpcsvc.dll
2012-09-24 07:16:01: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-09-24 07:16:01: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-09-24 07:16:01: ServiceDLL: System32\wpcsvc.dll
2012-09-24 07:16:01: File size: 10752
2012-09-24 07:16:01: DLL File name: wpcsvc.dll
2012-09-24 07:16:01: Original File Name: wpcsvc.exe.mui
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 20090713191620 20090713174010 20090713174010
2012-09-24 07:16:01: ---------------------------------------------------------------------
2012-09-24 07:16:01: Found Service: WPDBusEnum
2012-09-24 07:16:01: Real Path: C:\windows\system32\wpdbusenum.dll
2012-09-24 07:16:01: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-09-24 07:16:01: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-09-24 07:16:01: ServiceDLL: system32\wpdbusenum.dll
2012-09-24 07:16:01: File size: 0
2012-09-24 07:16:01: DLL File name: wpdbusenum.dll
2012-09-24 07:16:01: Original File Name: WpdBusEnum.DLL.MUI
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 
2012-09-24 07:16:01: ---------------------------------------------------------------------
2012-09-24 07:16:01: Found Service: wscsvc
2012-09-24 07:16:01: Real Path: C:\windows\system32\wscsvc.dll
2012-09-24 07:16:01: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2012-09-24 07:16:01: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2012-09-24 07:16:01: ServiceDLL: system32\wscsvc.dll
2012-09-24 07:16:01: File size: 0
2012-09-24 07:16:01: DLL File name: wscsvc.dll
2012-09-24 07:16:01: Original File Name: wscsvc.dll.mui
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 
2012-09-24 07:16:01: ---------------------------------------------------------------------
2012-09-24 07:16:01: Found Service: wuauserv
2012-09-24 07:16:01: Real Path: C:\windows\system32\wuaueng.dll
2012-09-24 07:16:01: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-09-24 07:16:01: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-09-24 07:16:01: ServiceDLL: system32\wuaueng.dll
2012-09-24 07:16:01: File size: 0
2012-09-24 07:16:01: DLL File name: wuaueng.dll
2012-09-24 07:16:01: Original File Name: wuaueng.dll.mui
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 
2012-09-24 07:16:01: ---------------------------------------------------------------------
2012-09-24 07:16:01: Found Service: wudfsvc
2012-09-24 07:16:01: Real Path: C:\windows\System32\WUDFSvc.dll
2012-09-24 07:16:01: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-09-24 07:16:01: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-09-24 07:16:01: ServiceDLL: System32\WUDFSvc.dll
2012-09-24 07:16:01: File size: 0
2012-09-24 07:16:01: DLL File name: WUDFSvc.dll
2012-09-24 07:16:01: Original File Name: WUDFSvc.dll.mui
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 
2012-09-24 07:16:01: ---------------------------------------------------------------------
2012-09-24 07:16:01: Found Service: WwanSvc
2012-09-24 07:16:01: Real Path: C:\windows\System32\wwansvc.dll
2012-09-24 07:16:01: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-09-24 07:16:01: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-09-24 07:16:01: ServiceDLL: System32\wwansvc.dll
2012-09-24 07:16:01: File size: 0
2012-09-24 07:16:01: DLL File name: wwansvc.dll
2012-09-24 07:16:01: Original File Name: WwanSvc.dll.mui
2012-09-24 07:16:01: Company: 
2012-09-24 07:16:01: Mod/Cre/Acc time: 
2012-09-24 07:16:01: 
2012-09-24 07:16:01: Looking for SHELL key
2012-09-24 07:16:01: Now looking for bad DLL files in system32
2012-09-24 07:17:27: Folder: GAC
2012-09-24 07:17:27: Folder: GAC_32
2012-09-24 07:17:27: Folder: GAC_64
2012-09-24 07:17:27: Folder: GAC_MSIL
2012-09-24 07:17:27: Folder: NativeImages_v2.0.50727_32
2012-09-24 07:17:27: Folder: NativeImages_v2.0.50727_64
2012-09-24 07:17:27: Folder: NativeImages_v4.0.30319_32
2012-09-24 07:17:27: Folder: NativeImages_v4.0.30319_64
2012-09-24 07:17:27: Folder: temp
2012-09-24 07:17:27: Folder: tmp
2012-09-24 07:17:35: Checking for bad folder
2012-09-24 07:17:35: Found 1 folders.
2012-09-24 07:17:35: Checking C:\windows\assembly\tmp
2012-09-24 07:17:35: ... Folder test returns: 1
2012-09-24 07:17:35: Done with folder list in C:\windows\assembly\ tmp
2012-09-24 07:17:35: Autonomous mode, clearing out yt folder
2012-09-24 07:17:35: cmd.exe /c start "C:\Users\Megan\Desktop\yorkyt.exe"
2012-09-24 07:17:40: Restarting...
2012-09-24 07:19:02: ****************************************************
2012-09-24 07:19:02: Starting UP ... v 0.0.0.220
2012-09-24 07:19:02: ****************************************************
2012-09-24 07:19:04: Stop TPSRV returns: 2
2012-09-24 07:19:19: Listing processes...
2012-09-24 07:19:19: :[System Process]:0
2012-09-24 07:19:19: :System:4
2012-09-24 07:19:19: :smss.exe:296
2012-09-24 07:19:19: :csrss.exe:424
2012-09-24 07:19:19: :wininit.exe:504
2012-09-24 07:19:19: :csrss.exe:516
2012-09-24 07:19:19: :services.exe:552
2012-09-24 07:19:19: :lsass.exe:568
2012-09-24 07:19:19: :lsm.exe:576
2012-09-24 07:19:19: :svchost.exe:716
2012-09-24 07:19:19: :winlogon.exe:724
2012-09-24 07:19:19: :svchost.exe:824
2012-09-24 07:19:19: :svchost.exe:888
2012-09-24 07:19:19: :svchost.exe:964
2012-09-24 07:19:19: :svchost.exe:1004
2012-09-24 07:19:19: :audiodg.exe:336
2012-09-24 07:19:19: :svchost.exe:628
2012-09-24 07:19:19: :svchost.exe:840
2012-09-24 07:19:19: :spoolsv.exe:1120
2012-09-24 07:19:19: :svchost.exe:1148
2012-09-24 07:19:19: :BingDesktopUpdater.exe:1276
2012-09-24 07:19:19: :svchost.exe:1372
2012-09-24 07:19:19: :ccsvchst.exe:1404
2012-09-24 07:19:19: :taskhost.exe:1492
2012-09-24 07:19:19: :dwm.exe:1620
2012-09-24 07:19:19: :explorer.exe:1684
2012-09-24 07:19:19: :svchost.exe:1780
2012-09-24 07:19:19: :WLIDSVC.EXE:1844
2012-09-24 07:19:19: :ccsvchst.exe:1904
2012-09-24 07:19:19: :WLIDSVCM.EXE:1988
2012-09-24 07:19:19: :SearchIndexer.exe:2104
2012-09-24 07:19:19: :WUDFHost.exe:2256
2012-09-24 07:19:19: :svchost.exe:2360
2012-09-24 07:19:19: :yorkyt.exe:2480
2012-09-24 07:19:19: :WmiPrvSE.exe:2540
2012-09-24 07:19:19: :sidebar.exe:2732
2012-09-24 07:19:19: :SearchProtocolHost.exe:1808
2012-09-24 07:19:19: :SearchFilterHost.exe:1444
2012-09-24 07:19:19: :wmpnetwk.exe:2320
2012-09-24 07:19:19: 
2012-09-24 07:19:19: Starting cleanup mode...
2012-09-24 07:19:42: ... Done with files, now folders
2012-09-24 07:19:48: All DONE


----------



## Mark1956 (May 7, 2011)

Ok, now try running TDSSKiller again. If it still won't run try downloading from this link and see if that works. This is a direct download of the program and will not need to be unzipped.
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

If that still fails then try this alternative:

Please download and run Symantec's Backdoor.Tidserv Removal Tool (FixTDSS).
• Save the file to your Desktop.
• Double-click on *FixTDSS.exe.*
• Read the license agreement and click *I Accept* to continue.
• Click the *Proceed* button.
• If prompted to reboot the computer...please do so.
• When finished the tool will say the infection was cleared or no infection was found...let me know what it says


----------



## Nymfor (Sep 20, 2012)

I downlopaded both the TDSSkiller and the fixtdss one and every time I click to open and run it it pops up a window asking me if I want to allow this program to make changes on this computer, I click yes but nothing happens after I click.


----------



## Mark1956 (May 7, 2011)

This is showing all the signs of the latest variant of a ZeroAccess rootkit infection but it would usually show a certain file in the DDS log which is not there, as that log is a few days old please run DDS again and post the new log, DDS.txt, no need to post the Attach.txt.

Please also try this tool, all the instructions are on the web page:

http://www.freedrweb.com/download+cureit+free/beta/


----------



## Nymfor (Sep 20, 2012)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by Megan at 10:17:44 on 2012-09-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2718 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\REGSVR32.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program Files (x86)/Mystery P.I. - Stolen in San Francisco/Images/stg_drm.ocx
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program Files (x86)/Mystery P.I. - Stolen in San Francisco/Images/armhelper.ocx
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://merlin.telus.net/wizlet/Merlin11/static/controls/TELUSHighSpeedInstallWizard_Combined.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0DA3F6CC-AF3E-40C9-AB15-B76D22492F57} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{87068506-9FA7-4C9D-AECB-CC56ACEF540F} : DhcpNameServer = 192.168.2.1
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120]
R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120921.001\IDSviA64.sys [2012-9-21 513184]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [?]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe [2012-9-17 138272]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-18 138912]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-18 250288]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\windows\system32\DRIVERS\btblan.sys --> C:\windows\system32\DRIVERS\btblan.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-17 676936]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-4-8 517632]
S4 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-14 240160]
.
=============== Created Last 30 ================
.
2012-09-21 16:28:08 10213296 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-21 00:17:35 -------- d-----w- C:\Users\Megan\AppData\Local\NPE
2012-09-20 22:31:50 -------- d-----w- C:\windows\System32\SPReview
2012-09-20 20:37:25 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-20 17:31:59 98816 ----a-w- C:\windows\sed.exe
2012-09-20 17:31:59 518144 ----a-w- C:\windows\SWREG.exe
2012-09-20 17:31:59 256000 ----a-w- C:\windows\PEV.exe
2012-09-20 17:31:59 208896 ----a-w- C:\windows\MBR.exe
2012-09-19 01:27:44 -------- d-----w- C:\N360_BACKUP
2012-09-19 01:12:53 -------- d-----w- C:\Users\Megan\AppData\Roaming\PC Utility Kit
2012-09-19 01:12:53 -------- d-----w- C:\Users\Megan\AppData\Roaming\DriverCure
2012-09-19 01:12:35 -------- d-----w- C:\ProgramData\PC Utility Kit
2012-09-18 22:40:17 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-18 05:06:18 -------- d-----w- C:\Intel
2012-09-18 05:00:05 -------- d-----w- C:\Users\Megan\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 04:59:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-18 04:33:19 737952 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys
2012-09-18 04:33:19 451192 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\symds64.sys
2012-09-18 04:33:19 405624 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\symnets.sys
2012-09-18 04:33:19 37536 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys
2012-09-18 04:33:19 190072 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\ironx64.sys
2012-09-18 04:33:19 167072 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys
2012-09-18 04:33:19 1129120 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\symefa64.sys
2012-09-18 04:33:11 -------- d-----w- C:\windows\System32\drivers\N360x64\0603000.00E
2012-09-18 00:08:07 -------- d-----w- C:\Users\Megan\AppData\Local\LogMeIn Rescue Applet
2012-09-17 23:42:09 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-09-17 23:42:08 -------- d-----w- C:\Program Files\Symantec
2012-09-17 23:42:08 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-09-17 23:41:03 -------- d-----w- C:\windows\System32\drivers\N360x64
2012-09-17 23:41:01 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-09-17 23:40:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-09-16 14:30:59 -------- d-----w- C:\Symbols
2012-09-16 13:46:32 14336 ----a-w- C:\windows\System32\drivers\sffp_sd.sys
2012-09-16 01:54:58 -------- d-----w- C:\Users\Megan\AppData\Local\Diagnostics
2012-09-15 20:09:30 -------- d-----w- C:\windows\CheckSur
2012-09-15 14:33:09 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-09-15 14:18:59 -------- d-----w- C:\windows\SysWow64\N360_BACKUP
2012-09-15 00:36:45 -------- d-----w- C:\windows\System32\EventProviders
2012-09-13 19:34:42 -------- d-----w- C:\Users\Megan\AppData\Roaming\PC Cleaners
2012-09-13 19:34:33 4571448 ----a-w- C:\windows\uninst.exe
2012-09-13 19:34:32 -------- d-----w- C:\Users\Megan\AppData\Roaming\PCPro
2012-09-13 19:34:32 -------- d-----w- C:\ProgramData\PC1Data
2012-09-13 03:11:29 -------- d-----w- C:\Users\Megan\AppData\Roaming\AVG
2012-09-13 03:10:49 -------- d-----w- C:\ProgramData\AVG
2012-09-13 03:10:34 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-12 22:39:16 -------- d-----w- C:\Users\Megan\AppData\Roaming\TuneUp Software
2012-09-12 22:22:42 -------- d--h--w- C:\ProgramData\Common Files
2012-09-12 13:07:47 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-12 13:07:47 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-08-28 21:05:44 -------- d-----w- C:\ProgramData\Battle.net
.
==================== Find3M ====================
.
2012-09-21 16:28:18 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 22:59:59 152064 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-09-20 22:59:58 175104 ----a-w- C:\windows\System32\msclmd.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-07-26 18:02:22 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-07-18 17:31:12 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-07-04 22:01:38 58880 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:01:38 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:23:55 41472 ----a-w- C:\windows\SysWow64\browcli.dll
.
============= FINISH: 10:25:35.22 ===============


----------



## Nymfor (Sep 20, 2012)

I ran the Dr.Web CureIt and it found nothing, I ran it twice and during the second run I did the custom one and checked all the boxes.


----------



## Mark1956 (May 7, 2011)

Did you try the other tool I gave the link to in post 24 ?

Looks like this is not the ZeroAccess Rootkit but must be something similar which is blocking most of the tools from running.

Please tell me if you have a flash drive/USB memory stick. Also, when you use F8 to get to the Advanced Boot Menu which gives you access to Safe Mode do you see 'Repair Your Computer' in the list of options.

Please follow these next five steps. There is a lot to do here so take it slowly one step at a time and post the logs as they are requested in the instructions. Use one post for each log and then go on to the next step.

*STEP 1*
Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

*STEP 2*
Please download MiniToolBox and save it to your desktop.
Double click on the MiniToolBox icon








You will now see the following window appear.








Click on each of the boxes as indicated in the list below, then click on the *GO* button.
Copy & Paste the contents of the report that appears into your next post, you can also find a copy of the report on your desktop (Result.txt).

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•List content of Hosts

*STEP 3*

Please download and scan with *SuperAntiSpyware* Free for Home Users.

Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click *Yes*. If not, update the definitions before scanning by selecting *Check for Updates*. (_If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions._)
Click the *Preferences* button. (bottom left)
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._
Click the *Home* button to return to the main screen.
On the right, under *Select Scan Type*, choose *Complete Scan*.
Click *Scan Your Computer* to start the scan. Please be patient while it scans your computer.
After the scan is complete, a *Scan Summary* box will appear with *Threats Detected:* click *Continue*.
Make sure everything has a checkmark next to it and click *Remove Threats*.
A notification will appear: *Quarantine Complete*. Click *OK* and then click the *Finished* button to return to the main menu.
If asked if you want to reboot, click *Yes*.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*, then double click on the log just created, it will be at the top of the list._
_The log results will open in Notepad, Copy & Paste the entire log back here into your next reply._
Click the *X* in the top right hand corner to exit the program.
*STEP 4*
When the above is complete `post the logs from STEP 2 and 3.

Now run this:

Please download *aswMBR.exe* and save it to your Desktop.

Double click on aswMBR.exe to run it. _*Vista*/*Windows 7* users right-click and select Run As Administrator_.
You will be asked if you wish to download the latest Avast Virus Definitions, please select *Yes*. It may take several minutes to complete.
Click the *Scan* button to start scan. 








On completion of the scan, click the *Save log* button and save it to your Desktop.
*Do not* select any Fix options at this time.
Copy and paste the contents of that log in your next reply.
*-- Important note*: Upon the first run, aswMBR will back up the MBR and save it to the Desktop as *MBR.dat*. Do not delete this file unless advised.

NOTE: Right-click on MBR.dat and select *Send To* and then *Compressed (zipped) file*. Attach that zipped file to your next reply as well.

Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on that and a new window opens.
Click on the *Browse* button, find the zip folder you made earlier and doubleclick on it.
Now click on the *Upload* button. Wait for the Upload to complete, it will appear just below the *Browse* box.
When done, click on the *Close this window* button at the bottom of the page.
Enter your message-text in the message box, then click on *Submit Message/Reply.*

*STEP 5*
Please download RKill by Grinler and save it to your desktop.
Link 2
Link 3

Link 4

Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. Please post the log.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
*DO NOT* reboot, run *Malwarebytes*, let it update and run a *full* scan. If it finds anything, fix it and post the resulting log. If it finds nothing, post that log instead.


----------



## Mark1956 (May 7, 2011)

I've just seen your last post which you must have posted while I was putting my last one together. There has to be an infection in there somewhere but it is proving difficult to find and blocking the tools that would normally find it.

Please continue with the instructions above, I've seen since posting that you already have SuperAntiSpyware, please just check for updates and run a *Full* system scan. Delete everything it finds and post the log.


----------



## Nymfor (Sep 20, 2012)

I'm about to do eberything you told me to in your last post but I wanted to answer your other questions, when I hit F8 it does have the repair your computer option and I do have a 8GB Kingston flash stick. Is that what you meant by flash drive/USB memory stick? I will post my results shortly, and thanks again btw.


----------



## Mark1956 (May 7, 2011)

Great, having the Repair my Computer option will give access to the Recovery Environment and the memory stick can be used to run another tool within the Recovery Environment if none of the above makes any progress.

And, you're welcome, I enjoy a challenge which your infection is proving to be.


