Solved I have the virus win32/small.ca on my laptop.

January 12, 2013 at 13:05:23
Specs: Windows 7 service pack 1, Intel(R) Core(TM)i3 CPU M370 @2.40ghz
I have the virus win32/small.ca on my laptop, how do I remove it from my system ? When I turned my laptop on earlier it bluescreened then restarted and gave me the opportunity to do a system restore then I did that and the laptop worked okay but when I looked at my system status it said that I have that virus and that microsoft suggests that I remove it but I am unsure of how to do that.

Thanks Jade


See More: I have the virus win32/small.ca on my laptop.

Report •


#1
January 12, 2013 at 13:09:40
✔ Best Answer
Download and run Rkill, to stop known malware from running (Note: Does not remove, only stops it) http://www.bleepingcomputer.com/dow...
Download and run Malwarebytes free, update and run a quick scan:
http://www.malwarebytes.org/product...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#2
January 12, 2013 at 13:13:32
After Malwarebytes finishes include the log in your next repy, then run AdwCleaner:

Download AdwCleaner from this link:
http://www.bleepingcomputer.com/dow...
AdwCleaner Usage Instructions:
Using AdwCleaner is very simple. Simply download the program and run it. You will then be presented with a screen that contains a Search and Delete button. The Search button will cause AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs.
To delete these unwanted programs simply click on the Delete button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.
Please include the log in your next reply.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#3
January 12, 2013 at 13:23:05
I already have ran the malawarebytes software and this is the log that I have recieved :

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.12.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jade :: JADE-HP [administrator]

Protection: Enabled

06/01/2013 21:02:37
MBAM-log-2013-01-06 (21-11-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219849
Time elapsed: 1 hour(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.

Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> No action taken.
C:\Users\Jade\Downloads\Geordie_Shore_S04E05_Om3n666_HDTV (1).exe (PUP.Adware.Agent) -> No action taken.
C:\Users\Jade\Downloads\Geordie_Shore_S04E05_Om3n666_HDTV.exe (PUP.Adware.Agent) -> No action taken.
C:\Users\Jade\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> No action taken.
C:\Users\Jade\Downloads\Setup (1).exe (Adware.Hotbar) -> No action taken.
C:\Users\Jade\Downloads\Setup.exe (Adware.Hotbar) -> No action taken.
C:\Users\Jade\Downloads\VidSaver (1).exe (Adware.GamePlayLabs) -> No action taken.
C:\Users\Jade\Downloads\VidSaver.exe (Adware.GamePlayLabs) -> No action taken.

(end)


Report •

Related Solutions

#4
January 12, 2013 at 13:28:41
Was that log one you got before running rkill?
If so, I think MrGoodguy would want you to run rkill, then run MalwareBytes while rkill is running. Post that log instead.

[The reason is that rkill will temporarily stop the virus and allow MalwareBytes to go further]

Always pop back and let us know the outcome - thanks


Report •

#5
January 12, 2013 at 13:34:15
Yes that was before running rkill, sorry okay I will run rkill now and then malaware bytes, thanks (:

Report •

#6
January 12, 2013 at 13:42:17
Also go to scan Settings tab in Malwarebytes, Scanner Settings and change the PUP settings to "Show In Results and Check for Removal."

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#7
January 12, 2013 at 14:21:11
This the malaware bytes log after running the rkiller.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.12.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jade :: JADE-HP [administrator]

Protection: Enabled

06/01/2013 21:40:43
new log.txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219566
Time elapsed: 25 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.

Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> No action taken.
C:\Users\Jade\Downloads\Geordie_Shore_S04E05_Om3n666_HDTV (1).exe (PUP.Adware.Agent) -> No action taken.
C:\Users\Jade\Downloads\Geordie_Shore_S04E05_Om3n666_HDTV.exe (PUP.Adware.Agent) -> No action taken.
C:\Users\Jade\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> No action taken.
C:\Users\Jade\Downloads\VidSaver (1).exe (Adware.GamePlayLabs) -> No action taken.
C:\Users\Jade\Downloads\VidSaver.exe (Adware.GamePlayLabs) -> No action taken.

(end)


Report •

#8
January 12, 2013 at 14:31:00
Can you please - See Post #6

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#9
January 12, 2013 at 14:34:59
I did use those settings that you said in post 6, and I ran the malaware bytes scan again and that is the new log above, I haven't removed or done anything else yet

Report •

#10
January 12, 2013 at 14:46:06
OK.... Thanks for letting me know. Let Malwarebytes remove all that it found. It will need to restart to clean PUP.CrossFire.SA as it is a nasty Rootkit.

In Malwarebytes go to the "More Tools" tab and run the Anti-Rootkit Tool. Click it extract all, then look for the MBAR.exe to run it.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#11
January 12, 2013 at 15:08:13
Okay once I run the mbar.exe do I scan the computer and then do the cleanup ?