----------



## Nymfor (Sep 20, 2012)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/24/2012 at 01:37 PM
Application Version : 5.5.1022
Core Rules Database Version : 9281
Trace Rules Database Version: 7093
Scan type : Complete Scan
Total Scan Time : 01:15:46
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User
Memory items scanned : 486
Memory threats detected : 0
Registry items scanned : 65368
Registry threats detected : 0
File items scanned : 199528
File threats detected : 20
Adware.Tracking Cookie
accounts.google.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\MEGAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

MiniToolBox by Farbar Version: 23-07-2012
Ran by Megan (administrator) on 24-09-2012 at 12:06:33
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ============================== 
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost

**** End of log ****


----------



## Nymfor (Sep 20, 2012)

I downloaded aswMBR but it wont allow me to run it.


----------



## Mark1956 (May 7, 2011)

Ok, yet another program the infection is blocking, see how Step 5 goes.


----------



## Mark1956 (May 7, 2011)

I meant to ask earlier what happened when you tried to run Combofix, I see it created a Restore Point which shows the program launched but there is an error in the Event Viewer log which suggests it didn't complete. Did it create a log, if so please post it.


----------



## Nymfor (Sep 20, 2012)

I will get to work on step 5 and post the results. I do remember running combofix before I posted my issue here I think I may have deleted it, I can't remember what the scan results were. Would you like me to re-install combofix and run it again? Just got to find the combofix link I used.


----------



## Nymfor (Sep 20, 2012)

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/24/2012 03:44:25 PM in x64 mode.
Windows Version: Windows 7 Home Premium 
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!
* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!

Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity: 
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures: 
* No issues found.
Checking HOSTS File: 
* HOSTS file entries found: 
127.0.0.1 localhost
Program finished at: 09/24/2012 03:44:34 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)


----------



## Nymfor (Sep 20, 2012)

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.20.07
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Megan :: MEGANANDTREVOR [administrator]
9/24/2012 3:47:34 PM
mbam-log-2012-09-24 (15-47-34).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 405561
Time elapsed: 1 hour(s), 1 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## Mark1956 (May 7, 2011)

As you got Combofix to run before lets try it again. Please follow these instructions.

*STEP 1*
*NOTE:* If you have already used Combofix please delete the icon from your desktop.

Please download DeFogger and save it to your desktop.
Once downloaded, double-click on the *DeFogger* icon to start the tool.
The application window will appear.
You should now click on the *Disable* button to disable your CD Emulation drivers.
When it prompts you whether or not you want to continue, please click on the *Yes* button to continue.
When the program has completed you will see a *Finished!* message. Click on the *OK* button to exit the program.
If CD Emulation programs are present and have been disabled, *DeFogger* will now ask you to reboot the machine. Please allow it to do so by clicking on the *OK* button.

*STEP 2*
Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*

Download Mirror #1
Download Mirror #2
Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*
*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first.

Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.
_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._
If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair
*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.


> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## Nymfor (Sep 20, 2012)

ComboFix 12-09-24.02 - Megan 09/24/2012 18:54:26.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2901 [GMT -6:00]
Running from: c:\users\Megan\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))
.
.
2012-09-25 01:26 . 2012-09-25 01:26 -------- d-----w- c:\users\Megan and Trevor\AppData\Local\temp
2012-09-25 01:26 . 2012-09-25 01:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-24 18:14 . 2012-09-24 18:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-24 16:45 . 2012-09-24 16:45 -------- d-----w- c:\users\Megan\Doctor Web
2012-09-21 00:17 . 2012-09-21 00:26 -------- d-----w- c:\users\Megan\AppData\Local\NPE
2012-09-20 22:31 . 2012-09-20 22:31 -------- d-----w- c:\windows\system32\SPReview
2012-09-19 01:27 . 2012-09-19 01:27 -------- d-----w- C:\N360_BACKUP
2012-09-19 01:12 . 2012-09-19 01:12 -------- d-----w- c:\users\Megan\AppData\Roaming\PC Utility Kit
2012-09-19 01:12 . 2012-09-19 01:12 -------- d-----w- c:\users\Megan\AppData\Roaming\DriverCure
2012-09-19 01:12 . 2012-09-19 01:16 -------- d-----w- c:\programdata\PC Utility Kit
2012-09-18 22:40 . 2012-09-21 16:28 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- C:\Intel
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- c:\users\Megan\AppData\Roaming\InstallShield
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- c:\program files (x86)\Intel
2012-09-18 05:00 . 2012-09-18 05:00 -------- d-----w- c:\users\Megan\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 04:59 . 2012-09-18 04:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-18 00:08 . 2012-09-18 22:34 -------- d-----w- c:\users\Megan\AppData\Local\LogMeIn Rescue Applet
2012-09-17 23:42 . 2012-09-17 23:42 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-09-17 23:42 . 2012-09-17 23:42 -------- d-----w- c:\program files\Symantec
2012-09-17 23:42 . 2012-09-17 23:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-09-17 23:41 . 2012-09-18 22:34 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-09-17 23:41 . 2012-09-17 23:41 -------- d-----w- c:\program files (x86)\Norton 360
2012-09-17 23:40 . 2012-09-17 23:40 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-09-16 14:30 . 2012-09-16 14:32 -------- d-----w- C:\Symbols
2012-09-16 13:46 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2012-09-16 01:54 . 2012-09-23 03:25 -------- d-----w- c:\users\Megan\AppData\Local\Diagnostics
2012-09-15 20:09 . 2012-09-15 20:09 -------- d-----w- c:\windows\CheckSur
2012-09-15 14:33 . 2012-07-26 18:02 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 14:18 . 2012-09-15 14:18 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2012-09-15 00:36 . 2012-09-15 00:36 -------- d-----w- c:\windows\system32\EventProviders
2012-09-13 19:34 . 2012-09-13 19:34 -------- d-----w- c:\users\Megan\AppData\Roaming\PC Cleaners
2012-09-13 19:34 . 2012-09-13 19:34 4571448 ----a-w- c:\windows\uninst.exe
2012-09-13 19:34 . 2012-09-13 19:34 -------- d-----w- c:\users\Megan\AppData\Roaming\PCPro
2012-09-13 19:34 . 2012-09-13 19:34 -------- d-----w- c:\programdata\PC1Data
2012-09-13 03:11 . 2012-09-13 03:11 -------- d-----w- c:\users\Megan\AppData\Roaming\AVG
2012-09-13 03:10 . 2012-09-13 03:12 -------- d-----w- c:\programdata\AVG
2012-09-13 03:10 . 2012-09-13 03:10 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-12 22:39 . 2012-09-12 22:39 -------- d-----w- c:\users\Megan\AppData\Roaming\TuneUp Software
2012-09-12 22:22 . 2012-09-12 22:22 -------- d--h--w- c:\programdata\Common Files
2012-09-12 13:07 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:07 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-08-28 21:05 . 2012-08-28 21:06 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 19:48 . 2010-05-19 19:05 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-21 19:47 . 2010-05-19 19:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-21 16:28 . 2011-05-28 22:00 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 22:59 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-20 22:59 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2012-09-12 13:50 . 2011-01-26 10:00 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 19:04 . 2010-05-09 15:45 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-31 19:04 . 2010-06-02 19:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-15 20:29 . 2010-05-09 15:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-08-15 20:27 . 2010-05-09 15:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-13 15:36 . 2011-02-14 02:19 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-26 18:02 . 2011-01-26 02:18 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-18 17:31 . 2012-08-14 19:24 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:04 . 2012-08-14 19:24 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:01 . 2012-08-14 19:24 58880 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:01 . 2012-08-14 19:24 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:23 . 2012-08-14 19:24 41472 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-21 5664640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2010-01-20 40320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-12-10 517632]
R4 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2011-08-15 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-09-05 1385120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120922.001\IDSvia64.sys [2012-09-17 513184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2011-11-16 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [2011-11-16 405624]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-18 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 16:28]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003Core.job
- c:\users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 16:47]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003UA.job
- c:\users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 16:47]
.
2012-09-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b3ad1a20-451f-4def-a145-a38e342ac49a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e0b112ca-1a88-49ac-9737-e29139d68c68.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-24 19:49:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-25 01:49
ComboFix2.txt 2012-09-20 18:36
.
Pre-Run: 624,325,615,616 bytes free
Post-Run: 624,040,837,120 bytes free
.
- - End Of File - - F3081AA2BA1BF072AAA1B8BD493082AF


----------



## Mark1956 (May 7, 2011)

Combofix has run ok but come up with a clean result.

Time to put your flash drive to use.

Use these links to download the correct version for your operating system.
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter *System Recovery Options* by using* Option 1* or *Option 2*
*Option 1* 
*To enter System Recovery Options from the Advanced Boot Options:*

Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Select *US* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.
*Option 2* 
*To enter System Recovery Options by using Windows installation disc:*

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Select *US* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.
NOTE: If you are unable to complete either *Option 1* or *2* then *stop* and let me know. This tool will only run correctly if you are able to get to the *System Recovery Options* menu.
*On the System Recovery Options menu you will get the following options:*
*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*

Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under *File* menu select *Open*.
Select *Computer* and find your flash drive letter and close *notepad*.
In the command window type *e:\frst.exe* (for x64 bit version type *e:\frst64*) and press *Enter* 
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


----------



## Nymfor (Sep 20, 2012)

Im working on option 1 atm, I hit enter for repair your computer and it went to a screen telling me windows is loading files. It's been there for about 5 - 10 min, will it eventually continue to the next step?


----------



## Mark1956 (May 7, 2011)

It should do so be patient.


----------



## Nymfor (Sep 20, 2012)

It's still at the windows is loading files screen for an hour and ten min. Is it just taking a long time because there are alot of files to load??


----------



## Mark1956 (May 7, 2011)

Eeek, every corner we try to turn another hitch gets in the way.

Shut down the PC and follow the other Option.

If you do not have a Windows 7 installation disc (not to be confused with a Recovery disc) please follow this and burn a boot disc which will do the same job.

Go to Control Panel and select Backup and Restore. In the left hand pane select Create a System Recovery disc and follow the prompts.

Then follow Option 2.

If you have any trouble making the CD you can use another Windows 7 PC but it must be 64bit, the same as yours, the version of Windows does not matter.


----------



## Nymfor (Sep 20, 2012)

How do I make a windows 7 installation disc?


----------



## Nymfor (Sep 20, 2012)

Ok I think I got the scan thing to work. The Farbar Recovery Scan tool is scanning atm and I will post the log once it's done.


----------



## Nymfor (Sep 20, 2012)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2012
Ran by SYSTEM at 25-09-2012 11:13:29
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US) 
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-21] ()
HKU\Megan\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5664640 2012-09-21] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
==================== Services (Whitelisted) ===================
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
4 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
4 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
4 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2009-12-10] (Alcatel-Lucent)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
4 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
==================== Drivers (Whitelisted) =====================
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [1385120 2012-09-04] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-09-18] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120922.001\IDSvia64.sys [513184 2012-09-17] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120924.017\ENG64.SYS [126112 2012-09-24] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120924.017\EX64.SYS [2084000 2012-09-24] (Symantec Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0603000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0603000.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-09-17] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-09-24 17:49 - 2012-09-24 17:49 - 00018276 ____A C:\ComboFix.txt
2012-09-24 16:48 - 2012-09-24 17:50 - 00000000 ____D C:\ComboFix
2012-09-24 16:25 - 2012-09-24 16:25 - 04759205 ____R (Swearware) C:\Users\Megan\Desktop\ComboFix.exe
2012-09-24 16:20 - 2012-09-24 16:21 - 00000472 ____A C:\Users\Megan\Desktop\defogger_disable.log
2012-09-24 16:20 - 2012-09-24 16:20 - 00000000 ____A C:\Users\Megan\defogger_reenable
2012-09-24 16:20 - 2012-09-24 16:19 - 00050477 ____A C:\Users\Megan\Desktop\Defogger.exe
2012-09-24 13:44 - 2012-09-24 13:44 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Megan\Desktop\rkill.exe
2012-09-24 13:44 - 2012-09-24 13:44 - 00002858 ____A C:\Users\Megan\Desktop\Rkill.txt
2012-09-24 11:55 - 2012-09-24 11:56 - 04731392 ____A (AVAST Software) C:\Users\Megan\Desktop\aswMBR.exe
2012-09-24 10:14 - 2012-09-24 11:51 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e0b112ca-1a88-49ac-9737-e29139d68c68.job
2012-09-24 10:14 - 2012-09-24 11:51 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b3ad1a20-451f-4def-a145-a38e342ac49a.job
2012-09-24 10:14 - 2012-09-24 10:14 - 00001817 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-24 10:14 - 2012-09-24 10:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-09-24 10:07 - 2012-09-24 10:13 - 20619768 ____A (SUPERAntiSpyware.com) C:\Users\Megan\Desktop\SUPERAntiSpyware.exe
2012-09-24 10:06 - 2012-09-24 10:06 - 00000711 ____A C:\Users\Megan\Desktop\Result.txt
2012-09-24 10:04 - 2012-09-24 10:05 - 00751391 ____A (Farbar) C:\Users\Megan\Desktop\MiniToolBox.exe
2012-09-24 10:00 - 2012-09-24 09:59 - 00448512 ____A (OldTimer Tools) C:\Users\Megan\Desktop\TFC.exe
2012-09-24 08:45 - 2012-09-24 08:45 - 00000000 ____D C:\Users\Megan\Doctor Web
2012-09-24 08:30 - 2012-09-24 08:42 - 98527600 ____A C:\Users\Megan\Desktop\dgf5xcca.exe
2012-09-24 08:17 - 2012-09-24 08:17 - 00607260 ____R (Swearware) C:\Users\Megan\Desktop\dds.com
2012-09-24 07:00 - 2012-09-24 07:00 - 01932256 ____A (Symantec Corporation) C:\Users\Megan\Desktop\FixTDSS.exe
2012-09-24 06:59 - 2012-09-24 06:59 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Megan\Desktop\tdsskiller.exe
2012-09-24 05:15 - 2012-09-24 05:19 - 00073295 ____A C:\Users\Megan\Desktop\yorkyt.exe.log
2012-09-24 05:14 - 2012-09-24 05:14 - 01415784 ____A C:\Users\Megan\Desktop\yorkyt.exe
2012-09-23 10:58 - 2012-09-23 10:58 - 00000000 ____D C:\Users\Megan\Desktop\RK_Quarantine
2012-09-23 07:17 - 2012-09-23 07:17 - 00002599 ____A C:\Users\Megan\Desktop\RKreport[2].txt
2012-09-23 07:17 - 2012-09-23 07:17 - 00002555 ____A C:\Users\Megan\Desktop\RKreport[3].txt
2012-09-23 05:29 - 2012-09-23 05:29 - 00001862 ____A C:\Users\Megan\Desktop\RKreport[1].txt
2012-09-23 05:28 - 2012-09-23 05:28 - 01391104 ____A C:\Users\Megan\Desktop\roguekiller.exe
2012-09-23 05:14 - 2012-09-23 05:14 - 00001560 ____A C:\Users\Megan\Desktop\GooredFix.txt
2012-09-23 05:14 - 2012-09-23 05:14 - 00000000 ____D C:\Users\Megan\Desktop\GooredFix Backups
2012-09-23 05:13 - 2012-09-23 05:13 - 00071398 ____A (jpshortstuff) C:\Users\Megan\Desktop\GooredFix.exe
2012-09-23 05:11 - 2012-09-23 05:11 - 00005206 ____A C:\Users\Megan\Desktop\AdwCleaner[S1].txt
2012-09-23 05:08 - 2012-09-23 05:08 - 00005206 ____A C:\AdwCleaner[S1].txt
2012-09-23 05:05 - 2012-09-23 05:05 - 00512737 ____A C:\Users\Megan\Desktop\adwcleaner.exe
2012-09-22 20:00 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 20:00 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 20:00 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-22 20:00 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 20:00 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 20:00 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-22 20:00 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 20:00 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 20:00 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-22 20:00 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-22 20:00 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-22 20:00 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 20:00 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 20:00 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 20:00 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 20:00 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 20:00 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-22 20:00 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-22 20:00 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-22 20:00 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-22 20:00 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-22 20:00 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-22 20:00 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-22 20:00 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 20:00 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-22 20:00 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-22 20:00 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 20:00 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 20:00 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-22 20:00 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 20:00 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-22 20:00 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-20 16:52 - 2012-09-20 16:52 - 00013570 ____A C:\Users\Megan\Desktop\Attach.txt
2012-09-20 16:51 - 2012-09-20 16:51 - 00017182 ____A C:\Users\Megan\Desktop\DDS.txt
2012-09-20 16:40 - 2012-09-20 16:40 - 00008140 ____A C:\Users\Megan\Desktop\hijackthis.log
2012-09-20 16:40 - 2012-09-20 16:39 - 00388608 ____A (Trend Micro Inc.) C:\Users\Megan\Desktop\HijackThis.exe
2012-09-20 16:17 - 2012-09-20 16:26 - 00000000 ____D C:\Users\Megan\AppData\Local\NPE
2012-09-20 14:31 - 2012-09-20 14:31 - 00000000 ____D C:\Windows\System32\SPReview
2012-09-20 09:31 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-20 09:31 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-20 09:31 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-20 09:31 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-20 09:31 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-20 09:31 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-20 09:31 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-20 09:31 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-20 09:09 - 2012-09-20 09:13 - 00008437 ____A C:\Windows\Rp_RPT.log
2012-09-20 08:59 - 2012-09-24 17:50 - 00000000 ____D C:\Qoobox
2012-09-20 08:58 - 2012-09-20 10:21 - 00000000 ____D C:\Windows\erdnt
2012-09-18 17:27 - 2012-09-18 17:27 - 00000000 ____D C:\N360_BACKUP
2012-09-18 17:12 - 2012-09-18 17:16 - 00000000 ____D C:\Users\All Users\PC Utility Kit
2012-09-18 17:12 - 2012-09-18 17:12 - 00000000 ____D C:\Users\Megan\AppData\Roaming\PC Utility Kit
2012-09-18 17:12 - 2012-09-18 17:12 - 00000000 ____D C:\Users\Megan\AppData\Roaming\DriverCure
2012-09-18 14:40 - 2012-09-24 17:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-18 14:40 - 2012-09-21 08:28 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-18 14:23 - 2012-09-18 14:23 - 00007601 ____A C:\Users\Megan\AppData\Local\Resmon.ResmonCfg
2012-09-17 21:06 - 2012-09-17 21:06 - 00000000 ____D C:\Users\Megan\AppData\Roaming\InstallShield
2012-09-17 21:06 - 2012-09-17 21:06 - 00000000 ____D C:\Program Files (x86)\Intel
2012-09-17 21:06 - 2012-09-17 21:06 - 00000000 ____D C:\Intel
2012-09-17 21:00 - 2012-09-17 21:00 - 00000000 ____D C:\Users\Megan\AppData\Roaming\SUPERAntiSpyware.com
2012-09-17 20:59 - 2012-09-17 20:59 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-09-17 16:08 - 2012-09-18 14:34 - 00000000 ____D C:\Users\Megan\AppData\Local\LogMeIn Rescue Applet
2012-09-17 15:42 - 2012-09-17 15:42 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-09-17 15:42 - 2012-09-17 15:42 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-09-17 15:42 - 2012-09-17 15:42 - 00000000 ____D C:\Program Files\Symantec
2012-09-17 15:42 - 2012-09-17 15:42 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-09-17 15:41 - 2012-09-18 14:34 - 00002279 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-09-17 15:41 - 2012-09-18 14:34 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-09-17 15:41 - 2012-09-17 15:41 - 00000000 ____D C:\Program Files (x86)\Norton 360
2012-09-16 06:30 - 2012-09-16 06:32 - 00000000 ____D C:\Symbols
2012-09-16 05:46 - 2009-10-09 19:17 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2012-09-15 12:09 - 2012-09-15 12:09 - 00000000 ____D C:\Windows\CheckSur
2012-09-15 06:33 - 2012-07-26 10:02 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-15 06:18 - 2012-09-15 06:18 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP
2012-09-14 18:21 - 2012-09-14 18:21 - 00001520 ____A C:\Users\Megan\Desktop\Network Security Settings.htm
2012-09-14 16:36 - 2012-09-14 16:36 - 00000000 ____D C:\Windows\System32\EventProviders
2012-09-14 16:31 - 2012-09-14 16:31 - 00000000 ____D C:\Users\Megan\Documents\Symantec
2012-09-13 11:34 - 2012-09-13 11:34 - 04571448 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-09-13 11:34 - 2012-09-13 11:34 - 00000000 ____D C:\Users\Megan\AppData\Roaming\PCPro
2012-09-13 11:34 - 2012-09-13 11:34 - 00000000 ____D C:\Users\Megan\AppData\Roaming\PC Cleaners
2012-09-13 11:34 - 2012-09-13 11:34 - 00000000 ____D C:\Users\All Users\PC1Data
2012-09-12 19:11 - 2012-09-12 19:11 - 00000000 ____D C:\Users\Megan\AppData\Roaming\AVG
2012-09-12 19:10 - 2012-09-12 19:12 - 00000000 ____D C:\Users\All Users\AVG
2012-09-12 19:10 - 2012-09-12 19:10 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-12 14:39 - 2012-09-12 14:39 - 00000000 ____D C:\Users\Megan\AppData\Roaming\TuneUp Software
2012-09-12 05:07 - 2012-08-02 09:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 05:07 - 2012-08-02 09:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-28 13:05 - 2012-08-28 13:06 - 00000000 ____D C:\Users\All Users\Battle.net