Report •

#12
January 12, 2013 at 15:15:59
At this stage you should have ran Malwarebytes free and removed all it found, the laptop will need to be restarted so you can continue with Malwarebytes Anti-Rootkit (MBAR.exe) tool.
If you have done that yes please scan the pc with MBAR and remove all it finds.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#13
January 12, 2013 at 16:01:31
It scanned it and said no malware found. Does that mean the virus is gone ? How do I check that the virus has been removed from my laptop completely ?

thanks


Report •

#14
January 12, 2013 at 16:11:53
I will let you know when I think your pc is clean :)
Now please continue with Post #2

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#15
January 12, 2013 at 16:29:36
Okay thankyou :) I have completed post 2 and this is the log result :

# AdwCleaner v2.105 - Logfile created 01/06/2013 at 21:30:15
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jade - JADE-HP
# Boot Mode : Normal
# Running from : C:\Users\Jade\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\NCH_EN
Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Jade\AppData\Local\Conduit
Folder Deleted : C:\Users\Jade\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Jade\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jade\AppData\LocalLow\NCH_EN
Folder Deleted : C:\Users\Jade\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Jade\AppData\LocalLow\uTorrentControl2

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\NCH_EN
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\Software\NCH_EN
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14B651D2-2502-4357-8468-0E5C280616E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{353A33B5-AB47-4741-BB91-FF0D47CEBBE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2FD5A03-9C08-40E0-A308-876AC8CB3304}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2DAE371-E3D4-4DFF-8B6C-039A004CA3C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/102");

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : homepage = "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=48",
Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=48"[...]
Deleted [l.1756] : homepage = "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=48",
Deleted [l.2435] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [12481 octets] - [06/01/2013 21:28:50]
AdwCleaner[S1].txt - [12289 octets] - [06/01/2013 21:30:15]

########## EOF - C:\AdwCleaner[S1].txt - [12350 octets] ##########


Report •

#16
January 12, 2013 at 16:36:46
Please download and run Rougekiller from this link:
http://majorgeeks.com/RogueKiller_d...
Instructions:
•Please quit all programs
•Right-click the RogueKiller file and select "Run as Administrator'
•Press: SCAN
•On the RogueKiller console, click the Registry tab.- Make sure all the entries there are checked. 
•Then, press the [Delete] button.
An RKreport Log (Mode: Delete) is created on the Desktop.
Please provide the RKreport Log in your reply.
Restart the computer if asked.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#17
January 12, 2013 at 17:15:38
This the RK report :

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jade [Admin rights]
Mode : Remove -- Date : 01/06/2013 21:47:49

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] FacebookMessenger.exe -- C:\Users\Jade\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[STARTUP][SUSP PATH] Facebook Messenger.lnk @Jade : C:\Users\Jade\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-60HXZT3 +++++
--- User ---
[MBR] ec8e9f4618322fa44052e13766fb9167
[BSP] 2e2239d362b8637ade7bd456bada51b2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 590693 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1210148864 | Size: 15523 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6b72e6ec35949e7277d8d7ab674ba279
[BSP] 105e96fff8df21ba4e7ac5d9ceebf849 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 409600 | Size: 77824 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 159793152 | Size: 40000 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 241713152 | Size: 800 Mo

Finished : << RKreport[2]_D_01062013_02d2147.txt >>
RKreport[1]_S_01062013_02d2141.txt ; RKreport[2]_D_01062013_02d2147.txt


Report •

#18
January 12, 2013 at 17:26:05
Just checking, you do have a partition with WindowsXP on this HDD as well as the Windows7?

Next I want you to run the HitmanPro 3.7 30day free trial scanner from here:
http://www.surfright.nl/en

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#19
January 12, 2013 at 17:35:06
I am not sure what you mean, my laptop is windows 7 64 bit.

Do you want me just to run hitman pro and is there more results to post ?


Report •

#20
January 12, 2013 at 17:43:17
It was this entry in your Post #17 that had me worried.

[BSP] 105e96fff8df21ba4e7ac5d9ceebf849 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 409600 | Size: 77824 Mo

Yes please run HitmanPro and include the log in your next reply please.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#21
January 12, 2013 at 17:58:00
ah right okay, this is the log for the hitman pro:

[code]
HitmanPro 3.7.0.185
www.hitmanpro.com

Computer name . . . . : JADE-HP
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Jade-HP\Jade
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2013-01-06 21:15:03
Scan mode . . . . . . : Normal
Scan duration . . . . : 19m 5s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 167

Objects scanned . . . : 1,925,785
Files scanned . . . . : 122,671
Remnants scanned . . : 681,256 files / 1,121,858 keys

Potential Unwanted Programs _________________________________________________

C:\Program Files (x86)\Vid-Saver\ (VidSaver)
C:\Program Files (x86)\Vid-Saver\Uninstall.exe (VidSaver)
Size . . . . . . . : 486,323 bytes
Age . . . . . . . : 232.2 days (2012-05-19 16:36:05)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 8512E3E4D0DE13815040F15D472A47CC9EA5A61585815293FD579A68A0BE736C
Product . . . . . : Vid-Saver
Publisher . . . . : 215 Apps
Description . . . : Vid-Saver Installer
Version . . . . . : 1.18.149.149
Copyright . . . . : Copyright 215 Apps
Fuzzy . . . . . . : -4.0