==================== 3 Months Modified Files ==================
2012-09-25 09:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-25 09:06 - 2009-07-13 20:51 - 00085300 ____A C:\Windows\setupact.log
2012-09-25 08:45 - 2009-11-20 06:53 - 02016343 ____A C:\Windows\WindowsUpdate.log
2012-09-25 08:45 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-25 08:45 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-25 08:34 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-24 17:49 - 2012-09-24 17:49 - 00018276 ____A C:\ComboFix.txt
2012-09-24 17:30 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-24 17:28 - 2009-08-14 15:43 - 00906326 ____A C:\Windows\PFRO.log
2012-09-24 17:27 - 2012-09-18 14:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-24 17:27 - 2011-06-10 08:47 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003UA.job
2012-09-24 16:25 - 2012-09-24 16:25 - 04759205 ____R (Swearware) C:\Users\Megan\Desktop\ComboFix.exe
2012-09-24 16:21 - 2012-09-24 16:20 - 00000472 ____A C:\Users\Megan\Desktop\defogger_disable.log
2012-09-24 16:20 - 2012-09-24 16:20 - 00000000 ____A C:\Users\Megan\defogger_reenable
2012-09-24 16:19 - 2012-09-24 16:20 - 00050477 ____A C:\Users\Megan\Desktop\Defogger.exe
2012-09-24 13:44 - 2012-09-24 13:44 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Megan\Desktop\rkill.exe
2012-09-24 13:44 - 2012-09-24 13:44 - 00002858 ____A C:\Users\Megan\Desktop\Rkill.txt
2012-09-24 11:56 - 2012-09-24 11:55 - 04731392 ____A (AVAST Software) C:\Users\Megan\Desktop\aswMBR.exe
2012-09-24 11:51 - 2012-09-24 10:14 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e0b112ca-1a88-49ac-9737-e29139d68c68.job
2012-09-24 11:51 - 2012-09-24 10:14 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b3ad1a20-451f-4def-a145-a38e342ac49a.job
2012-09-24 10:14 - 2012-09-24 10:14 - 00001817 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-24 10:13 - 2012-09-24 10:07 - 20619768 ____A (SUPERAntiSpyware.com) C:\Users\Megan\Desktop\SUPERAntiSpyware.exe
2012-09-24 10:06 - 2012-09-24 10:06 - 00000711 ____A C:\Users\Megan\Desktop\Result.txt
2012-09-24 10:05 - 2012-09-24 10:04 - 00751391 ____A (Farbar) C:\Users\Megan\Desktop\MiniToolBox.exe
2012-09-24 09:59 - 2012-09-24 10:00 - 00448512 ____A (OldTimer Tools) C:\Users\Megan\Desktop\TFC.exe
2012-09-24 08:42 - 2012-09-24 08:30 - 98527600 ____A C:\Users\Megan\Desktop\dgf5xcca.exe
2012-09-24 08:17 - 2012-09-24 08:17 - 00607260 ____R (Swearware) C:\Users\Megan\Desktop\dds.com
2012-09-24 07:00 - 2012-09-24 07:00 - 01932256 ____A (Symantec Corporation) C:\Users\Megan\Desktop\FixTDSS.exe
2012-09-24 06:59 - 2012-09-24 06:59 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Megan\Desktop\tdsskiller.exe
2012-09-24 05:27 - 2011-06-10 08:47 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003Core.job
2012-09-24 05:19 - 2012-09-24 05:15 - 00073295 ____A C:\Users\Megan\Desktop\yorkyt.exe.log
2012-09-24 05:14 - 2012-09-24 05:14 - 01415784 ____A C:\Users\Megan\Desktop\yorkyt.exe
2012-09-23 07:17 - 2012-09-23 07:17 - 00002599 ____A C:\Users\Megan\Desktop\RKreport[2].txt
2012-09-23 07:17 - 2012-09-23 07:17 - 00002555 ____A C:\Users\Megan\Desktop\RKreport[3].txt
2012-09-23 05:29 - 2012-09-23 05:29 - 00001862 ____A C:\Users\Megan\Desktop\RKreport[1].txt
2012-09-23 05:28 - 2012-09-23 05:28 - 01391104 ____A C:\Users\Megan\Desktop\roguekiller.exe
2012-09-23 05:14 - 2012-09-23 05:14 - 00001560 ____A C:\Users\Megan\Desktop\GooredFix.txt
2012-09-23 05:13 - 2012-09-23 05:13 - 00071398 ____A (jpshortstuff) C:\Users\Megan\Desktop\GooredFix.exe
2012-09-23 05:11 - 2012-09-23 05:11 - 00005206 ____A C:\Users\Megan\Desktop\AdwCleaner[S1].txt
2012-09-23 05:08 - 2012-09-23 05:08 - 00005206 ____A C:\AdwCleaner[S1].txt
2012-09-23 05:05 - 2012-09-23 05:05 - 00512737 ____A C:\Users\Megan\Desktop\adwcleaner.exe
2012-09-21 08:28 - 2012-09-18 14:40 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-21 08:28 - 2011-05-28 14:00 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-20 16:52 - 2012-09-20 16:52 - 00013570 ____A C:\Users\Megan\Desktop\Attach.txt
2012-09-20 16:51 - 2012-09-20 16:51 - 00017182 ____A C:\Users\Megan\Desktop\DDS.txt
2012-09-20 16:40 - 2012-09-20 16:40 - 00008140 ____A C:\Users\Megan\Desktop\hijackthis.log
2012-09-20 16:39 - 2012-09-20 16:40 - 00388608 ____A (Trend Micro Inc.) C:\Users\Megan\Desktop\HijackThis.exe
2012-09-20 16:19 - 2009-07-13 20:45 - 00342888 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-20 14:59 - 2009-07-13 18:36 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-09-20 14:59 - 2009-07-13 18:36 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-09-20 09:13 - 2012-09-20 09:09 - 00008437 ____A C:\Windows\Rp_RPT.log
2012-09-20 09:11 - 2010-04-15 15:17 - 00915930 ____A C:\Windows\FreedomInstallScript.log
2012-09-18 17:21 - 2011-04-01 16:50 - 00002052 ____A C:\Windows\epplauncher.mif
2012-09-18 14:34 - 2012-09-17 15:41 - 00002279 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-09-18 14:23 - 2012-09-18 14:23 - 00007601 ____A C:\Users\Megan\AppData\Local\Resmon.ResmonCfg
2012-09-17 15:42 - 2012-09-17 15:42 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-09-17 15:42 - 2012-09-17 15:42 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-09-15 09:44 - 2011-03-31 13:31 - 00079064 ____A C:\Users\Megan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-14 18:21 - 2012-09-14 18:21 - 00001520 ____A C:\Users\Megan\Desktop\Network Security Settings.htm
2012-09-14 17:18 - 2009-07-13 21:08 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-13 11:34 - 2012-09-13 11:34 - 04571448 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-09-12 16:48 - 2010-12-14 07:32 - 00002675 ____N C:\Users\Public\Desktop\WildTangent Games App - emachines.lnk
2012-09-12 14:46 - 2012-01-04 18:31 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-12 05:50 - 2011-01-26 02:00 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-28 13:34 - 2010-03-30 17:51 - 00001444 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-08-24 03:15 - 2012-09-22 20:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-22 20:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-22 20:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-22 20:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-22 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-22 20:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-22 20:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-22 20:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-22 20:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-22 20:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-22 20:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-22 20:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-22 20:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-22 20:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-22 20:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-22 20:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-22 20:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-22 20:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-22 20:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-22 20:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-22 20:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-22 20:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-22 20:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-22 20:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-22 20:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-22 20:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-22 20:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-22 20:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-22 20:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-22 20:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-22 20:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-22 20:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-19 11:34 - 2010-12-22 07:38 - 00002559 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2012-08-02 09:55 - 2012-09-12 05:07 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 09:05 - 2012-09-12 05:07 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-26 10:02 - 2012-09-15 06:33 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-07-26 10:02 - 2011-01-25 18:18 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-07-18 09:31 - 2012-08-14 11:24 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 14:04 - 2012-08-14 11:24 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:01 - 2012-08-14 11:24 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:01 - 2012-08-14 11:24 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:26 - 2012-08-14 11:24 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:23 - 2012-08-14 11:24 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-18 14:44:33
Restore point made on: 2012-09-20 09:32:45
Restore point made on: 2012-09-20 14:29:08
Restore point made on: 2012-09-20 15:57:37
Restore point made on: 2012-09-20 16:07:04
Restore point made on: 2012-09-20 16:23:07
Restore point made on: 2012-09-22 19:40:29
Restore point made on: 2012-09-22 20:00:24
Restore point made on: 2012-09-23 07:08:38
Restore point made on: 2012-09-24 05:15:54
Restore point made on: 2012-09-24 05:19:33
==================== Memory info =========================== 
Percentage of memory in use: 15%
Total physical RAM: 4095.24 MB
Available physical RAM: 3455.38 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3447.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (eMachines) (Fixed) (Total:683.52 GB) (Free:581.19 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:5.58 GB) NTFS
3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
9 Drive l: (KINGSTON) (Removable) (Total:7.2 GB) (Free:7.09 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B 
Disk 1 No Media 0 B 0 B 
Disk 2 No Media 0 B 0 B 
Disk 3 No Media 0 B 0 B 
Disk 4 No Media 0 B 0 B 
Disk 5 No Media 0 B 0 B 
Disk 6 Online 7385 MB 0 B 
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 683 GB 15 GB
Partition 4 Primary 10 MB 698 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden 
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy 
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C eMachines NTFS Partition 683 GB Healthy 
=========================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes
There is no volume associated with this partition.
=========================================================
Partitions of Disk 6:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7381 MB 4032 KB
==================================================================================
Disk: 6
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L KINGSTON FAT32 Removable 7381 MB Healthy 
=========================================================
Last Boot: 2012-09-16 15:31
==================== End Of Log =============================


----------



## Mark1956 (May 7, 2011)

Well done for getting the scan going. There is only one suspicious entry in this log which I am going to have to check out with my colleagues.

Hang in there, I should be back soon but it may not be until tomorrow.


----------



## Mark1956 (May 7, 2011)

As I suspected that suspicious partition is created by a TDL4 rootkit infection, you can see it near the end of the log.

I just need to create a set of instructions for its removal, but the good news is we have found the cause of the problem and should soon have your system back to normal.

I'll be back with a fix as soon as I can.


----------



## Nymfor (Sep 20, 2012)

Omg your awsome!! I was so worried. So after this my computer should be ok? Also one more question if this fixes the issue will you let me know how to unistall/remove all the little downloads I saved onto my desktop? Just curious as there are alot lol. Thanks again


----------



## Mark1956 (May 7, 2011)

No worries and I have all the instructions for removing the programs used, most will be taken care of by just one clean up tool.

I'll be back as soon as I get some instructions together, it's gone 1 am here so doubt I will do much more tonight.


----------



## Mark1956 (May 7, 2011)

I've got the first part of the instructions together, once you have replied I will do the rest in the morning.

Either use the Repair boot disc or select the 'Repair Your Computer' option from the Advanced Boot menu to get to the Recovery Environment (Command Prompt).

Type *diskpart* at the prompt and hit *Enter*, in a short while you should see *DISKPART>*
Type *select disk 0* (*NOTE:* that is a zero not the letter O) and hit *Enter*
You should now see *Disk 0 is now the selected disk.* and *DISKPART>* on the next line.
Now type *list partition* and hit the Enter key.
It should now display a list of your partitions, please carefully copy the list and put it in your next reply.
All I need is the Partition number followed by what is shown under the size column. See below. This only shows my three partitions your's should show four.


----------



## Nymfor (Sep 20, 2012)

Here's the partition info you asked for,

partition1 = 15GB
partition2 = 100MB
partition3 = 683GB
partition4 = 10 MB


----------



## Mark1956 (May 7, 2011)

Ok, I have completed the rest of the instructions:

Either use the Repair boot disc or select the 'Repair Your Computer' option from the Advanced Boot menu to get to the Recovery Environment (Command prompt).

Type *diskpart* at the prompt and hit *Enter*, in a short while you should see *DISKPART>*
Type *select disk 0* (*NOTE:* that is a zero not the letter O) and hit *Enter*
You should now see *Disk 0 is now the selected disk.* and *DISKPART>* on the next line.
Now type *select partition 4* and hit the *Enter* key. It should confirm the selected partition.
Now type *setid=07* and hit the *Enter* key.
Now type *inactive* and hit the *Enter* key.
That will stop the Rogue partition from being active and make it visible to our scanners.
Now to reactivate the Windows boot partition.
Type *select partition 2* and hit the *Enter* key.
Type *active* and hit the *Enter* key.
That should do it. Now type *exit* hit *Enter* then type *exit* again, hit *Enter* and the command prompt will close.
Then remove the boot CD (if used) and click on *Restart* at the bottom of the *System Recovery Options *box.

Before we go back and delete the rogue partition please check the system is booting ok and now try to run TDSSKiller and post the log following the instructions given earlier.


----------



## Nymfor (Sep 20, 2012)

I did all of it but so far it wont boot up right, i think it might have something to do with the BIOS settings I had to change to run the disc. Ive tried to change the BIOS settings back to where they were but it still wont boot up. When I leave the disc in it just goes back to the advanced boot menu.


----------



## Mark1956 (May 7, 2011)

I doubt the Bios settings you changed will have any effect. Please run the Farbar Recovery Scan Tool again and post the new log it creates on the Flash Drive. You will have to use another PC to read the log off the Flash Drive, make sure you get the most recent one.