C:\Program Files (x86)\Vid-Saver\Vid-Saver.exe (VidSaver)
Size . . . . . . . : 441,216 bytes
Age . . . . . . . : 232.2 days (2012-05-19 16:36:05)
Entropy . . . . . : 6.4
SHA-256 . . . . . : B8EBBD1538094DF293C32079F9BF36316887528C1979E478C4EC6856ACF6CACA
Product . . . . . : Vid-Saver
Publisher . . . . : 215 Apps
Description . . . : Vid-Saver exe
Version . . . . . : 1.1.149.20
Copyright . . . . : Copyright 2011
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0

C:\Program Files (x86)\Vid-Saver\Vid-Saver.ico (VidSaver)
C:\Program Files (x86)\Vid-Saver\Vid-Saver.ini (VidSaver)
C:\Program Files (x86)\Vid-Saver\Vid-SaverGui.exe (VidSaver)
Size . . . . . . . : 2,096,000 bytes
Age . . . . . . . : 232.2 days (2012-05-19 16:36:05)
Entropy . . . . . : 5.6
SHA-256 . . . . . : 96EB35F48255457F759D997025915F6532A9A8892058CA27FB2EAFBD0D8929CE
Product . . . . . : Vid-Saver
Publisher . . . . : 215 Apps
Description . . . : Vid-Saver exe
Version . . . . . : 1.1.143.20
Copyright . . . . : Copyright 2011
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0

C:\Program Files (x86)\Vid-Saver\Vid-SaverInstaller.log (VidSaver)
C:\Users\Jade\AppData\Local\Vid-Saver\ (VidSaver)
C:\Users\Jade\AppData\Local\Vid-Saver\Chrome\ (VidSaver)
C:\Users\Jade\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx (VidSaver)
HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691}\ (VidSaver)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022342291}\ (VidSaver)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066346691}\ (VidSaver)
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\ (VidSaver)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver\ (VidSaver)
HKU\S-1-5-21-603234931-4281251525-1305880066-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0} (SearchQU)
HKU\S-1-5-21-603234931-4281251525-1305880066-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},\ (SearchQU)

Cookies _____________________________________________________________________

C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:112.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:122.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bleepingcomputer.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.intergi.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtech.de
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:data.coremetrics.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:eaeacom.112.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:gntbcstglobal.112.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:logoworks.112.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:matalan.122.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:newlook.112.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.112.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubads.g.doubleclick.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:registercom.122.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:riverisland.122.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:static.getclicky.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:statoil.solution.weborama.fr
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.complex.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.thoughtcatalog.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:trackalyzer.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:trinitymirror.112.2o7.net
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\Jade\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\Jade\AppData\Roaming\Microsoft\Windows\Cookies\24MR67VZ.txt
C:\Users\Jade\AppData\Roaming\Microsoft\Windows\Cookies\3KLAX31F.txt
C:\Users\Jade\AppData\Roaming\Microsoft\Windows\Cookies\3NQPZEZ9.txt
C:\Users\Jade\AppData\Roaming\Microsoft\Windows\Cookies\7F1TFIGB.txt
C:\Users\Jade\AppData\Roaming\Microsoft\Windows\Cookies\7JM0UK5O.txt
C:\Users\Jade\AppData\Roaming\Microsoft\Windows\Cookies\9712IA12.txt
C:\Users\Jade\AppData\Roaming\Microsoft\Windows\Cookies\B9Y6P6K5.txt
C:\Users\Jade\AppData\Roaming\Microsoft\Windows\Cookies\BKLNR76N.txt
C:\Users\Jade\AppData\Roaming\Microsoft\Windows\Cookies\DJTT52T7.txt
C:\Users\Jade\AppData\Roaming\Microsoft\Windows\Cookies\GTLI3F61.txt
C:\Users\Jade\AppData\Roaming\Microsoft\Windows\Cookies\K3HTBPHJ.txt
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:247realmedia.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:2o7.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ad.360yield.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ad.mlnadvertising.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ad.propellerads.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ad.zanox.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:adbrite.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:adinterax.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ads.adk2.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ads.crakmedia.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ads.creative-serving.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ads.p161.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ads.pointroll.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ads.pubmatic.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ads.undertone.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:adserver.adtechus.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:adserver.zenoviaexchange.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:adtech.de
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:adtechus.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:adultfriendfinder.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:advertising.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:adviva.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:apmebf.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ar.atwola.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:at.atwola.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:atdmt.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:bmuk.burstnet.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:bs.serving-sys.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:burstnet.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:c.atdmt.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:casalemedia.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:collective-media.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:content-ssl.yieldmanager.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:content.yieldmanager.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:dmtracker.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:doubleclick.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:exoclick.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:fastclick.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:h.atdmt.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:interclick.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:invitemedia.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:media.fastclick.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:media6degrees.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:mediaplex.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:mm.chitika.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:partypoker.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:paypal.112.2o7.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:pointroll.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:questionmarket.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:revsci.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:rts.pgmediaserve.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ru4.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:serving-sys.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:smartadserver.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:specificclick.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:statcounter.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:stats.paypal.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:statse.webtrendslive.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:tacoda.at.atwola.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:track.adform.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:tradedoubler.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:tribalfusion.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:warnerbros.112.2o7.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:ww251.smartadserver.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:www.burstnet.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:www.googleadservices.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:www.partypoker.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:xiti.com
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:yieldmanager.net
C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\cookies.sqlite:zedo.com