----------



## Nymfor (Sep 20, 2012)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2012
Ran by SYSTEM at 26-09-2012 07:13:25
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US) 
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-21] ()
HKU\Megan\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5664640 2012-09-21] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
==================== Services (Whitelisted) ===================
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
4 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
4 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
4 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2009-12-10] (Alcatel-Lucent)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
4 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
==================== Drivers (Whitelisted) =====================
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [1385120 2012-09-04] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-09-18] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120925.001\IDSvia64.sys [513184 2012-09-17] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120925.018\ENG64.SYS [126112 2012-09-25] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120925.018\EX64.SYS [2084000 2012-09-25] (Symantec Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0603000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0603000.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-09-17] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-09-24 17:49 - 2012-09-24 17:49 - 00018276 ____A C:\ComboFix.txt
2012-09-24 16:48 - 2012-09-24 17:50 - 00000000 ____D C:\ComboFix
2012-09-24 16:25 - 2012-09-24 16:25 - 04759205 ____R (Swearware) C:\Users\Megan\Desktop\ComboFix.exe
2012-09-24 16:20 - 2012-09-24 16:21 - 00000472 ____A C:\Users\Megan\Desktop\defogger_disable.log
2012-09-24 16:20 - 2012-09-24 16:20 - 00000000 ____A C:\Users\Megan\defogger_reenable
2012-09-24 16:20 - 2012-09-24 16:19 - 00050477 ____A C:\Users\Megan\Desktop\Defogger.exe
2012-09-24 13:44 - 2012-09-24 13:44 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Megan\Desktop\rkill.exe
2012-09-24 13:44 - 2012-09-24 13:44 - 00002858 ____A C:\Users\Megan\Desktop\Rkill.txt
2012-09-24 11:55 - 2012-09-24 11:56 - 04731392 ____A (AVAST Software) C:\Users\Megan\Desktop\aswMBR.exe
2012-09-24 10:14 - 2012-09-25 18:14 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e0b112ca-1a88-49ac-9737-e29139d68c68.job
2012-09-24 10:14 - 2012-09-24 11:51 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b3ad1a20-451f-4def-a145-a38e342ac49a.job
2012-09-24 10:14 - 2012-09-24 10:14 - 00001817 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-24 10:14 - 2012-09-24 10:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-09-24 10:07 - 2012-09-24 10:13 - 20619768 ____A (SUPERAntiSpyware.com) C:\Users\Megan\Desktop\SUPERAntiSpyware.exe
2012-09-24 10:06 - 2012-09-24 10:06 - 00000711 ____A C:\Users\Megan\Desktop\Result.txt
2012-09-24 10:04 - 2012-09-24 10:05 - 00751391 ____A (Farbar) C:\Users\Megan\Desktop\MiniToolBox.exe
2012-09-24 10:00 - 2012-09-24 09:59 - 00448512 ____A (OldTimer Tools) C:\Users\Megan\Desktop\TFC.exe
2012-09-24 08:45 - 2012-09-24 08:45 - 00000000 ____D C:\Users\Megan\Doctor Web
2012-09-24 08:30 - 2012-09-24 08:42 - 98527600 ____A C:\Users\Megan\Desktop\dgf5xcca.exe
2012-09-24 08:17 - 2012-09-24 08:17 - 00607260 ____R (Swearware) C:\Users\Megan\Desktop\dds.com
2012-09-24 07:00 - 2012-09-24 07:00 - 01932256 ____A (Symantec Corporation) C:\Users\Megan\Desktop\FixTDSS.exe
2012-09-24 06:59 - 2012-09-24 06:59 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Megan\Desktop\tdsskiller.exe
2012-09-24 05:15 - 2012-09-24 05:19 - 00073295 ____A C:\Users\Megan\Desktop\yorkyt.exe.log
2012-09-24 05:14 - 2012-09-24 05:14 - 01415784 ____A C:\Users\Megan\Desktop\yorkyt.exe
2012-09-23 10:58 - 2012-09-23 10:58 - 00000000 ____D C:\Users\Megan\Desktop\RK_Quarantine
2012-09-23 07:17 - 2012-09-23 07:17 - 00002599 ____A C:\Users\Megan\Desktop\RKreport[2].txt
2012-09-23 07:17 - 2012-09-23 07:17 - 00002555 ____A C:\Users\Megan\Desktop\RKreport[3].txt
2012-09-23 05:29 - 2012-09-23 05:29 - 00001862 ____A C:\Users\Megan\Desktop\RKreport[1].txt
2012-09-23 05:28 - 2012-09-23 05:28 - 01391104 ____A C:\Users\Megan\Desktop\roguekiller.exe
2012-09-23 05:14 - 2012-09-23 05:14 - 00001560 ____A C:\Users\Megan\Desktop\GooredFix.txt
2012-09-23 05:14 - 2012-09-23 05:14 - 00000000 ____D C:\Users\Megan\Desktop\GooredFix Backups
2012-09-23 05:13 - 2012-09-23 05:13 - 00071398 ____A (jpshortstuff) C:\Users\Megan\Desktop\GooredFix.exe
2012-09-23 05:11 - 2012-09-23 05:11 - 00005206 ____A C:\Users\Megan\Desktop\AdwCleaner[S1].txt
2012-09-23 05:08 - 2012-09-23 05:08 - 00005206 ____A C:\AdwCleaner[S1].txt
2012-09-23 05:05 - 2012-09-23 05:05 - 00512737 ____A C:\Users\Megan\Desktop\adwcleaner.exe
2012-09-22 20:00 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 20:00 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 20:00 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-22 20:00 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 20:00 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 20:00 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-22 20:00 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 20:00 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 20:00 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-22 20:00 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-22 20:00 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-22 20:00 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 20:00 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 20:00 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 20:00 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 20:00 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 20:00 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-22 20:00 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-22 20:00 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-22 20:00 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-22 20:00 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-22 20:00 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-22 20:00 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-22 20:00 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 20:00 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-22 20:00 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-22 20:00 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 20:00 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 20:00 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-22 20:00 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 20:00 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-22 20:00 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-20 16:52 - 2012-09-20 16:52 - 00013570 ____A C:\Users\Megan\Desktop\Attach.txt
2012-09-20 16:51 - 2012-09-20 16:51 - 00017182 ____A C:\Users\Megan\Desktop\DDS.txt
2012-09-20 16:40 - 2012-09-20 16:40 - 00008140 ____A C:\Users\Megan\Desktop\hijackthis.log
2012-09-20 16:40 - 2012-09-20 16:39 - 00388608 ____A (Trend Micro Inc.) C:\Users\Megan\Desktop\HijackThis.exe
2012-09-20 16:17 - 2012-09-20 16:26 - 00000000 ____D C:\Users\Megan\AppData\Local\NPE
2012-09-20 14:31 - 2012-09-20 14:31 - 00000000 ____D C:\Windows\System32\SPReview
2012-09-20 09:31 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-20 09:31 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-20 09:31 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-20 09:31 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-20 09:31 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-20 09:31 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-20 09:31 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-20 09:31 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-20 09:09 - 2012-09-20 09:13 - 00008437 ____A C:\Windows\Rp_RPT.log
2012-09-20 08:59 - 2012-09-24 17:50 - 00000000 ____D C:\Qoobox
2012-09-20 08:58 - 2012-09-20 10:21 - 00000000 ____D C:\Windows\erdnt
2012-09-18 17:27 - 2012-09-18 17:27 - 00000000 ____D C:\N360_BACKUP
2012-09-18 17:12 - 2012-09-18 17:16 - 00000000 ____D C:\Users\All Users\PC Utility Kit
2012-09-18 17:12 - 2012-09-18 17:12 - 00000000 ____D C:\Users\Megan\AppData\Roaming\PC Utility Kit
2012-09-18 17:12 - 2012-09-18 17:12 - 00000000 ____D C:\Users\Megan\AppData\Roaming\DriverCure
2012-09-18 14:40 - 2012-09-25 16:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-18 14:40 - 2012-09-21 08:28 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-18 14:23 - 2012-09-18 14:23 - 00007601 ____A C:\Users\Megan\AppData\Local\Resmon.ResmonCfg
2012-09-17 21:06 - 2012-09-17 21:06 - 00000000 ____D C:\Users\Megan\AppData\Roaming\InstallShield
2012-09-17 21:06 - 2012-09-17 21:06 - 00000000 ____D C:\Program Files (x86)\Intel
2012-09-17 21:06 - 2012-09-17 21:06 - 00000000 ____D C:\Intel
2012-09-17 21:00 - 2012-09-17 21:00 - 00000000 ____D C:\Users\Megan\AppData\Roaming\SUPERAntiSpyware.com
2012-09-17 20:59 - 2012-09-17 20:59 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-09-17 16:08 - 2012-09-18 14:34 - 00000000 ____D C:\Users\Megan\AppData\Local\LogMeIn Rescue Applet
2012-09-17 15:42 - 2012-09-17 15:42 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-09-17 15:42 - 2012-09-17 15:42 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-09-17 15:42 - 2012-09-17 15:42 - 00000000 ____D C:\Program Files\Symantec
2012-09-17 15:42 - 2012-09-17 15:42 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-09-17 15:41 - 2012-09-18 14:34 - 00002279 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-09-17 15:41 - 2012-09-18 14:34 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-09-17 15:41 - 2012-09-17 15:41 - 00000000 ____D C:\Program Files (x86)\Norton 360
2012-09-16 06:30 - 2012-09-16 06:32 - 00000000 ____D C:\Symbols
2012-09-16 05:46 - 2009-10-09 19:17 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2012-09-15 12:09 - 2012-09-15 12:09 - 00000000 ____D C:\Windows\CheckSur
2012-09-15 06:33 - 2012-07-26 10:02 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-15 06:18 - 2012-09-15 06:18 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP
2012-09-14 18:21 - 2012-09-14 18:21 - 00001520 ____A C:\Users\Megan\Desktop\Network Security Settings.htm
2012-09-14 16:36 - 2012-09-14 16:36 - 00000000 ____D C:\Windows\System32\EventProviders
2012-09-14 16:31 - 2012-09-14 16:31 - 00000000 ____D C:\Users\Megan\Documents\Symantec
2012-09-13 11:34 - 2012-09-13 11:34 - 04571448 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-09-13 11:34 - 2012-09-13 11:34 - 00000000 ____D C:\Users\Megan\AppData\Roaming\PCPro
2012-09-13 11:34 - 2012-09-13 11:34 - 00000000 ____D C:\Users\Megan\AppData\Roaming\PC Cleaners
2012-09-13 11:34 - 2012-09-13 11:34 - 00000000 ____D C:\Users\All Users\PC1Data
2012-09-12 19:11 - 2012-09-12 19:11 - 00000000 ____D C:\Users\Megan\AppData\Roaming\AVG
2012-09-12 19:10 - 2012-09-12 19:12 - 00000000 ____D C:\Users\All Users\AVG
2012-09-12 19:10 - 2012-09-12 19:10 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-12 14:39 - 2012-09-12 14:39 - 00000000 ____D C:\Users\Megan\AppData\Roaming\TuneUp Software
2012-09-12 05:07 - 2012-08-02 09:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 05:07 - 2012-08-02 09:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-28 13:05 - 2012-08-28 13:06 - 00000000 ____D C:\Users\All Users\Battle.net

==================== 3 Months Modified Files ==================
2012-09-26 04:18 - 2009-11-20 06:53 - 02029292 ____A C:\Windows\WindowsUpdate.log
2012-09-26 04:18 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-26 04:18 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-26 04:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-26 04:15 - 2009-07-13 20:51 - 00085468 ____A C:\Windows\setupact.log
2012-09-25 18:14 - 2012-09-24 10:14 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e0b112ca-1a88-49ac-9737-e29139d68c68.job
2012-09-25 17:40 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-25 16:27 - 2012-09-18 14:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-25 16:27 - 2011-06-10 08:47 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003UA.job
2012-09-24 17:49 - 2012-09-24 17:49 - 00018276 ____A C:\ComboFix.txt
2012-09-24 17:30 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-24 17:28 - 2009-08-14 15:43 - 00906326 ____A C:\Windows\PFRO.log
2012-09-24 16:25 - 2012-09-24 16:25 - 04759205 ____R (Swearware) C:\Users\Megan\Desktop\ComboFix.exe
2012-09-24 16:21 - 2012-09-24 16:20 - 00000472 ____A C:\Users\Megan\Desktop\defogger_disable.log
2012-09-24 16:20 - 2012-09-24 16:20 - 00000000 ____A C:\Users\Megan\defogger_reenable
2012-09-24 16:19 - 2012-09-24 16:20 - 00050477 ____A C:\Users\Megan\Desktop\Defogger.exe
2012-09-24 13:44 - 2012-09-24 13:44 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Megan\Desktop\rkill.exe
2012-09-24 13:44 - 2012-09-24 13:44 - 00002858 ____A C:\Users\Megan\Desktop\Rkill.txt
2012-09-24 11:56 - 2012-09-24 11:55 - 04731392 ____A (AVAST Software) C:\Users\Megan\Desktop\aswMBR.exe
2012-09-24 11:51 - 2012-09-24 10:14 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b3ad1a20-451f-4def-a145-a38e342ac49a.job
2012-09-24 10:14 - 2012-09-24 10:14 - 00001817 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-24 10:13 - 2012-09-24 10:07 - 20619768 ____A (SUPERAntiSpyware.com) C:\Users\Megan\Desktop\SUPERAntiSpyware.exe
2012-09-24 10:06 - 2012-09-24 10:06 - 00000711 ____A C:\Users\Megan\Desktop\Result.txt
2012-09-24 10:05 - 2012-09-24 10:04 - 00751391 ____A (Farbar) C:\Users\Megan\Desktop\MiniToolBox.exe
2012-09-24 09:59 - 2012-09-24 10:00 - 00448512 ____A (OldTimer Tools) C:\Users\Megan\Desktop\TFC.exe
2012-09-24 08:42 - 2012-09-24 08:30 - 98527600 ____A C:\Users\Megan\Desktop\dgf5xcca.exe
2012-09-24 08:17 - 2012-09-24 08:17 - 00607260 ____R (Swearware) C:\Users\Megan\Desktop\dds.com
2012-09-24 07:00 - 2012-09-24 07:00 - 01932256 ____A (Symantec Corporation) C:\Users\Megan\Desktop\FixTDSS.exe
2012-09-24 06:59 - 2012-09-24 06:59 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Megan\Desktop\tdsskiller.exe
2012-09-24 05:27 - 2011-06-10 08:47 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003Core.job
2012-09-24 05:19 - 2012-09-24 05:15 - 00073295 ____A C:\Users\Megan\Desktop\yorkyt.exe.log
2012-09-24 05:14 - 2012-09-24 05:14 - 01415784 ____A C:\Users\Megan\Desktop\yorkyt.exe
2012-09-23 07:17 - 2012-09-23 07:17 - 00002599 ____A C:\Users\Megan\Desktop\RKreport[2].txt
2012-09-23 07:17 - 2012-09-23 07:17 - 00002555 ____A C:\Users\Megan\Desktop\RKreport[3].txt
2012-09-23 05:29 - 2012-09-23 05:29 - 00001862 ____A C:\Users\Megan\Desktop\RKreport[1].txt
2012-09-23 05:28 - 2012-09-23 05:28 - 01391104 ____A C:\Users\Megan\Desktop\roguekiller.exe
2012-09-23 05:14 - 2012-09-23 05:14 - 00001560 ____A C:\Users\Megan\Desktop\GooredFix.txt
2012-09-23 05:13 - 2012-09-23 05:13 - 00071398 ____A (jpshortstuff) C:\Users\Megan\Desktop\GooredFix.exe
2012-09-23 05:11 - 2012-09-23 05:11 - 00005206 ____A C:\Users\Megan\Desktop\AdwCleaner[S1].txt
2012-09-23 05:08 - 2012-09-23 05:08 - 00005206 ____A C:\AdwCleaner[S1].txt
2012-09-23 05:05 - 2012-09-23 05:05 - 00512737 ____A C:\Users\Megan\Desktop\adwcleaner.exe
2012-09-21 08:28 - 2012-09-18 14:40 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-21 08:28 - 2011-05-28 14:00 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-20 16:52 - 2012-09-20 16:52 - 00013570 ____A C:\Users\Megan\Desktop\Attach.txt
2012-09-20 16:51 - 2012-09-20 16:51 - 00017182 ____A C:\Users\Megan\Desktop\DDS.txt
2012-09-20 16:40 - 2012-09-20 16:40 - 00008140 ____A C:\Users\Megan\Desktop\hijackthis.log
2012-09-20 16:39 - 2012-09-20 16:40 - 00388608 ____A (Trend Micro Inc.) C:\Users\Megan\Desktop\HijackThis.exe
2012-09-20 16:19 - 2009-07-13 20:45 - 00342888 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-20 14:59 - 2009-07-13 18:36 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-09-20 14:59 - 2009-07-13 18:36 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-09-20 09:13 - 2012-09-20 09:09 - 00008437 ____A C:\Windows\Rp_RPT.log
2012-09-20 09:11 - 2010-04-15 15:17 - 00915930 ____A C:\Windows\FreedomInstallScript.log
2012-09-18 17:21 - 2011-04-01 16:50 - 00002052 ____A C:\Windows\epplauncher.mif
2012-09-18 14:34 - 2012-09-17 15:41 - 00002279 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-09-18 14:23 - 2012-09-18 14:23 - 00007601 ____A C:\Users\Megan\AppData\Local\Resmon.ResmonCfg
2012-09-17 15:42 - 2012-09-17 15:42 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-09-17 15:42 - 2012-09-17 15:42 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-09-15 09:44 - 2011-03-31 13:31 - 00079064 ____A C:\Users\Megan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-14 18:21 - 2012-09-14 18:21 - 00001520 ____A C:\Users\Megan\Desktop\Network Security Settings.htm
2012-09-14 17:18 - 2009-07-13 21:08 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-13 11:34 - 2012-09-13 11:34 - 04571448 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-09-12 16:48 - 2010-12-14 07:32 - 00002675 ____N C:\Users\Public\Desktop\WildTangent Games App - emachines.lnk
2012-09-12 14:46 - 2012-01-04 18:31 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-12 05:50 - 2011-01-26 02:00 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-28 13:34 - 2010-03-30 17:51 - 00001444 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-08-24 03:15 - 2012-09-22 20:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-22 20:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-22 20:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-22 20:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-22 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-22 20:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-22 20:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-22 20:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-22 20:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-22 20:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-22 20:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-22 20:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-22 20:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-22 20:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-22 20:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-22 20:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-22 20:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-22 20:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-22 20:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-22 20:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-22 20:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-22 20:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-22 20:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-22 20:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-22 20:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-22 20:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-22 20:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-22 20:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-22 20:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-22 20:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-22 20:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-22 20:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-19 11:34 - 2010-12-22 07:38 - 00002559 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2012-08-02 09:55 - 2012-09-12 05:07 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 09:05 - 2012-09-12 05:07 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-26 10:02 - 2012-09-15 06:33 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-07-26 10:02 - 2011-01-25 18:18 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-07-18 09:31 - 2012-08-14 11:24 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 14:04 - 2012-08-14 11:24 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:01 - 2012-08-14 11:24 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:01 - 2012-08-14 11:24 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:26 - 2012-08-14 11:24 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:23 - 2012-08-14 11:24 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-20 09:32:45
Restore point made on: 2012-09-20 14:29:08
Restore point made on: 2012-09-20 15:57:37
Restore point made on: 2012-09-20 16:07:04
Restore point made on: 2012-09-20 16:23:07
Restore point made on: 2012-09-22 19:40:29
Restore point made on: 2012-09-22 20:00:24
Restore point made on: 2012-09-23 07:08:38
Restore point made on: 2012-09-24 05:15:54
Restore point made on: 2012-09-24 05:19:33
Restore point made on: 2012-09-25 10:00:45
==================== Memory info =========================== 
Percentage of memory in use: 15%
Total physical RAM: 4095.24 MB
Available physical RAM: 3467.43 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3455.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: (eMachines) (Fixed) (Total:683.52 GB) (Free:582.91 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:5.58 GB) NTFS
3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
9 Drive l: (KINGSTON) (Removable) (Total:7.2 GB) (Free:7.09 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B 
Disk 1 No Media 0 B 0 B 
Disk 2 No Media 0 B 0 B 
Disk 3 No Media 0 B 0 B 
Disk 4 No Media 0 B 0 B 
Disk 5 No Media 0 B 0 B 
Disk 6 Online 7385 MB 0 B 
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 683 GB 15 GB
Partition 4 Primary 10 MB 698 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden 
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy 
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C eMachines NTFS Partition 683 GB Healthy 
=========================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Partitions of Disk 6:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7381 MB 4032 KB
==================================================================================
Disk: 6
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L KINGSTON FAT32 Removable 7381 MB Healthy 
=========================================================
Last Boot: 2012-09-16 15:31
==================== End Of Log =============================


----------



## Mark1956 (May 7, 2011)

I can see where the problem is, the rogue partition has been disabled but none of the other commands have taken effect, that is why the system won't boot up. There is an optional command that can be used to change the rogue partition type, please go through the process again as below with the edited command. You must follow all of it to repeat the commands that failed. Please check that each command is confirmed after you have hit the Enter key.

Either use the Repair boot disc or select the 'Repair Your Computer' option from the Advanced Boot menu to get to the Recovery Environment (Command prompt).

Type *diskpart* at the prompt and hit *Enter*, in a short while you should see *DISKPART>*
Type *select disk 0* (*NOTE:* that is a zero not the letter O) and hit *Enter*
You should now see *Disk 0 is now the selected disk.* and *DISKPART>* on the next line.
Now type *select partition 4* and hit the *Enter* key. It should confirm the selected partition.
Now type *set id=07 override* and hit the *Enter* key.
Now type *inactive* and hit the *Enter* key.
That will stop the Rogue partition from being active and make it visible to our scanners.
Now to reactivate the Windows boot partition.
Type *select partition 2* and hit the *Enter* key.
Type *active* and hit the *Enter* key.
That should do it. Now type *exit* hit *Enter* then type *exit* again, hit *Enter* and the command prompt will close.
Then remove the boot CD (if used) and click on *Restart* at the bottom of the *System Recovery Options *box.


----------



## Nymfor (Sep 20, 2012)

09:08:13.0027 3340 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:08:13.0683 3340 ============================================================
09:08:13.0683 3340 Current date / time: 2012/09/26 09:08:13.0683
09:08:13.0683 3340 SystemInfo:
09:08:13.0683 3340 
09:08:13.0683 3340 OS Version: 6.1.7600 ServicePack: 0.0
09:08:13.0683 3340 Product type: Workstation
09:08:13.0683 3340 ComputerName: MEGANANDTREVOR
09:08:13.0683 3340 UserName: Megan
09:08:13.0683 3340 Windows directory: C:\windows
09:08:13.0683 3340 System windows directory: C:\windows
09:08:13.0683 3340 Running under WOW64
09:08:13.0683 3340 Processor architecture: Intel x64
09:08:13.0683 3340 Number of processors: 2
09:08:13.0683 3340 Page size: 0x1000
09:08:13.0683 3340 Boot type: Normal boot
09:08:13.0683 3340 ============================================================
09:08:17.0068 3340 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:08:17.0099 3340 ============================================================
09:08:17.0099 3340 \Device\Harddisk0\DR0:
09:08:17.0115 3340 MBR partitions:
09:08:17.0115 3340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
09:08:17.0115 3340 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x5570C6F0
09:08:17.0115 3340 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5753F000, BlocksNum 0x5000
09:08:17.0115 3340 ============================================================
09:08:17.0115 3340 C: <-> \Device\Harddisk0\DR0\Partition2
09:08:17.0161 3340 ============================================================
09:08:17.0161 3340 Initialize success
09:08:17.0161 3340 ============================================================
09:09:27.0377 3256 ============================================================
09:09:27.0377 3256 Scan started
09:09:27.0377 3256 Mode: Manual; SigCheck; TDLFS; 
09:09:27.0377 3256 ============================================================
09:09:28.0344 3256 ================ Scan system memory ========================
09:09:28.0344 3256 System memory - ok
09:09:28.0344 3256 ================ Scan services =============================
09:09:28.0438 3256 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:09:28.0859 3256 !SASCORE - ok
09:09:28.0968 3256 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
09:09:29.0171 3256 1394ohci - ok
09:09:29.0218 3256 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\windows\system32\drivers\ACPI.sys
09:09:29.0265 3256 ACPI - ok
09:09:29.0280 3256 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
09:09:29.0436 3256 AcpiPmi - ok
09:09:29.0545 3256 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:09:29.0577 3256 AdobeFlashPlayerUpdateSvc - ok
09:09:29.0623 3256 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
09:09:29.0670 3256 adp94xx - ok
09:09:29.0701 3256 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
09:09:29.0717 3256 adpahci - ok
09:09:29.0748 3256 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
09:09:29.0779 3256 adpu320 - ok
09:09:29.0811 3256 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
09:09:29.0889 3256 AeLookupSvc - ok
09:09:29.0935 3256 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\windows\system32\drivers\afd.sys
09:09:29.0998 3256 AFD - ok
09:09:30.0029 3256 [ 2173E070647AC68C16B8214FE5C05EC3 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
09:09:30.0107 3256 AgereSoftModem - ok
09:09:30.0138 3256 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
09:09:30.0185 3256 agp440 - ok
09:09:30.0201 3256 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
09:09:30.0232 3256 ALG - ok
09:09:30.0247 3256 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
09:09:30.0279 3256 aliide - ok
09:09:30.0325 3256 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
09:09:30.0388 3256 AMD External Events Utility - ok
09:09:30.0388 3256 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
09:09:30.0419 3256 amdide - ok
09:09:30.0450 3256 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
09:09:30.0513 3256 AmdK8 - ok
09:09:30.0684 3256 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
09:09:30.0965 3256 amdkmdag - ok
09:09:30.0981 3256 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
09:09:31.0043 3256 amdkmdap - ok
09:09:31.0074 3256 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
09:09:31.0121 3256 AmdPPM - ok
09:09:31.0152 3256 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\windows\system32\drivers\amdsata.sys
09:09:31.0168 3256 amdsata - ok
09:09:31.0199 3256 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
09:09:31.0215 3256 amdsbs - ok
09:09:31.0230 3256 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\windows\system32\drivers\amdxata.sys
09:09:31.0246 3256 amdxata - ok
09:09:31.0277 3256 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\windows\system32\drivers\appid.sys
09:09:31.0339 3256 AppID - ok
09:09:31.0371 3256 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
09:09:31.0433 3256 AppIDSvc - ok
09:09:31.0464 3256 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\windows\System32\appinfo.dll
09:09:31.0511 3256 Appinfo - ok
09:09:31.0589 3256 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:09:31.0636 3256 Apple Mobile Device - ok
09:09:31.0683 3256 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
09:09:31.0698 3256 arc - ok
09:09:31.0714 3256 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
09:09:31.0729 3256 arcsas - ok
09:09:31.0745 3256 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
09:09:31.0792 3256 AsyncMac - ok
09:09:31.0839 3256 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
09:09:31.0854 3256 atapi - ok
09:09:32.0026 3256 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
09:09:32.0135 3256 atikmdag - ok
09:09:32.0213 3256 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
09:09:32.0275 3256 AudioEndpointBuilder - ok
09:09:32.0291 3256 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\windows\System32\Audiosrv.dll
09:09:32.0338 3256 AudioSrv - ok
09:09:32.0353 3256 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\windows\System32\AxInstSV.dll
09:09:32.0416 3256 AxInstSV - ok
09:09:32.0447 3256 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
09:09:32.0525 3256 b06bdrv - ok
09:09:32.0556 3256 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
09:09:32.0572 3256 b57nd60a - ok
09:09:32.0603 3256 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
09:09:32.0619 3256 BDESVC - ok
09:09:32.0634 3256 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
09:09:32.0681 3256 Beep - ok
09:09:32.0759 3256 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\windows\System32\bfe.dll
09:09:32.0821 3256 BFE - ok
09:09:32.0993 3256 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys
09:09:33.0118 3256 BHDrvx64 - ok
09:09:33.0196 3256 [ 1B63F2B7CA6B5290CC124CDD07520BC9 ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
09:09:33.0227 3256 BingDesktopUpdate - ok
09:09:33.0274 3256 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\windows\system32\qmgr.dll
09:09:33.0383 3256 BITS - ok
09:09:33.0414 3256 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
09:09:33.0445 3256 blbdrive - ok
09:09:33.0477 3256 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:09:33.0508 3256 Bonjour Service - ok
09:09:33.0539 3256 [ 19D20159708E152267E53B66677A4995 ] bowser C:\windows\system32\DRIVERS\bowser.sys
09:09:33.0664 3256 bowser - ok
09:09:33.0695 3256 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
09:09:33.0742 3256 BrFiltLo - ok
09:09:33.0773 3256 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
09:09:33.0804 3256 BrFiltUp - ok
09:09:33.0820 3256 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
09:09:33.0851 3256 BridgeMP - ok
09:09:33.0929 3256 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\windows\System32\browser.dll
09:09:33.0976 3256 Browser - ok
09:09:33.0991 3256 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
09:09:34.0069 3256 Brserid - ok
09:09:34.0085 3256 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
09:09:34.0116 3256 BrSerWdm - ok
09:09:34.0116 3256 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
09:09:34.0163 3256 BrUsbMdm - ok
09:09:34.0179 3256 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
09:09:34.0194 3256 BrUsbSer - ok
09:09:34.0225 3256 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
09:09:34.0257 3256 BTHMODEM - ok
09:09:34.0288 3256 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
09:09:34.0335 3256 bthserv - ok
09:09:34.0444 3256  catchme - ok
09:09:34.0506 3256 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys
09:09:34.0537 3256 ccSet_N360 - ok
09:09:34.0553 3256 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
09:09:34.0631 3256 cdfs - ok
09:09:34.0662 3256 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\windows\system32\drivers\cdrom.sys
09:09:34.0725 3256 cdrom - ok
09:09:34.0756 3256 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\windows\System32\certprop.dll
09:09:34.0818 3256 CertPropSvc - ok
09:09:34.0849 3256 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
09:09:34.0881 3256 circlass - ok
09:09:34.0896 3256 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
09:09:34.0912 3256 CLFS - ok
09:09:34.0959 3256 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:09:35.0005 3256 clr_optimization_v2.0.50727_32 - ok
09:09:35.0037 3256 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:09:35.0068 3256 clr_optimization_v2.0.50727_64 - ok
09:09:35.0115 3256 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:09:35.0177 3256 clr_optimization_v4.0.30319_32 - ok
09:09:35.0208 3256 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:09:35.0239 3256 clr_optimization_v4.0.30319_64 - ok
09:09:35.0255 3256 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
09:09:35.0286 3256 CmBatt - ok
09:09:35.0302 3256 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
09:09:35.0333 3256 cmdide - ok
09:09:35.0364 3256 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\windows\system32\Drivers\cng.sys
09:09:35.0427 3256 CNG - ok
09:09:35.0442 3256 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
09:09:35.0458 3256 Compbatt - ok
09:09:35.0489 3256 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
09:09:35.0520 3256 CompositeBus - ok
09:09:35.0520 3256 COMSysApp - ok
09:09:35.0536 3256 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
09:09:35.0551 3256 crcdisk - ok
09:09:35.0629 3256 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\windows\system32\cryptsvc.dll
09:09:35.0676 3256 CryptSvc - ok
09:09:35.0754 3256 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\windows\system32\rpcss.dll
09:09:35.0817 3256 DcomLaunch - ok
09:09:35.0848 3256 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
09:09:35.0910 3256 defragsvc - ok
09:09:35.0941 3256 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\windows\system32\Drivers\dfsc.sys
09:09:35.0988 3256 DfsC - ok
09:09:36.0051 3256 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\windows\system32\dhcpcore.dll
09:09:36.0129 3256 Dhcp - ok
09:09:36.0160 3256 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
09:09:36.0222 3256 discache - ok
09:09:36.0269 3256 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
09:09:36.0300 3256 Disk - ok
09:09:36.0363 3256 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\windows\System32\dnsrslvr.dll
09:09:36.0409 3256 Dnscache - ok
09:09:36.0441 3256 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\windows\System32\dot3svc.dll
09:09:36.0519 3256 dot3svc - ok
09:09:36.0550 3256 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\windows\system32\dps.dll
09:09:36.0628 3256 DPS - ok
09:09:36.0659 3256 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
09:09:36.0690 3256 drmkaud - ok
09:09:36.0737 3256 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
09:09:36.0784 3256 DXGKrnl - ok
09:09:36.0815 3256 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
09:09:36.0862 3256 EapHost - ok
09:09:36.0940 3256 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
09:09:37.0049 3256 ebdrv - ok
09:09:37.0111 3256 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:09:37.0158 3256 eeCtrl - ok
09:09:37.0205 3256 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\windows\System32\lsass.exe
09:09:37.0252 3256 EFS - ok
09:09:37.0314 3256 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\windows\ehome\ehRecvr.exe
09:09:37.0423 3256 ehRecvr - ok
09:09:37.0455 3256 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
09:09:37.0470 3256 ehSched - ok
09:09:37.0517 3256 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:09:37.0533 3256 EraserUtilRebootDrv - ok
09:09:37.0564 3256 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
09:09:37.0579 3256 ErrDev - ok
09:09:37.0642 3256 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
09:09:37.0673 3256 EventSystem - ok
09:09:37.0689 3256 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
09:09:37.0735 3256 exfat - ok
09:09:37.0767 3256 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
09:09:37.0798 3256 fastfat - ok
09:09:37.0829 3256 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\windows\system32\fxssvc.exe
09:09:37.0876 3256 Fax - ok
09:09:37.0907 3256 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
09:09:37.0938 3256 fdc - ok
09:09:37.0969 3256 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
09:09:38.0001 3256 fdPHost - ok
09:09:38.0001 3256 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
09:09:38.0047 3256 FDResPub - ok
09:09:38.0079 3256 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
09:09:38.0094 3256 FileInfo - ok
09:09:38.0110 3256 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
09:09:38.0141 3256 Filetrace - ok
09:09:38.0172 3256 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
09:09:38.0188 3256 flpydisk - ok
09:09:38.0203 3256 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
09:09:38.0219 3256 FltMgr - ok
09:09:38.0297 3256 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\windows\system32\FntCache.dll
09:09:38.0359 3256 FontCache - ok
09:09:38.0406 3256 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:09:38.0422 3256 FontCache3.0.0.0 - ok
09:09:38.0437 3256 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
09:09:38.0469 3256 FsDepends - ok
09:09:38.0484 3256 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
09:09:38.0515 3256 Fs_Rec - ok
09:09:38.0547 3256 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
09:09:38.0578 3256 fvevol - ok
09:09:38.0609 3256 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
09:09:38.0625 3256 gagp30kx - ok
09:09:38.0718 3256 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:09:38.0749 3256 GamesAppService - ok
09:09:38.0827 3256 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:09:38.0859 3256 GEARAspiWDM - ok
09:09:38.0937 3256 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\windows\System32\gpsvc.dll
09:09:38.0983 3256 gpsvc - ok
09:09:39.0046 3256 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
09:09:39.0124 3256 Greg_Service - ok
09:09:39.0155 3256 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
09:09:39.0217 3256 hcw85cir - ok
09:09:39.0264 3256 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
09:09:39.0342 3256 HdAudAddService - ok
09:09:39.0373 3256 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
09:09:39.0436 3256 HDAudBus - ok
09:09:39.0451 3256 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
09:09:39.0467 3256 HidBatt - ok
09:09:39.0483 3256 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
09:09:39.0514 3256 HidBth - ok
09:09:39.0514 3256 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
09:09:39.0529 3256 HidIr - ok
09:09:39.0561 3256 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
09:09:39.0607 3256 hidserv - ok
09:09:39.0639 3256 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
09:09:39.0685 3256 HidUsb - ok
09:09:39.0701 3256 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
09:09:39.0763 3256 hkmsvc - ok
09:09:39.0795 3256 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
09:09:39.0826 3256 HomeGroupListener - ok
09:09:39.0888 3256 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
09:09:39.0919 3256 HomeGroupProvider - ok
09:09:39.0951 3256 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
09:09:39.0966 3256 HpSAMD - ok
09:09:40.0013 3256 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\windows\system32\drivers\HTTP.sys
09:09:40.0060 3256 HTTP - ok
09:09:40.0107 3256 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
09:09:40.0107 3256 hwpolicy - ok
09:09:40.0153 3256 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
09:09:40.0185 3256 i8042prt - ok
09:09:40.0216 3256 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\windows\system32\drivers\iaStorV.sys
09:09:40.0247 3256 iaStorV - ok
09:09:40.0294 3256 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:09:40.0325 3256 idsvc - ok
09:09:40.0450 3256 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120925.001\IDSvia64.sys
09:09:40.0481 3256 IDSVia64 - ok
09:09:40.0575 3256 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
09:09:40.0606 3256 iirsp - ok
09:09:40.0887 3256 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\windows\System32\ikeext.dll
09:09:40.0980 3256 IKEEXT - ok
09:09:41.0105 3256 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
09:09:41.0183 3256 IntcAzAudAddService - ok
09:09:41.0230 3256 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
09:09:41.0245 3256 intelide - ok
09:09:41.0323 3256 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
09:09:41.0370 3256 intelppm - ok
09:09:41.0448 3256 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
09:09:41.0511 3256 IPBusEnum - ok
09:09:41.0542 3256 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
09:09:41.0589 3256 IpFilterDriver - ok
09:09:41.0713 3256 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
09:09:41.0791 3256 iphlpsvc - ok
09:09:41.0854 3256 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
09:09:41.0885 3256 IPMIDRV - ok
09:09:41.0901 3256 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
09:09:41.0963 3256 IPNAT - ok
09:09:42.0025 3256 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:09:42.0057 3256 iPod Service - ok
09:09:42.0088 3256 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
09:09:42.0103 3256 IRENUM - ok
09:09:42.0135 3256 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
09:09:42.0150 3256 isapnp - ok
09:09:42.0181 3256 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
09:09:42.0213 3256 iScsiPrt - ok
09:09:42.0228 3256 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
09:09:42.0259 3256 kbdclass - ok
09:09:42.0322 3256 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
09:09:42.0384 3256 kbdhid - ok
09:09:42.0415 3256 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\windows\system32\lsass.exe
09:09:42.0415 3256 KeyIso - ok
09:09:42.0447 3256 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
09:09:42.0525 3256 KSecDD - ok
09:09:42.0556 3256 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
09:09:42.0618 3256 KSecPkg - ok
09:09:42.0649 3256 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
09:09:42.0743 3256 ksthunk - ok
09:09:42.0790 3256 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
09:09:42.0868 3256 KtmRm - ok
09:09:42.0961 3256 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\windows\System32\srvsvc.dll
09:09:43.0008 3256 LanmanServer - ok
09:09:43.0055 3256 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
09:09:43.0117 3256 LanmanWorkstation - ok
09:09:43.0367 3256 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
09:09:43.0554 3256 LeapFrog Connect Device Service - ok
09:09:43.0585 3256 [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\windows\system32\DRIVERS\btblan.sys
09:09:43.0632 3256 Leapfrog-USBLAN - ok
09:09:43.0663 3256 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
09:09:43.0726 3256 lltdio - ok
09:09:43.0773 3256 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
09:09:43.0882 3256 lltdsvc - ok
09:09:43.0897 3256 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
09:09:43.0929 3256 lmhosts - ok
09:09:43.0975 3256 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
09:09:44.0038 3256 LSI_FC - ok
09:09:44.0069 3256 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
09:09:44.0100 3256 LSI_SAS - ok
09:09:44.0116 3256 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
09:09:44.0116 3256 LSI_SAS2 - ok
09:09:44.0147 3256 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
09:09:44.0163 3256 LSI_SCSI - ok
09:09:44.0178 3256 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
09:09:44.0225 3256 luafv - ok
09:09:44.0241 3256 MBAMProtector - ok
09:09:44.0287 3256 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:09:44.0319 3256 MBAMScheduler - ok
09:09:44.0397 3256 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:09:44.0490 3256 MBAMService - ok
09:09:44.0537 3256 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
09:09:44.0568 3256 McciCMService ( UnsignedFile.Multi.Generic ) - warning
09:09:44.0568 3256 McciCMService - detected UnsignedFile.Multi.Generic (1)
09:09:44.0662 3256 [ 859E5A32485178DAECA06B52E2BB44B2 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
09:09:44.0724 3256 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
09:09:44.0724 3256 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
09:09:44.0755 3256 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
09:09:44.0802 3256 Mcx2Svc - ok
09:09:44.0833 3256 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
09:09:44.0958 3256 megasas - ok
09:09:44.0989 3256 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
09:09:45.0021 3256 MegaSR - ok
09:09:45.0036 3256 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
09:09:45.0067 3256 MMCSS - ok
09:09:45.0099 3256 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
09:09:45.0192 3256 Modem - ok
09:09:45.0208 3256 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
09:09:45.0239 3256 monitor - ok
09:09:45.0286 3256 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
09:09:45.0333 3256 mouclass - ok
09:09:45.0379 3256 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
09:09:45.0411 3256 mouhid - ok
09:09:45.0426 3256 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
09:09:45.0442 3256 mountmgr - ok
09:09:45.0473 3256 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\windows\system32\drivers\mpio.sys
09:09:45.0551 3256 mpio - ok
09:09:45.0582 3256 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
09:09:45.0629 3256 mpsdrv - ok
09:09:45.0676 3256 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\windows\system32\mpssvc.dll
09:09:45.0754 3256 MpsSvc - ok
09:09:45.0816 3256 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
09:09:45.0863 3256 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
09:09:45.0863 3256 MREMP50 - detected UnsignedFile.Multi.Generic (1)
09:09:45.0910 3256 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
09:09:45.0941 3256 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
09:09:45.0941 3256 MRESP50 - detected UnsignedFile.Multi.Generic (1)
09:09:45.0972 3256 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
09:09:46.0035 3256 MRxDAV - ok
09:09:46.0066 3256 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
09:09:46.0128 3256 mrxsmb - ok
09:09:46.0191 3256 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
09:09:46.0253 3256 mrxsmb10 - ok
09:09:46.0269 3256 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
09:09:46.0315 3256 mrxsmb20 - ok
09:09:46.0362 3256 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\windows\system32\drivers\msahci.sys
09:09:46.0393 3256 msahci - ok
09:09:46.0440 3256 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\drivers\msdsm.sys
09:09:46.0456 3256 msdsm - ok
09:09:46.0503 3256 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
09:09:46.0534 3256 MSDTC - ok
09:09:46.0581 3256 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
09:09:46.0643 3256 Msfs - ok
09:09:46.0674 3256 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
09:09:46.0737 3256 mshidkmdf - ok
09:09:46.0752 3256 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
09:09:46.0846 3256 msisadrv - ok
09:09:46.0877 3256 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
09:09:46.0986 3256 MSiSCSI - ok
09:09:46.0986 3256 msiserver - ok
09:09:47.0033 3256 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
09:09:47.0189 3256 MSKSSRV - ok
09:09:47.0205 3256 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
09:09:47.0376 3256 MSPCLOCK - ok
09:09:47.0392 3256 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
09:09:47.0454 3256 MSPQM - ok
09:09:47.0517 3256 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
09:09:47.0532 3256 MsRPC - ok
09:09:47.0563 3256 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
09:09:47.0610 3256 mssmbios - ok