[/code]


Report •

#22
January 12, 2013 at 18:15:11
Can you rerun HitmanPro and on the deletion item page go hover over the first VidSaver item found. It will bring up removal options. (There will be a option to delete all with the same VidSaver PUP name) select this option.


We need to do some extra checks to make sure there is no Rootkit hiding on your laptop.
Download and run TDSSkiller from this link please:
http://support.kaspersky.com/5350
Click "Change Parameters" check mark Verify Digital Signatures and Detect TDLFS File System, then click "OK" then "Scan." - Include the log in your next reply.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#23
January 12, 2013 at 18:26:31
I have to post the log in two parts as its large

21:57:59.0119 3772 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:57:59.0299 3772 ============================================================
21:57:59.0299 3772 Current date / time: 2013/01/06 21:57:59.0299
21:57:59.0299 3772 SystemInfo:
21:57:59.0299 3772
21:57:59.0299 3772 OS Version: 6.1.7601 ServicePack: 1.0
21:57:59.0299 3772 Product type: Workstation
21:57:59.0300 3772 ComputerName: JADE-HP
21:57:59.0300 3772 UserName: Jade
21:57:59.0300 3772 Windows directory: C:\Windows
21:57:59.0300 3772 System windows directory: C:\Windows
21:57:59.0300 3772 Running under WOW64
21:57:59.0300 3772 Processor architecture: Intel x64
21:57:59.0300 3772 Number of processors: 4
21:57:59.0300 3772 Page size: 0x1000
21:57:59.0300 3772 Boot type: Normal boot
21:57:59.0300 3772 ============================================================
21:58:00.0874 3772 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:58:00.0888 3772 ============================================================
21:58:00.0888 3772 \Device\Harddisk0\DR0:
21:58:00.0889 3772 MBR partitions:
21:58:00.0889 3772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:58:00.0889 3772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x481B2800
21:58:00.0889 3772 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48216800, BlocksNum 0x1E51800
21:58:00.0889 3772 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A068000, BlocksNum 0x7EFAB0
21:58:00.0889 3772 ============================================================
21:58:00.0918 3772 C: <-> \Device\Harddisk0\DR0\Partition2
21:58:00.0950 3772 D: <-> \Device\Harddisk0\DR0\Partition3
21:58:00.0958 3772 E: <-> \Device\Harddisk0\DR0\Partition4
21:58:00.0958 3772 ============================================================
21:58:00.0959 3772 Initialize success
21:58:00.0959 3772 ============================================================
21:58:22.0437 6440 ============================================================
21:58:22.0437 6440 Scan started
21:58:22.0437 6440 Mode: Manual; SigCheck; TDLFS;
21:58:22.0437 6440 ============================================================
21:58:22.0712 6440 ================ Scan system memory ========================
21:58:22.0712 6440 System memory - ok
21:58:22.0712 6440 ================ Scan services =============================
21:58:22.0823 6440 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:58:23.0078 6440 !SASCORE - ok
21:58:23.0259 6440 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:58:23.0341 6440 1394ohci - ok
21:58:23.0387 6440 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:58:23.0463 6440 ACPI - ok
21:58:23.0499 6440 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:58:23.0588 6440 AcpiPmi - ok
21:58:23.0743 6440 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:58:23.0921 6440 AdobeARMservice - ok
21:58:24.0084 6440 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:58:24.0317 6440 AdobeFlashPlayerUpdateSvc - ok
21:58:24.0385 6440 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:58:24.0462 6440 adp94xx - ok
21:58:24.0528 6440 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:58:24.0600 6440 adpahci - ok
21:58:24.0618 6440 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:58:24.0673 6440 adpu320 - ok
21:58:24.0703 6440 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:58:24.0828 6440 AeLookupSvc - ok
21:58:24.0902 6440 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:58:25.0003 6440 AFD - ok
21:58:25.0053 6440 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:58:25.0098 6440 agp440 - ok
21:58:25.0118 6440 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:58:25.0207 6440 ALG - ok
21:58:25.0255 6440 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:58:25.0320 6440 aliide - ok
21:58:25.0348 6440 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:58:25.0396 6440 amdide - ok
21:58:25.0452 6440 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:58:25.0539 6440 AmdK8 - ok
21:58:25.0570 6440 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:58:25.0636 6440 AmdPPM - ok
21:58:25.0686 6440 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:58:25.0739 6440 amdsata - ok
21:58:25.0798 6440 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:58:25.0857 6440 amdsbs - ok
21:58:25.0879 6440 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:58:25.0952 6440 amdxata - ok
21:58:25.0991 6440 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:58:26.0132 6440 AppID - ok
21:58:26.0154 6440 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:58:26.0291 6440 AppIDSvc - ok
21:58:26.0313 6440 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:58:26.0490 6440 Appinfo - ok
21:58:26.0577 6440 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:58:26.0696 6440 Apple Mobile Device - ok
21:58:26.0743 6440 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:58:26.0792 6440 arc - ok
21:58:26.0821 6440 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:58:26.0868 6440 arcsas - ok
21:58:27.0000 6440 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:58:27.0054 6440 aspnet_state - ok
21:58:27.0101 6440 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:58:27.0217 6440 AsyncMac - ok
21:58:27.0259 6440 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:58:27.0304 6440 atapi - ok
21:58:27.0430 6440 [ 25463E0604F0608D926474E667BD7B76 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:58:27.0575 6440 athr - ok
21:58:27.0672 6440 [ 788914C42AD8318F1DD7A565EAFFB049 ] athrusb C:\Windows\system32\DRIVERS\athrxusb.sys
21:58:27.0769 6440 athrusb - ok
21:58:27.0826 6440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:58:27.0995 6440 AudioEndpointBuilder - ok
21:58:28.0022 6440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:58:28.0179 6440 AudioSrv - ok
21:58:28.0248 6440 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:58:28.0347 6440 AxInstSV - ok
21:58:28.0425 6440 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:58:28.0491 6440 b06bdrv - ok
21:58:28.0560 6440 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:58:28.0623 6440 b57nd60a - ok
21:58:28.0724 6440 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
21:58:28.0862 6440 BBSvc - ok
21:58:28.0902 6440 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
21:58:29.0065 6440 BBUpdate - ok
21:58:29.0135 6440 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:58:29.0278 6440 BCM43XX - ok
21:58:29.0311 6440 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:58:29.0378 6440 BDESVC - ok
21:58:29.0435 6440 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:58:29.0527 6440 Beep - ok
21:58:29.0606 6440 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:58:29.0783 6440 BFE - ok
21:58:29.0996 6440 [ 1D757A7E020C577C4259A755F21B7152 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120215.001\BHDrvx64.sys
21:58:30.0171 6440 BHDrvx64 - ok
21:58:30.0222 6440 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:58:30.0388 6440 BITS - ok
21:58:30.0434 6440 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:58:30.0479 6440 blbdrive - ok
21:58:30.0549 6440 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:58:30.0686 6440 Bonjour Service - ok
21:58:30.0748 6440 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:58:30.0818 6440 bowser - ok
21:58:30.0864 6440 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:58:30.0951 6440 BrFiltLo - ok
21:58:30.0981 6440 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:58:31.0033 6440 BrFiltUp - ok
21:58:31.0085 6440 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:58:31.0160 6440 Browser - ok
21:58:31.0193 6440 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:58:31.0247 6440 Brserid - ok
21:58:31.0265 6440 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:58:31.0313 6440 BrSerWdm - ok
21:58:31.0328 6440 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:58:31.0379 6440 BrUsbMdm - ok
21:58:31.0399 6440 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:58:31.0456 6440 BrUsbSer - ok
21:58:31.0505 6440 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:58:31.0565 6440 BTHMODEM - ok
21:58:31.0628 6440 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:58:31.0795 6440 bthserv - ok
21:58:31.0881 6440 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
21:58:31.0945 6440 ccSet_NIS - ok
21:58:32.0009 6440 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:58:32.0130 6440 cdfs - ok
21:58:32.0193 6440 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:58:32.0253 6440 cdrom - ok
21:58:32.0297 6440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:58:32.0435 6440 CertPropSvc - ok
21:58:32.0465 6440 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:58:32.0533 6440 circlass - ok
21:58:32.0604 6440 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:58:32.0877 6440 CLFS - ok
21:58:33.0015 6440 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:58:33.0077 6440 clr_optimization_v2.0.50727_32 - ok
21:58:33.0108 6440 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:58:33.0147 6440 clr_optimization_v2.0.50727_64 - ok
21:58:33.0256 6440 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:58:33.0299 6440 clr_optimization_v4.0.30319_32 - ok
21:58:33.0325 6440 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:58:33.0369 6440 clr_optimization_v4.0.30319_64 - ok
21:58:33.0437 6440 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
21:58:33.0497 6440 clwvd - ok
21:58:33.0544 6440 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:58:33.0586 6440 CmBatt - ok
21:58:33.0624 6440 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:58:33.0667 6440 cmdide - ok
21:58:33.0731 6440 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:58:33.0827 6440 CNG - ok
21:58:33.0890 6440 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:58:33.0972 6440 Compbatt - ok
21:58:34.0015 6440 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:58:34.0071 6440 CompositeBus - ok
21:58:34.0096 6440 COMSysApp - ok
21:58:34.0124 6440 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:58:34.0168 6440 crcdisk - ok
21:58:34.0216 6440 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:58:34.0308 6440 CryptSvc - ok
21:58:34.0357 6440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:58:34.0538 6440 DcomLaunch - ok
21:58:34.0603 6440 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:58:34.0770 6440 defragsvc - ok
21:58:34.0810 6440 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:58:34.0925 6440 DfsC - ok