09:09:47.0626 3256 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
09:09:47.0688 3256 MSTEE - ok
09:09:47.0719 3256 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
09:09:47.0751 3256 MTConfig - ok
09:09:47.0766 3256 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
09:09:47.0782 3256 Mup - ok
09:09:47.0922 3256 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
09:09:47.0938 3256 N360 - ok
09:09:48.0031 3256 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
09:09:48.0125 3256 napagent - ok
09:09:48.0203 3256 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
09:09:48.0265 3256 NativeWifiP - ok
09:09:48.0390 3256 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120925.018\ENG64.SYS
09:09:48.0437 3256 NAVENG - ok
09:09:48.0655 3256 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120925.018\EX64.SYS
09:09:48.0733 3256 NAVEX15 - ok
09:09:48.0827 3256 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\windows\system32\drivers\ndis.sys
09:09:48.0874 3256 NDIS - ok
09:09:48.0889 3256 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
09:09:48.0952 3256 NdisCap - ok
09:09:48.0983 3256 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
09:09:49.0030 3256 NdisTapi - ok
09:09:49.0061 3256 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
09:09:49.0092 3256 Ndisuio - ok
09:09:49.0123 3256 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
09:09:49.0155 3256 NdisWan - ok
09:09:49.0186 3256 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
09:09:49.0264 3256 NDProxy - ok
09:09:49.0279 3256 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
09:09:49.0326 3256 NetBIOS - ok
09:09:49.0357 3256 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
09:09:49.0420 3256 NetBT - ok
09:09:49.0420 3256 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\windows\system32\lsass.exe
09:09:49.0435 3256 Netlogon - ok
09:09:49.0482 3256 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
09:09:49.0529 3256 Netman - ok
09:09:49.0623 3256 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
09:09:49.0701 3256 netprofm - ok
09:09:49.0763 3256 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:09:49.0794 3256 NetTcpPortSharing - ok
09:09:49.0841 3256 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
09:09:49.0857 3256 nfrd960 - ok
09:09:49.0966 3256 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
09:09:50.0028 3256 NlaSvc - ok
09:09:50.0044 3256 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
09:09:50.0106 3256 Npfs - ok
09:09:50.0122 3256 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
09:09:50.0169 3256 nsi - ok
09:09:50.0184 3256 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
09:09:50.0278 3256 nsiproxy - ok
09:09:50.0325 3256 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\windows\system32\drivers\Ntfs.sys
09:09:50.0449 3256 Ntfs - ok
09:09:50.0465 3256 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
09:09:50.0543 3256 Null - ok
09:09:50.0793 3256 [ D7A2CD1D76E6CC996A0852D566AF2F73 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
09:09:51.0105 3256 nvlddmkm - ok
09:09:51.0136 3256 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\windows\system32\drivers\nvraid.sys
09:09:51.0167 3256 nvraid - ok
09:09:51.0198 3256 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\windows\system32\drivers\nvstor.sys
09:09:51.0276 3256 nvstor - ok
09:09:51.0307 3256 [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64 C:\windows\system32\DRIVERS\nvstor64.sys
09:09:51.0354 3256 nvstor64 - ok
09:09:51.0385 3256 [ 59DD481E0063F8F7EA8B9F149FCACF32 ] nvsvc C:\Windows\system32\nvvsvc.exe
09:09:51.0495 3256 nvsvc - ok
09:09:51.0510 3256 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
09:09:51.0541 3256 nv_agp - ok
09:09:51.0604 3256 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:09:51.0635 3256 odserv - ok
09:09:51.0682 3256 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
09:09:51.0697 3256 ohci1394 - ok
09:09:51.0760 3256 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:09:51.0791 3256 ose - ok
09:09:51.0853 3256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
09:09:51.0916 3256 p2pimsvc - ok
09:09:51.0931 3256 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
09:09:51.0963 3256 p2psvc - ok
09:09:51.0994 3256 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
09:09:52.0041 3256 Parport - ok
09:09:52.0072 3256 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\windows\system32\drivers\partmgr.sys
09:09:52.0103 3256 partmgr - ok
09:09:52.0134 3256 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
09:09:52.0150 3256 PcaSvc - ok
09:09:52.0165 3256 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\windows\system32\drivers\pci.sys
09:09:52.0197 3256 pci - ok
09:09:52.0228 3256 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
09:09:52.0259 3256 pciide - ok
09:09:52.0290 3256 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
09:09:52.0306 3256 pcmcia - ok
09:09:52.0321 3256 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
09:09:52.0337 3256 pcw - ok
09:09:52.0368 3256 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
09:09:52.0415 3256 PEAUTH - ok
09:09:52.0462 3256 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
09:09:52.0509 3256 PerfHost - ok
09:09:52.0587 3256 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
09:09:52.0680 3256 pla - ok
09:09:52.0789 3256 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
09:09:52.0836 3256 PlugPlay - ok
09:09:52.0852 3256 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
09:09:52.0867 3256 PNRPAutoReg - ok
09:09:52.0899 3256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
09:09:52.0914 3256 PNRPsvc - ok
09:09:52.0977 3256 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\windows\system32\DRIVERS\point64.sys
09:09:53.0023 3256 Point64 - ok
09:09:53.0133 3256 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
09:09:53.0195 3256 PolicyAgent - ok
09:09:53.0257 3256 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
09:09:53.0320 3256 Power - ok
09:09:53.0351 3256 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
09:09:53.0382 3256 PptpMiniport - ok
09:09:53.0413 3256 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
09:09:53.0429 3256 Processor - ok
09:09:53.0491 3256 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\windows\system32\profsvc.dll
09:09:53.0507 3256 ProfSvc - ok
09:09:53.0569 3256 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\windows\system32\lsass.exe
09:09:53.0601 3256 ProtectedStorage - ok
09:09:53.0632 3256 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
09:09:53.0663 3256 Psched - ok
09:09:53.0725 3256 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
09:09:53.0835 3256 ql2300 - ok
09:09:53.0850 3256 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
09:09:53.0866 3256 ql40xx - ok
09:09:53.0897 3256 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
09:09:53.0913 3256 QWAVE - ok
09:09:53.0944 3256 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
09:09:53.0991 3256 QWAVEdrv - ok
09:09:54.0006 3256 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
09:09:54.0084 3256 RasAcd - ok
09:09:54.0115 3256 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
09:09:54.0147 3256 RasAgileVpn - ok
09:09:54.0209 3256 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
09:09:54.0287 3256 RasAuto - ok
09:09:54.0303 3256 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
09:09:54.0349 3256 Rasl2tp - ok
09:09:54.0396 3256 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
09:09:54.0427 3256 RasMan - ok
09:09:54.0459 3256 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
09:09:54.0505 3256 RasPppoe - ok
09:09:54.0537 3256 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
09:09:54.0568 3256 RasSstp - ok
09:09:54.0583 3256 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
09:09:54.0646 3256 rdbss - ok
09:09:54.0661 3256 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
09:09:54.0708 3256 rdpbus - ok
09:09:54.0724 3256 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
09:09:54.0755 3256 RDPCDD - ok
09:09:54.0817 3256 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
09:09:54.0864 3256 RDPENCDD - ok
09:09:54.0895 3256 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
09:09:54.0927 3256 RDPREFMP - ok
09:09:54.0958 3256 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
09:09:55.0051 3256 RDPWD - ok
09:09:55.0067 3256 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\windows\system32\drivers\rdyboost.sys
09:09:55.0083 3256 rdyboost - ok
09:09:55.0114 3256 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
09:09:55.0161 3256 RemoteAccess - ok
09:09:55.0192 3256 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
09:09:55.0270 3256 RemoteRegistry - ok
09:09:55.0285 3256 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
09:09:55.0332 3256 RpcEptMapper - ok
09:09:55.0363 3256 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
09:09:55.0426 3256 RpcLocator - ok
09:09:55.0566 3256 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\system32\rpcss.dll
09:09:55.0629 3256 RpcSs - ok
09:09:55.0644 3256 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
09:09:55.0691 3256 rspndr - ok
09:09:55.0722 3256 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
09:09:55.0816 3256 RTL8167 - ok
09:09:55.0831 3256 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\windows\system32\lsass.exe
09:09:55.0847 3256 SamSs - ok
09:09:55.0925 3256 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:09:55.0956 3256 SASDIFSV - ok
09:09:55.0987 3256 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:09:56.0003 3256 SASKUTIL - ok
09:09:56.0019 3256 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
09:09:56.0050 3256 sbp2port - ok
09:09:56.0081 3256 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
09:09:56.0143 3256 SCardSvr - ok
09:09:56.0159 3256 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
09:09:56.0206 3256 scfilter - ok
09:09:56.0299 3256 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\windows\system32\schedsvc.dll
09:09:56.0346 3256 Schedule - ok
09:09:56.0362 3256 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
09:09:56.0393 3256 SCPolicySvc - ok
09:09:56.0409 3256 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC  C:\windows\System32\SDRSVC.dll
09:09:56.0471 3256 SDRSVC - ok
09:09:56.0487 3256 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
09:09:56.0533 3256 secdrv - ok
09:09:56.0565 3256 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
09:09:56.0596 3256 seclogon - ok
09:09:56.0611 3256 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
09:09:56.0658 3256 SENS - ok
09:09:56.0674 3256 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
09:09:56.0736 3256 SensrSvc - ok
09:09:56.0767 3256 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
09:09:56.0783 3256 Serenum - ok
09:09:56.0814 3256 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
09:09:56.0830 3256 Serial - ok
09:09:56.0861 3256 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
09:09:56.0892 3256 sermouse - ok
09:09:56.0939 3256 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
09:09:57.0001 3256 SessionEnv - ok
09:09:57.0017 3256 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
09:09:57.0095 3256 sffdisk - ok
09:09:57.0095 3256 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
09:09:57.0142 3256 sffp_mmc - ok
09:09:57.0142 3256 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
09:09:57.0173 3256 sffp_sd - ok
09:09:57.0173 3256 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
09:09:57.0204 3256 sfloppy - ok
09:09:57.0267 3256 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
09:09:57.0298 3256 SharedAccess - ok
09:09:57.0360 3256 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:09:57.0391 3256 ShellHWDetection - ok
09:09:57.0438 3256 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
09:09:57.0454 3256 SiSRaid2 - ok
09:09:57.0469 3256 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
09:09:57.0485 3256 SiSRaid4 - ok
09:09:57.0516 3256 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
09:09:57.0579 3256 Smb - ok
09:09:57.0625 3256 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
09:09:57.0657 3256 SNMPTRAP - ok
09:09:57.0688 3256 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
09:09:57.0703 3256 spldr - ok
09:09:57.0813 3256 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\windows\System32\spoolsv.exe
09:09:57.0859 3256 Spooler - ok
09:09:58.0015 3256 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
09:09:58.0078 3256 sppsvc - ok
09:09:58.0109 3256 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
09:09:58.0156 3256 sppuinotify - ok
09:09:58.0234 3256 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\windows\System32\Drivers\N360x64\0603000.00E\SRTSP64.SYS
09:09:58.0296 3256 SRTSP - ok
09:09:58.0312 3256 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS
09:09:58.0327 3256 SRTSPX - ok
09:09:58.0359 3256 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\windows\system32\DRIVERS\srv.sys
09:09:58.0437 3256 srv - ok
09:09:58.0468 3256 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
09:09:58.0499 3256 srv2 - ok
09:09:58.0530 3256 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
09:09:58.0593 3256 srvnet - ok
09:09:58.0624 3256 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
09:09:58.0671 3256 SSDPSRV - ok
09:09:58.0686 3256 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
09:09:58.0733 3256 SstpSvc - ok
09:09:58.0780 3256 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
09:09:58.0827 3256 stisvc - ok
09:09:58.0858 3256 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
09:09:58.0873 3256 swenum - ok
09:09:58.0889 3256 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
09:09:58.0951 3256 swprv - ok
09:09:58.0998 3256 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS
09:09:59.0029 3256 SymDS - ok
09:09:59.0061 3256 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS
09:09:59.0107 3256 SymEFA - ok
09:09:59.0139 3256 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
09:09:59.0170 3256 SymEvent - ok
09:09:59.0185 3256 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS
09:09:59.0201 3256 SymIRON - ok
09:09:59.0217 3256 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS
09:09:59.0232 3256 SymNetS - ok
09:09:59.0326 3256 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
09:09:59.0373 3256 SysMain - ok
09:09:59.0388 3256 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
09:09:59.0404 3256 TabletInputService - ok
09:09:59.0435 3256 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
09:09:59.0482 3256 TapiSrv - ok
09:09:59.0513 3256 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
09:09:59.0544 3256 TBS - ok
09:09:59.0607 3256 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
09:09:59.0700 3256 Tcpip - ok
09:09:59.0778 3256 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
09:09:59.0809 3256 TCPIP6 - ok
09:09:59.0841 3256 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
09:09:59.0887 3256 tcpipreg - ok
09:09:59.0919 3256 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
09:09:59.0981 3256 TDPIPE - ok
09:09:59.0997 3256 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
09:10:00.0059 3256 TDTCP - ok
09:10:00.0075 3256 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
09:10:00.0137 3256 tdx - ok
09:10:00.0168 3256 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\drivers\termdd.sys
09:10:00.0184 3256 TermDD - ok
09:10:00.0215 3256 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
09:10:00.0293 3256 TermService - ok
09:10:00.0324 3256 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
09:10:00.0340 3256 Themes - ok
09:10:00.0371 3256 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
09:10:00.0402 3256 THREADORDER - ok
09:10:00.0418 3256 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
09:10:00.0449 3256 TrkWks - ok
09:10:00.0527 3256 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
09:10:00.0574 3256 TrustedInstaller - ok
09:10:00.0589 3256 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
09:10:00.0636 3256 tssecsrv - ok
09:10:00.0683 3256 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
09:10:00.0745 3256 tunnel - ok
09:10:00.0777 3256 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
09:10:00.0792 3256 uagp35 - ok
09:10:00.0808 3256 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\windows\system32\DRIVERS\udfs.sys
09:10:00.0855 3256 udfs - ok
09:10:00.0870 3256 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
09:10:00.0901 3256 UI0Detect - ok
09:10:00.0917 3256 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
09:10:00.0948 3256 uliagpkx - ok
09:10:00.0979 3256 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\drivers\umbus.sys
09:10:00.0979 3256 umbus - ok
09:10:00.0995 3256 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
09:10:01.0026 3256 UmPass - ok
09:10:01.0057 3256 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
09:10:01.0104 3256 Updater Service - ok
09:10:01.0135 3256 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
09:10:01.0198 3256 upnphost - ok
09:10:01.0245 3256 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
09:10:01.0307 3256 USBAAPL64 - ok
09:10:01.0323 3256 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\windows\system32\drivers\usbccgp.sys
09:10:01.0385 3256 usbccgp - ok
09:10:01.0416 3256 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
09:10:01.0479 3256 usbcir - ok
09:10:01.0494 3256 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
09:10:01.0541 3256 usbehci - ok
09:10:01.0603 3256 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
09:10:01.0650 3256 usbhub - ok
09:10:01.0650 3256 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
09:10:01.0681 3256 usbohci - ok
09:10:01.0728 3256 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
09:10:01.0759 3256 usbprint - ok
09:10:01.0791 3256 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
09:10:01.0837 3256 usbscan - ok
09:10:01.0853 3256 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
09:10:01.0931 3256 USBSTOR - ok
09:10:01.0947 3256 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\windows\system32\drivers\usbuhci.sys
09:10:01.0962 3256 usbuhci - ok
09:10:01.0978 3256 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
09:10:02.0025 3256 UxSms - ok
09:10:02.0040 3256 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\windows\system32\lsass.exe
09:10:02.0056 3256 VaultSvc - ok
09:10:02.0071 3256 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
09:10:02.0087 3256 vdrvroot - ok
09:10:02.0118 3256 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
09:10:02.0165 3256 vds - ok
09:10:02.0165 3256 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
09:10:02.0181 3256 vga - ok
09:10:02.0196 3256 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
09:10:02.0243 3256 VgaSave - ok
09:10:02.0274 3256 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
09:10:02.0290 3256 vhdmp - ok
09:10:02.0305 3256 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
09:10:02.0321 3256 viaide - ok
09:10:02.0337 3256 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\drivers\volmgr.sys
09:10:02.0352 3256 volmgr - ok
09:10:02.0368 3256 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
09:10:02.0383 3256 volmgrx - ok
09:10:02.0399 3256 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\windows\system32\drivers\volsnap.sys
09:10:02.0430 3256 volsnap - ok
09:10:02.0461 3256 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
09:10:02.0477 3256 vsmraid - ok
09:10:02.0524 3256 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
09:10:02.0586 3256 VSS - ok
09:10:02.0617 3256 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
09:10:02.0664 3256 vwifibus - ok
09:10:02.0695 3256 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
09:10:02.0727 3256 W32Time - ok
09:10:02.0773 3256 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
09:10:02.0805 3256 WacomPen - ok
09:10:02.0836 3256 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
09:10:02.0883 3256 WANARP - ok
09:10:02.0883 3256 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
09:10:02.0929 3256 Wanarpv6 - ok
09:10:03.0007 3256 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
09:10:03.0054 3256 WatAdminSvc - ok
09:10:03.0101 3256 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
09:10:03.0179 3256 wbengine - ok
09:10:03.0210 3256 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
09:10:03.0226 3256 WbioSrvc - ok
09:10:03.0257 3256 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\windows\System32\wcncsvc.dll
09:10:03.0335 3256 wcncsvc - ok
09:10:03.0351 3256 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
09:10:03.0382 3256 WcsPlugInService - ok
09:10:03.0397 3256 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
09:10:03.0413 3256 Wd - ok
09:10:03.0444 3256 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
09:10:03.0460 3256 Wdf01000 - ok
09:10:03.0475 3256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
09:10:03.0491 3256 WdiServiceHost - ok
09:10:03.0507 3256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
09:10:03.0522 3256 WdiSystemHost - ok
09:10:03.0538 3256 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\windows\System32\webclnt.dll
09:10:03.0585 3256 WebClient - ok
09:10:03.0600 3256 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
09:10:03.0663 3256 Wecsvc - ok
09:10:03.0678 3256 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
09:10:03.0709 3256 wercplsupport - ok
09:10:03.0741 3256 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
09:10:03.0803 3256 WerSvc - ok
09:10:03.0850 3256 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
09:10:03.0881 3256 WfpLwf - ok
09:10:03.0897 3256 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
09:10:03.0912 3256 WIMMount - ok
09:10:03.0959 3256 WinDefend - ok
09:10:03.0975 3256 WinHttpAutoProxySvc - ok
09:10:04.0021 3256 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
09:10:04.0053 3256 Winmgmt - ok
09:10:04.0115 3256 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
09:10:04.0255 3256 WinRM - ok
09:10:04.0318 3256 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
09:10:04.0349 3256 WinUsb - ok
09:10:04.0380 3256 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
09:10:04.0427 3256 Wlansvc - ok
09:10:04.0567 3256 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:10:04.0614 3256 wlidsvc - ok
09:10:04.0630 3256 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
09:10:04.0661 3256 WmiAcpi - ok
09:10:04.0677 3256 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
09:10:04.0723 3256 wmiApSrv - ok
09:10:04.0739 3256 WMPNetworkSvc - ok
09:10:04.0739 3256 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
09:10:04.0770 3256 WPCSvc - ok
09:10:04.0833 3256 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
09:10:04.0848 3256 WPDBusEnum - ok
09:10:04.0895 3256 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
09:10:04.0973 3256 ws2ifsl - ok
09:10:05.0035 3256 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\windows\system32\wscsvc.dll
09:10:05.0113 3256 wscsvc - ok
09:10:05.0113 3256 WSearch - ok
09:10:05.0191 3256 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
09:10:05.0269 3256 wuauserv - ok
09:10:05.0285 3256 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
09:10:05.0332 3256 WudfPf - ok
09:10:05.0347 3256 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
09:10:05.0394 3256 WUDFRd - ok
09:10:05.0425 3256 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\windows\System32\WUDFSvc.dll
09:10:05.0457 3256 wudfsvc - ok
09:10:05.0488 3256 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
09:10:05.0535 3256 WwanSvc - ok
09:10:05.0581 3256 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
09:10:05.0644 3256 xusb21 - ok
09:10:05.0659 3256 ================ Scan global ===============================
09:10:05.0675 3256 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
09:10:05.0737 3256 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\windows\system32\winsrv.dll
09:10:05.0769 3256 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\windows\system32\winsrv.dll
09:10:05.0800 3256 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
09:10:05.0831 3256 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
09:10:05.0831 3256 [Global] - ok
09:10:05.0831 3256 ================ Scan MBR ==================================
09:10:05.0847 3256 [ 8C9F9E03865C35F0F3829A23CDA42F5D ] \Device\Harddisk0\DR0
09:10:08.0077 3256 \Device\Harddisk0\DR0 - ok
09:10:08.0093 3256 ================ Scan VBR ==================================
09:10:08.0109 3256 [ D10BA6D08B60165E9C0425C6F073849A ] \Device\Harddisk0\DR0\Partition1
09:10:08.0140 3256 \Device\Harddisk0\DR0\Partition1 - ok
09:10:08.0171 3256 [ EA64A96D67B2DE6785AB34D091B8CE51 ] \Device\Harddisk0\DR0\Partition2
09:10:08.0171 3256 \Device\Harddisk0\DR0\Partition2 - ok
09:10:08.0202 3256 [ D8FDD9B9A33CB9D6E6D167645E490295 ] \Device\Harddisk0\DR0\Partition3
09:10:08.0202 3256 \Device\Harddisk0\DR0\Partition3 - ok
09:10:08.0218 3256 ============================================================
09:10:08.0218 3256 Scan finished
09:10:08.0218 3256 ============================================================
09:10:08.0233 3276 Detected object count: 4
09:10:08.0233 3276 Actual detected object count: 4
09:10:43.0973 3276 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
09:10:43.0973 3276 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:10:43.0989 3276 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
09:10:43.0989 3276 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:10:43.0989 3276 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
09:10:43.0989 3276 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:10:43.0989 3276 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
09:10:43.0989 3276 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:12:24.0421 3332 Deinitialize success