21:58:34.0967 6440 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:58:35.0051 6440 Dhcp - ok
21:58:35.0067 6440 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:58:35.0186 6440 discache - ok
21:58:35.0252 6440 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:58:35.0317 6440 Disk - ok
21:58:35.0352 6440 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:58:35.0426 6440 Dnscache - ok
21:58:35.0448 6440 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:58:35.0590 6440 dot3svc - ok
21:58:35.0606 6440 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:58:35.0743 6440 DPS - ok
21:58:35.0786 6440 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:58:35.0853 6440 drmkaud - ok
21:58:35.0897 6440 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:58:36.0016 6440 DXGKrnl - ok
21:58:36.0059 6440 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:58:36.0198 6440 EapHost - ok
21:58:36.0305 6440 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:58:36.0488 6440 ebdrv - ok
21:58:36.0524 6440 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:58:36.0637 6440 eeCtrl - ok
21:58:36.0665 6440 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:58:36.0754 6440 EFS - ok
21:58:36.0846 6440 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:58:36.0962 6440 ehRecvr - ok
21:58:36.0999 6440 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:58:37.0089 6440 ehSched - ok
21:58:37.0161 6440 [ 4778EEECB75C6FB419745BEED3530B9D ] ElRawDisk C:\Windows\system32\drivers\rsdrvx64.sys
21:58:37.0206 6440 ElRawDisk - ok
21:58:37.0259 6440 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:58:37.0338 6440 elxstor - ok
21:58:37.0343 6440 EraserUtilRebootDrv - ok
21:58:37.0378 6440 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:58:37.0424 6440 ErrDev - ok
21:58:37.0486 6440 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:58:37.0635 6440 EventSystem - ok
21:58:37.0697 6440 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:58:37.0820 6440 exfat - ok
21:58:37.0839 6440 ezSharedSvc - ok
21:58:37.0865 6440 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:58:38.0010 6440 fastfat - ok
21:58:38.0070 6440 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:58:38.0264 6440 Fax - ok
21:58:38.0287 6440 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:58:38.0351 6440 fdc - ok
21:58:38.0403 6440 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:58:38.0536 6440 fdPHost - ok
21:58:38.0553 6440 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:58:38.0704 6440 FDResPub - ok
21:58:38.0753 6440 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:58:38.0830 6440 FileInfo - ok
21:58:38.0854 6440 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:58:38.0982 6440 Filetrace - ok
21:58:38.0998 6440 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:58:39.0046 6440 flpydisk - ok
21:58:39.0065 6440 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:58:39.0137 6440 FltMgr - ok
21:58:39.0189 6440 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:58:39.0303 6440 FontCache - ok
21:58:39.0351 6440 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:58:39.0394 6440 FontCache3.0.0.0 - ok
21:58:39.0415 6440 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:58:39.0458 6440 FsDepends - ok
21:58:39.0514 6440 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:58:39.0556 6440 Fs_Rec - ok
21:58:39.0626 6440 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:58:39.0694 6440 fvevol - ok
21:58:39.0747 6440 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:58:39.0797 6440 gagp30kx - ok
21:58:39.0901 6440 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:58:40.0024 6440 GamesAppService - ok
21:58:40.0058 6440 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:58:40.0102 6440 GEARAspiWDM - ok
21:58:40.0168 6440 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:58:40.0343 6440 gpsvc - ok
21:58:40.0437 6440 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:58:40.0573 6440 gupdate - ok
21:58:40.0594 6440 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:58:40.0694 6440 gupdatem - ok
21:58:40.0736 6440 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:58:40.0783 6440 hcw85cir - ok
21:58:40.0822 6440 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:58:40.0898 6440 HdAudAddService - ok
21:58:40.0957 6440 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:58:41.0037 6440 HDAudBus - ok
21:58:41.0082 6440 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:58:41.0130 6440 HECIx64 - ok
21:58:41.0153 6440 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:58:41.0224 6440 HidBatt - ok
21:58:41.0253 6440 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:58:41.0332 6440 HidBth - ok
21:58:41.0403 6440 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:58:41.0461 6440 HidIr - ok
21:58:41.0496 6440 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:58:41.0621 6440 hidserv - ok
21:58:41.0661 6440 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:58:41.0726 6440 HidUsb - ok
21:58:41.0804 6440 [ 9C66FEEFCA9D5DD712AB78D17BB16DA8 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
21:58:41.0901 6440 HitmanProScheduler - ok
21:58:41.0962 6440 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:58:42.0108 6440 hkmsvc - ok
21:58:42.0132 6440 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:58:42.0216 6440 HomeGroupListener - ok
21:58:42.0248 6440 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:58:42.0325 6440 HomeGroupProvider - ok
21:58:42.0431 6440 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:58:42.0489 6440 HP Support Assistant Service - ok
21:58:42.0565 6440 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
21:58:42.0671 6440 HPClientSvc - ok
21:58:42.0754 6440 [ 8EB0813B7760BBE161BACF8043322186 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:58:42.0874 6440 HPDrvMntSvc.exe - ok
21:58:42.0947 6440 [ 5298E3B4844328A11C9EB6C001CF0529 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:58:43.0508 6440 hpqwmiex - ok
21:58:43.0545 6440 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:58:43.0590 6440 HpSAMD - ok
21:58:43.0669 6440 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
21:58:43.0741 6440 HPWMISVC - ok
21:58:43.0808 6440 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:58:43.0964 6440 HTTP - ok
21:58:44.0011 6440 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:58:44.0052 6440 hwpolicy - ok
21:58:44.0109 6440 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:58:44.0200 6440 i8042prt - ok
21:58:44.0250 6440 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:58:44.0399 6440 iaStor - ok
21:58:44.0494 6440 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:58:44.0537 6440 IAStorDataMgrSvc - ok
21:58:44.0566 6440 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:58:44.0687 6440 iaStorV - ok
21:58:44.0798 6440 [ D3090576412EC63E0C6271D8B0974D73 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
21:58:45.0067 6440 IconMan_R - ok
21:58:45.0124 6440 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:58:45.0216 6440 idsvc - ok
21:58:45.0280 6440 [ 18C40C3F368323B203ACE403CB430DB1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120224.002\IDSvia64.sys
21:58:45.0372 6440 IDSVia64 - ok
21:58:45.0714 6440 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:58:46.0090 6440 igfx - ok
21:58:46.0161 6440 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:58:46.0207 6440 iirsp - ok
21:58:46.0249 6440 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:58:46.0433 6440 IKEEXT - ok
21:58:46.0501 6440 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
21:58:46.0595 6440 Impcd - ok
21:58:46.0656 6440 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:58:46.0758 6440 IntcDAud - ok
21:58:46.0787 6440 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:58:46.0832 6440 intelide - ok
21:58:46.0891 6440 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:58:46.0940 6440 intelppm - ok
21:58:46.0993 6440 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:58:47.0135 6440 IPBusEnum - ok
21:58:47.0175 6440 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:58:47.0289 6440 IpFilterDriver - ok
21:58:47.0355 6440 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:58:47.0454 6440 iphlpsvc - ok
21:58:47.0485 6440 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:58:47.0537 6440 IPMIDRV - ok
21:58:47.0567 6440 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:58:47.0689 6440 IPNAT - ok
21:58:47.0756 6440 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:58:47.0949 6440 iPod Service - ok
21:58:47.0982 6440 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:58:48.0043 6440 IRENUM - ok
21:58:48.0061 6440 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:58:48.0109 6440 isapnp - ok
21:58:48.0133 6440 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:58:48.0198 6440 iScsiPrt - ok
21:58:48.0247 6440 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:58:48.0303 6440 kbdclass - ok
21:58:48.0343 6440 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:58:48.0401 6440 kbdhid - ok
21:58:48.0443 6440 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:58:48.0499 6440 KeyIso - ok
21:58:48.0524 6440 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:58:48.0582 6440 KSecDD - ok
21:58:48.0601 6440 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:58:48.0665 6440 KSecPkg - ok
21:58:48.0675 6440 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:58:48.0790 6440 ksthunk - ok
21:58:48.0830 6440 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:58:48.0982 6440 KtmRm - ok
21:58:49.0042 6440 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:58:49.0187 6440 LanmanServer - ok
21:58:49.0236 6440 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:58:49.0378 6440 LanmanWorkstation - ok
21:58:49.0444 6440 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:58:49.0560 6440 lltdio - ok
21:58:49.0593 6440 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:58:49.0743 6440 lltdsvc - ok
21:58:49.0786 6440 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:58:49.0917 6440 lmhosts - ok
21:58:49.0989 6440 [ 0405F4BCD1C7A7B309F620FE0B5DE5E6 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:58:50.0169 6440 LMS - ok
21:58:50.0227 6440 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:58:50.0310 6440 LSI_FC - ok
21:58:50.0340 6440 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:58:50.0399 6440 LSI_SAS - ok
21:58:50.0419 6440 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:58:50.0472 6440 LSI_SAS2 - ok
21:58:50.0492 6440 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:58:50.0544 6440 LSI_SCSI - ok
21:58:50.0601 6440 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:58:50.0711 6440 luafv - ok
21:58:50.0737 6440 lxdx_device - ok
21:58:50.0783 6440 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:58:50.0826 6440 MBAMProtector - ok
21:58:50.0920 6440 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:58:51.0115 6440 MBAMScheduler - ok
21:58:51.0169 6440 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:58:51.0383 6440 MBAMService - ok
21:58:51.0478 6440 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