----------



## Mark1956 (May 7, 2011)

Great, booting back to normal and TDSSKiller has worked, the scan is clean.

We just need to delete the Rogue partition and then run a few scans to check for any residual infections.

Either use the Repair boot disc or select the 'Repair Your Computer' option from the Advanced Boot menu to get to the Recovery Environment (Command prompt).


Type *diskpart* at the prompt and hit *Enter*, in a short while you should see *DISKPART>*
Type *select disk 0* (*NOTE:* that is a zero not the letter O) and hit *Enter*
You should now see *Disk 0 is now the selected disk.* and *DISKPART>* on the next line.
Type *select partition 4* and hit the *Enter* key.
Type *delete partition* and hit the *Enter* key.
That should do it. Now type *exit* hit *Enter* then type *exit* again, hit *Enter* and the command prompt will close.
Then remove the boot CD (if used) and click on *Restart* at the bottom of the *System Recovery Options *box.
When complete please check for any signs of the original problem.

Please also run RogueKiller and Combofix and post both the new logs.


----------



## Nymfor (Sep 20, 2012)

ComboFix 12-09-26.02 - Megan 09/26/2012 10:29:11.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2700 [GMT -6:00]
Running from: c:\users\Megan\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 16:38 . 2012-09-26 16:38 -------- d-----w- c:\users\Megan and Trevor\AppData\Local\temp
2012-09-26 16:38 . 2012-09-26 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-25 19:13 . 2012-09-25 19:13 -------- d-----w- C:\FRST
2012-09-24 18:14 . 2012-09-24 18:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-24 16:45 . 2012-09-24 16:45 -------- d-----w- c:\users\Megan\Doctor Web
2012-09-21 00:17 . 2012-09-21 00:26 -------- d-----w- c:\users\Megan\AppData\Local\NPE
2012-09-20 22:31 . 2012-09-20 22:31 -------- d-----w- c:\windows\system32\SPReview
2012-09-19 01:27 . 2012-09-19 01:27 -------- d-----w- C:\N360_BACKUP
2012-09-19 01:12 . 2012-09-19 01:12 -------- d-----w- c:\users\Megan\AppData\Roaming\PC Utility Kit
2012-09-19 01:12 . 2012-09-19 01:12 -------- d-----w- c:\users\Megan\AppData\Roaming\DriverCure
2012-09-19 01:12 . 2012-09-19 01:16 -------- d-----w- c:\programdata\PC Utility Kit
2012-09-18 22:40 . 2012-09-21 16:28 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- C:\Intel
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- c:\users\Megan\AppData\Roaming\InstallShield
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- c:\program files (x86)\Intel
2012-09-18 05:00 . 2012-09-18 05:00 -------- d-----w- c:\users\Megan\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 04:59 . 2012-09-18 04:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-18 00:08 . 2012-09-18 22:34 -------- d-----w- c:\users\Megan\AppData\Local\LogMeIn Rescue Applet
2012-09-17 23:42 . 2012-09-17 23:42 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-09-17 23:42 . 2012-09-17 23:42 -------- d-----w- c:\program files\Symantec
2012-09-17 23:42 . 2012-09-17 23:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-09-17 23:41 . 2012-09-18 22:34 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-09-17 23:41 . 2012-09-17 23:41 -------- d-----w- c:\program files (x86)\Norton 360
2012-09-17 23:40 . 2012-09-17 23:40 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-09-16 14:30 . 2012-09-16 14:32 -------- d-----w- C:\Symbols
2012-09-16 13:46 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2012-09-16 01:54 . 2012-09-23 03:25 -------- d-----w- c:\users\Megan\AppData\Local\Diagnostics
2012-09-15 20:09 . 2012-09-15 20:09 -------- d-----w- c:\windows\CheckSur
2012-09-15 14:33 . 2012-07-26 18:02 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 14:18 . 2012-09-15 14:18 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2012-09-15 00:36 . 2012-09-15 00:36 -------- d-----w- c:\windows\system32\EventProviders
2012-09-13 19:34 . 2012-09-13 19:34 -------- d-----w- c:\users\Megan\AppData\Roaming\PC Cleaners
2012-09-13 19:34 . 2012-09-13 19:34 4571448 ----a-w- c:\windows\uninst.exe
2012-09-13 19:34 . 2012-09-13 19:34 -------- d-----w- c:\users\Megan\AppData\Roaming\PCPro
2012-09-13 19:34 . 2012-09-13 19:34 -------- d-----w- c:\programdata\PC1Data
2012-09-13 03:11 . 2012-09-13 03:11 -------- d-----w- c:\users\Megan\AppData\Roaming\AVG
2012-09-13 03:10 . 2012-09-13 03:12 -------- d-----w- c:\programdata\AVG
2012-09-13 03:10 . 2012-09-13 03:10 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-12 22:39 . 2012-09-12 22:39 -------- d-----w- c:\users\Megan\AppData\Roaming\TuneUp Software
2012-09-12 22:22 . 2012-09-12 22:22 -------- d--h--w- c:\programdata\Common Files
2012-09-12 13:07 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:07 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-08-28 21:05 . 2012-08-28 21:06 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 19:48 . 2010-05-19 19:05 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-21 19:47 . 2010-05-19 19:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-21 16:28 . 2011-05-28 22:00 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 22:59 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-20 22:59 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2012-09-12 13:50 . 2011-01-26 10:00 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 19:04 . 2010-05-09 15:45 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-31 19:04 . 2010-06-02 19:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-15 20:29 . 2010-05-09 15:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-08-15 20:27 . 2010-05-09 15:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-13 15:36 . 2011-02-14 02:19 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-26 18:02 . 2011-01-26 02:18 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-18 17:31 . 2012-08-14 19:24 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:04 . 2012-08-14 19:24 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:01 . 2012-08-14 19:24 58880 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:01 . 2012-08-14 19:24 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:23 . 2012-08-14 19:24 41472 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-21 5664640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2010-01-20 40320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-12-10 517632]
R4 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2011-08-15 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-09-05 1385120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120925.001\IDSvia64.sys [2012-09-17 513184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2011-11-16 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [2011-11-16 405624]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-18 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 16:28]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003Core.job
- c:\users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 16:47]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003UA.job
- c:\users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 16:47]
.
2012-09-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b3ad1a20-451f-4def-a145-a38e342ac49a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e0b112ca-1a88-49ac-9737-e29139d68c68.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-26 10:50:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-26 16:50
ComboFix2.txt 2012-09-25 01:49
ComboFix3.txt 2012-09-20 18:36
.
Pre-Run: 625,703,788,544 bytes free
Post-Run: 625,276,153,856 bytes free
.
- - End Of File - - CB2342E32DFD70C1B86CB0FBF7952C4D

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Megan [Admin rights]
Mode : Scan -- Date : 09/26/2012 10:20:41
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++
--- User ---
[MBR] 82526e4a8b51a12dd257c8ab32455040
[BSP] 496fff889250efa3b6cace997732a2d0 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 699928 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


----------



## Mark1956 (May 7, 2011)

Its all looking good, how is it running now and, as asked in my last post, has the original problem gone?

Please run this to check for anything that needs updating:

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Then just one more deep scan, this may take a couple of hours to run, please don't interrupt it. As long as there are no remaining issues with your system this will be the last one before we clean out the tools used.

*Eset online scan instructions.*
*IMPORTANT --->* Please make sure you follow the instruction to *uncheck* the box next to *Remove found threats*. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.

Disable your existing Anti Virus following these instructions.
Please go here to use the Eset Online Scanner.
When the web page opens click on this button








If you are not using *Internet Explorer* you will see a message box open asking you to to download the *ESET Smart Installer*, click on the link and allow it to download and then run it. Accept the *Terms of use* and click on *Start*. The required components will download.
If using Internet Explorer the *Terms of use* box will open immediately, accept it and click on *Start*.
After the download is complete the *Computer scan settings* window will open, *IMPORTANT ---->* *uncheck* the box next to *Remove found threats* and click on *Start*. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. *Do not* interrupt it, be patient and let it finish.
A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select *Paste* and the report will appear, add any comments you have and post the reply.
Back on the *Eset* window, click the *Back* button and then click on *Finish*.


----------



## Nymfor (Sep 20, 2012)

Everything seems to be running really good now  I will get to work on your latest instructions and report back to you. Thanks again.

For the eset online scan, does it use up net usage as my internet service goes by usage for the month.


----------



## Nymfor (Sep 20, 2012)

Results of screen317's Security Check version 0.99.51 
Windows 7 x64 (UAC is enabled) 
*Out of date service pack!!* 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Norton 360 
WMI entry may not exist for antivirus; attempting automatic update. 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.65.0.1400 
Adobe Flash Player 11.4.402.278 
Adobe Reader 9 *Adobe Reader out of Date!* 
*````````Process Check: objlist.exe by Laurent````````* 
Norton ccSvcHst.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 5% 
*````````````````````End of Log``````````````````````*


----------



## Mark1956 (May 7, 2011)

You're welcome, good to hear all is well. I can see a few remnants of these programs in the Combofix log:

TuneUp Software
PCPro
PC Cleaners
CheckSur
PC Utility Kit 

Please uninstall any that can still to be found in Programs and Features. Optimizer and Tune up programs are a waste of time and can often do more harm than good.

There are also a couple of leftovers from AVG. Once you have completed the above please post a fresh log from DDS, just the DDS.txt log will do. I can then make sure there are no other remnants to take out.

EDIT I see the Security check logshowing a couple of things need attention. I suspect you are running Eset now so when it finishes please see if Windows Update is working again, we might have to do a repair on that if it has been damaged by the Rootkit.


----------



## Nymfor (Sep 20, 2012)

I am having some issues getting the ESET to run, i can't get past the agree page, it doesn't seem to let me download the program to view the page to start the scan.

I looked through the list for the programs you told me to unistall but I can't find them in the programs and features list.

ETA: I got the ESET to work getting ready to start the scan now


----------



## Mark1956 (May 7, 2011)

Ok, I thought those entries for the old programs were probablly remnants so after the Eset results we shall clean them up.


----------



## Nymfor (Sep 20, 2012)

The ESET just finished and found no threats.


----------



## Mark1956 (May 7, 2011)

Great, now before we start cleaning up try Windows Update and see if it is working. Open it up through the Control Panel and click on Check for Updates in the left pane. Tell me what happens and if there are any error messages.


----------



## Nymfor (Sep 20, 2012)

Im about to try the update now, I will post once done, or if there are any errors.


----------



## Mark1956 (May 7, 2011)

:up:


----------



## Nymfor (Sep 20, 2012)

atm the installation is stuck at 58% not is it's just because it's a big install or if I should restart my computer and try again.


----------



## Mark1956 (May 7, 2011)

If that situation has not improved by now cancel the download, the good news is that Windows Update is working but there is probably some corruption in the folder it downloads to.

Open Windows Explorer and click on the C: drive in the left pane. In the right pane double click on Windows, then scroll down to Software Distribution and double click on that. You will now only see a few folders in the list, right click on the Downloads folder and select Delete.

Reboot the PC and start Windows Update again.


----------



## Nymfor (Sep 20, 2012)

I got it to go further when I restarted my computer. Just waiting for it to go to the installing blue screen. If this doesn't work then I'll do the steps you suggested as the windows update is running atm on my computer.


----------



## Mark1956 (May 7, 2011)

Ok, I suspect that is Service Pack 1 downloading which is a big update, so that could explain why it is taking so long. Big updates can fail now and again due to the load on the servers. Sounds like you are getting there. The install will take a while also.

I am turning in now so will be back to see what has happened in the morning. Don't forget to run DDS again so I can review the log for anything else that needs to be removed.


----------



## Nymfor (Sep 20, 2012)

The windows update worked :up:


----------



## Nymfor (Sep 20, 2012)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by Megan at 17:27:47 on 2012-09-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2242 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program Files (x86)/Mystery P.I. - Stolen in San Francisco/Images/stg_drm.ocx
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program Files (x86)/Mystery P.I. - Stolen in San Francisco/Images/armhelper.ocx
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://merlin.telus.net/wizlet/Merlin11/static/controls/TELUSHighSpeedInstallWizard_Combined.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0DA3F6CC-AF3E-40C9-AB15-B76D22492F57} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{87068506-9FA7-4C9D-AECB-CC56ACEF540F} : DhcpNameServer = 192.168.2.1
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120]
R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120925.001\IDSviA64.sys [2012-9-25 513184]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe [2012-9-17 138272]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-18 138912]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-18 250288]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\windows\system32\DRIVERS\btblan.sys --> C:\windows\system32\DRIVERS\btblan.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-17 676936]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-4-8 517632]
S4 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-14 240160]
.
=============== Created Last 30 ================
.
2012-09-26 23:04:51 -------- d-----w- C:\windows\System32\SPReview
2012-09-26 16:39:58 -------- d-----w- C:\$RECYCLE.BIN
2012-09-25 19:13:23 -------- d-----w- C:\FRST
2012-09-24 18:14:25 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-24 16:45:02 -------- d-----w- C:\Users\Megan\Doctor Web
2012-09-21 00:17:35 -------- d-----w- C:\Users\Megan\AppData\Local\NPE
2012-09-20 17:31:59 98816 ----a-w- C:\windows\sed.exe
2012-09-20 17:31:59 518144 ----a-w- C:\windows\SWREG.exe
2012-09-20 17:31:59 256000 ----a-w- C:\windows\PEV.exe
2012-09-20 17:31:59 208896 ----a-w- C:\windows\MBR.exe
2012-09-19 01:27:44 -------- d-----w- C:\N360_BACKUP
2012-09-19 01:12:53 -------- d-----w- C:\Users\Megan\AppData\Roaming\PC Utility Kit
2012-09-19 01:12:53 -------- d-----w- C:\Users\Megan\AppData\Roaming\DriverCure
2012-09-19 01:12:35 -------- d-----w- C:\ProgramData\PC Utility Kit
2012-09-18 22:40:17 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-18 05:06:18 -------- d-----w- C:\Intel
2012-09-18 05:00:05 -------- d-----w- C:\Users\Megan\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 04:59:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-18 04:33:19 737952 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys
2012-09-18 04:33:19 451192 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\symds64.sys
2012-09-18 04:33:19 405624 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\symnets.sys
2012-09-18 04:33:19 37536 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys
2012-09-18 04:33:19 190072 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\ironx64.sys
2012-09-18 04:33:19 167072 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys
2012-09-18 04:33:19 1129120 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\symefa64.sys
2012-09-18 04:33:11 -------- d-----w- C:\windows\System32\drivers\N360x64\0603000.00E
2012-09-18 00:08:07 -------- d-----w- C:\Users\Megan\AppData\Local\LogMeIn Rescue Applet
2012-09-17 23:42:09 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-09-17 23:42:08 -------- d-----w- C:\Program Files\Symantec
2012-09-17 23:42:08 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-09-17 23:41:03 -------- d-----w- C:\windows\System32\drivers\N360x64
2012-09-17 23:41:01 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-09-17 23:40:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-09-16 14:30:59 -------- d-----w- C:\Symbols
2012-09-16 01:54:58 -------- d-----w- C:\Users\Megan\AppData\Local\Diagnostics
2012-09-15 20:09:30 -------- d-----w- C:\windows\CheckSur
2012-09-15 14:33:09 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-09-15 14:18:59 -------- d-----w- C:\windows\SysWow64\N360_BACKUP
2012-09-15 00:36:45 -------- d-----w- C:\windows\System32\EventProviders
2012-09-13 19:34:42 -------- d-----w- C:\Users\Megan\AppData\Roaming\PC Cleaners
2012-09-13 19:34:33 4571448 ----a-w- C:\windows\uninst.exe
2012-09-13 19:34:32 -------- d-----w- C:\Users\Megan\AppData\Roaming\PCPro
2012-09-13 19:34:32 -------- d-----w- C:\ProgramData\PC1Data
2012-09-13 03:11:29 -------- d-----w- C:\Users\Megan\AppData\Roaming\AVG
2012-09-13 03:10:49 -------- d-----w- C:\ProgramData\AVG
2012-09-13 03:10:34 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-12 22:39:16 -------- d-----w- C:\Users\Megan\AppData\Roaming\TuneUp Software
2012-09-12 22:22:42 -------- d--h--w- C:\ProgramData\Common Files
2012-09-12 13:07:47 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-12 13:07:47 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-08-28 21:05:44 -------- d-----w- C:\ProgramData\Battle.net
.
==================== Find3M ====================
.
2012-09-26 23:10:30 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-09-26 23:10:26 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-09-21 16:28:18 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-07-26 18:02:22 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
.
============= FINISH: 17:30:34.86 ===============


----------



## Mark1956 (May 7, 2011)

Good progress, now to remove some left overs. Post the log when done.

All we need to do after this is a couple of updates and clean out all the tools used, so we are nearly there.

We are now going to run ComboFix a different way.
Open Notepad by clicking on







and in the *Search* box type: *Notepad.exe* and hit *Enter*.
Copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._

```
KillAll::
DDS::
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection - No File
Folder::
C:\Users\Megan\AppData\Roaming\PC Utility Kit
C:\ProgramData\PC Utility Kit
C:\Users\Megan\AppData\Roaming\PC Cleaners
C:\Users\Megan\AppData\Roaming\PCPro
C:\Users\Megan\AppData\Roaming\AVG
C:\ProgramData\AVG
C:\Users\Megan\AppData\Roaming\TuneUp Software
ClearJavaCache::
Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.








This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.
NOTE: if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.


----------



## Nymfor (Sep 20, 2012)

ComboFix 12-09-26.02 - Megan 09/27/2012 6:36.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2733 [GMT -6:00]
Running from: c:\users\Megan\Desktop\ComboFix.exe
Command switches used :: c:\users\Megan\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AVG
c:\programdata\AVG\AWL\Program Statistics\ProgramStatistics.10.tudb
c:\programdata\AVG\AWL\scsi#disk&ven_st375052&prod_8as#4&a9a743b&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.xml
c:\programdata\AVG\AWL\TUProgMan.10.tudb
c:\programdata\AVG\AWL\TUProgManagerCache.10.tudb
c:\programdata\AVG\AWL\TUTuningIndex.10.2.tudb
c:\programdata\AVG\AWL\TUUtilitiesSvc.12.tudb
c:\programdata\AVG\AWL2012\TTUSvc.tt
c:\programdata\AVG\AWL2012\TUProgRating.10.tudb
c:\programdata\AVG\AWL2012\TUReportData.10.tudb
c:\programdata\PC Utility Kit
c:\users\Megan\AppData\Roaming\AVG
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000001.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000002.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000003.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000004.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000005.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000006.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000007.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000008.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000009.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000010.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000011.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Dashboard\IntegratorStates_en-US.xml
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Speed Optimizer\SpeedOptimizerStates.xml
c:\users\Megan\AppData\Roaming\AVG\AWL2012\StartUp Manager\PreviousEntries.dat
c:\users\Megan\AppData\Roaming\PC Cleaners
c:\users\Megan\AppData\Roaming\PC Cleaners\app.log
c:\users\Megan\AppData\Roaming\PC Utility Kit
c:\users\Megan\AppData\Roaming\PCPro
c:\users\Megan\AppData\Roaming\PCPro\phone\phone.bmp
c:\users\Megan\AppData\Roaming\PCPro\phone\phone.txt
c:\users\Megan\AppData\Roaming\PCPro\phone\tips.txt
c:\users\Megan\AppData\Roaming\PCPro\settings.txt
c:\users\Megan\AppData\Roaming\TuneUp Software
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 12:43 . 2012-09-27 12:43 -------- d-----w- c:\users\Megan and Trevor\AppData\Local\temp
2012-09-27 12:43 . 2012-09-27 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-26 23:04 . 2012-09-26 23:04 -------- d-----w- c:\windows\system32\SPReview
2012-09-25 19:13 . 2012-09-25 19:13 -------- d-----w- C:\FRST
2012-09-24 18:14 . 2012-09-24 18:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-24 16:45 . 2012-09-24 16:45 -------- d-----w- c:\users\Megan\Doctor Web
2012-09-21 00:17 . 2012-09-21 00:26 -------- d-----w- c:\users\Megan\AppData\Local\NPE
2012-09-19 01:27 . 2012-09-19 01:27 -------- d-----w- C:\N360_BACKUP
2012-09-19 01:12 . 2012-09-19 01:12 -------- d-----w- c:\users\Megan\AppData\Roaming\DriverCure
2012-09-18 22:40 . 2012-09-21 16:28 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- C:\Intel
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- c:\users\Megan\AppData\Roaming\InstallShield
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- c:\program files (x86)\Intel
2012-09-18 05:00 . 2012-09-18 05:00 -------- d-----w- c:\users\Megan\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 04:59 . 2012-09-18 04:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-18 00:08 . 2012-09-18 22:34 -------- d-----w- c:\users\Megan\AppData\Local\LogMeIn Rescue Applet
2012-09-17 23:42 . 2012-09-17 23:42 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-09-17 23:42 . 2012-09-17 23:42 -------- d-----w- c:\program files\Symantec
2012-09-17 23:42 . 2012-09-17 23:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-09-17 23:41 . 2012-09-18 22:34 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-09-17 23:41 . 2012-09-17 23:41 -------- d-----w- c:\program files (x86)\Norton 360
2012-09-17 23:40 . 2012-09-17 23:40 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-09-16 14:30 . 2012-09-16 14:32 -------- d-----w- C:\Symbols
2012-09-16 01:54 . 2012-09-23 03:25 -------- d-----w- c:\users\Megan\AppData\Local\Diagnostics
2012-09-15 20:09 . 2012-09-15 20:09 -------- d-----w- c:\windows\CheckSur
2012-09-15 14:33 . 2012-07-26 18:02 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 14:18 . 2012-09-15 14:18 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2012-09-15 00:36 . 2012-09-15 00:36 -------- d-----w- c:\windows\system32\EventProviders
2012-09-13 19:34 . 2012-09-13 19:34 4571448 ----a-w- c:\windows\uninst.exe
2012-09-13 19:34 . 2012-09-13 19:34 -------- d-----w- c:\programdata\PC1Data
2012-09-13 03:10 . 2012-09-13 03:10 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-12 22:22 . 2012-09-12 22:22 -------- d--h--w- c:\programdata\Common Files
2012-09-12 13:07 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:07 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-08-28 21:05 . 2012-08-28 21:06 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 23:10 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-26 23:10 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-21 19:48 . 2010-05-19 19:05 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-21 19:47 . 2010-05-19 19:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-21 16:28 . 2011-05-28 22:00 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 13:50 . 2011-01-26 10:00 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 19:04 . 2010-05-09 15:45 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-31 19:04 . 2010-06-02 19:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-15 20:29 . 2010-05-09 15:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-08-15 20:27 . 2010-05-09 15:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-13 15:36 . 2011-02-14 02:19 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-26 18:02 . 2011-01-26 02:18 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-18 18:15 . 2012-08-14 19:24 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-14 19:24 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-14 19:24 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-14 19:24 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-14 19:24 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-21 5664640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2010-01-20 40320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-12-10 517632]
R4 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2011-08-15 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-09-05 1385120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120926.001\IDSvia64.sys [2012-09-17 513184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2011-11-16 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [2011-11-16 405624]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-18 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 16:28]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003Core.job
- c:\users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 16:47]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003UA.job
- c:\users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 16:47]
.
2012-09-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b3ad1a20-451f-4def-a145-a38e342ac49a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e0b112ca-1a88-49ac-9737-e29139d68c68.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-27 06:49:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-27 12:49
ComboFix2.txt 2012-09-26 16:50
ComboFix3.txt 2012-09-25 01:49
ComboFix4.txt 2012-09-20 18:36
.
Pre-Run: 632,455,454,720 bytes free
Post-Run: 632,189,906,944 bytes free
.
- - End Of File - - F6997CB9C33BA087803B4CB6BBAC0A68


----------



## Mark1956 (May 7, 2011)

Now to update Adobe and install the latest version of Java and follow that with the clean up of the tools used.

*Adobe*
Close any programs you may have running - especially your web browser.
Click on Start







> *Control Panel*, double-click on Programs and Features and uninstall the following Adobe entries:

*Adobe Reader 9*

*NOTE:* For *XP* click on







> *Control Panel*, double-click on *Add or Remove Programs* and continue as above.
Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.










You will now see a page similar to this one:










All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for *Windows* Operating Systems and for *Internet Explorer* in *English*. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of *Windows* to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

_______________________________________________________________

*How to install the latest version of Java.*

Open the browser that you normally use and click on this link: Java Download
Click on the big red button *Free Java Download*
On the next page click on the big red button *Agree and Start Free Download*
Select *Run* whenever the option appears. If no *Run* option appears click on *Save* and then when the download completes click on *Run*. If a *User Account Control* warning appears click on *Continue*.
When the *Welcome to Java* window appears click on* Install*.
It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
If any error messages appear click on OK and then click on the *Agree and start free download* button again.
Please wait for the *Java Setup* window to appear. Uncheck the box to install the *Ask Toolbar* and then click on *Next*.
*NOTE: *The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
You will then see the *Java Setup Progress* window and another will appear for *JavaFX* (on some systems the JavaFX will not appear or be installed). Finally the *Java Setup Complete* window will appear, click on *Close*.
If a Java page then appears with a button to *Verify Java Version* click on it and it will verify the installation.
The Installation is now complete, please reboot the system.
*NOTE:* The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.
_________________________________________________________________

To re-enable your CD Emulation drivers if you disabled them, double click *DeFogger.exe* to run the tool again.

The application window will appear.
Click the *Re-enable* button to re-enable your CD Emulation drivers.
Click *Yes* to continue.
A *'Finished!*' message will appear.
Click *OK*.
DeFogger will now ask to reboot the machine...click *OK*.
To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click on Start







and type *Run* into the search box and hit *Enter*.
In the *Run* box type: *ComboFix /Uninstall* (Be sure to leave a space before the forward slash).










Click on *OK*.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).
*Next*

Download *OTC* by OldTimer and save it to your *desktop.*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose *Run as Administrator*
Then Click the big







button.
You will get a prompt saying "_Begin Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
-- Doing this will *remove* any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

*Please post back when this is complete and let me know if you have had any problems.*


----------



## Nymfor (Sep 20, 2012)

All done and cleaned up and everything is working great again. Thank you, thank you so much!!


----------



## Mark1956 (May 7, 2011)

You're most welcome, it has been a pleasure helping you.

As the infection you had may have compromised your systems security you should change passwords used on your PC for logging into any financial institutions.

I shall now mark this thread as Solved and leave you with some security advice, but please feel free to post back if you have any remaining issues or concerns.

There are many places where you will find security advice, but most are biased towards a particular item of software that they are trying to promote. I have given some unbiased advice below that should help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would often be the only way out.

*Some additional security measures.*
If your present security software does not include a third party Firewall or AntiSpyware.
Go Here for a selection of third party Firewalls.
Go Here or Here for Anti Spyware.

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of *Malwarebytes* with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites.

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. *WinPatrol* takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your *start up* programs.

Finally, make sure that Windows Update is turned on as many updates are to fix newly discovered security holes in the Windows Operating System. You should also make sure that any Java or Adobe products are kept up to date and any old versions are uninstalled. Never use Registry Cleaners as they can and do damage the systems registry and stay well clear of P2P file sharing sites as these are one of the best places to get your PC infected.


----------