21:58:51.0616 6440 McComponentHostService - ok
21:58:51.0673 6440 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:58:51.0780 6440 Mcx2Svc - ok
21:58:51.0815 6440 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:58:51.0862 6440 megasas - ok
21:58:51.0890 6440 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:58:51.0964 6440 MegaSR - ok
21:58:52.0069 6440 Microsoft SharePoint Workspace Audit Service - ok
21:58:52.0095 6440 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:58:52.0225 6440 MMCSS - ok
21:58:52.0248 6440 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:58:52.0362 6440 Modem - ok
21:58:52.0403 6440 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:58:52.0457 6440 monitor - ok
21:58:52.0506 6440 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:58:52.0562 6440 mouclass - ok
21:58:52.0610 6440 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
21:58:52.0683 6440 mouhid - ok
21:58:52.0732 6440 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:58:52.0812 6440 mountmgr - ok
21:58:52.0907 6440 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:58:53.0030 6440 MozillaMaintenance - ok
21:58:53.0097 6440 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:58:53.0166 6440 MpFilter - ok
21:58:53.0201 6440 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:58:53.0254 6440 mpio - ok
21:58:53.0278 6440 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:58:53.0417 6440 mpsdrv - ok
21:58:53.0470 6440 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:58:53.0661 6440 MpsSvc - ok
21:58:53.0681 6440 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:58:53.0757 6440 MRxDAV - ok
21:58:53.0783 6440 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:58:53.0847 6440 mrxsmb - ok
21:58:53.0885 6440 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:58:53.0959 6440 mrxsmb10 - ok
21:58:53.0976 6440 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:58:54.0030 6440 mrxsmb20 - ok
21:58:54.0058 6440 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:58:54.0103 6440 msahci - ok
21:58:54.0130 6440 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:58:54.0187 6440 msdsm - ok
21:58:54.0212 6440 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:58:54.0290 6440 MSDTC - ok
21:58:54.0332 6440 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:58:54.0459 6440 Msfs - ok
21:58:54.0502 6440 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:58:54.0632 6440 mshidkmdf - ok
21:58:54.0667 6440 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:58:54.0710 6440 msisadrv - ok
21:58:54.0743 6440 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:58:54.0900 6440 MSiSCSI - ok
21:58:54.0907 6440 msiserver - ok
21:58:54.0951 6440 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:58:55.0065 6440 MSKSSRV - ok
21:58:55.0147 6440 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:58:55.0202 6440 MsMpSvc - ok
21:58:55.0248 6440 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:58:55.0359 6440 MSPCLOCK - ok
21:58:55.0371 6440 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:58:55.0483 6440 MSPQM - ok
21:58:55.0501 6440 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:58:55.0577 6440 MsRPC - ok
21:58:55.0611 6440 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:58:55.0661 6440 mssmbios - ok
21:58:55.0683 6440 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:58:55.0795 6440 MSTEE - ok
21:58:55.0811 6440 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:58:55.0857 6440 MTConfig - ok
21:58:55.0874 6440 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:58:55.0928 6440 Mup - ok
21:58:55.0967 6440 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:58:56.0102 6440 napagent - ok
21:58:56.0155 6440 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:58:56.0232 6440 NativeWifiP - ok
21:58:56.0291 6440 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120224.034\ENG64.SYS
21:58:56.0335 6440 NAVENG - ok
21:58:56.0401 6440 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120224.034\EX64.SYS
21:58:56.0534 6440 NAVEX15 - ok
21:58:56.0584 6440 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:58:56.0710 6440 NDIS - ok
21:58:56.0753 6440 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:58:56.0866 6440 NdisCap - ok
21:58:56.0904 6440 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:58:57.0021 6440 NdisTapi - ok
21:58:57.0057 6440 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:58:57.0169 6440 Ndisuio - ok
21:58:57.0186 6440 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:58:57.0295 6440 NdisWan - ok
21:58:57.0338 6440 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:58:57.0478 6440 NDProxy - ok
21:58:57.0506 6440 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:58:57.0638 6440 NetBIOS - ok
21:58:57.0663 6440 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:58:57.0788 6440 NetBT - ok
21:58:57.0820 6440 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:58:57.0877 6440 Netlogon - ok
21:58:57.0936 6440 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:58:58.0078 6440 Netman - ok
21:58:58.0136 6440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:58:58.0199 6440 NetMsmqActivator - ok
21:58:58.0226 6440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:58:58.0290 6440 NetPipeActivator - ok
21:58:58.0321 6440 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:58:58.0488 6440 netprofm - ok
21:58:58.0520 6440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:58:58.0585 6440 NetTcpActivator - ok
21:58:58.0592 6440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:58:58.0656 6440 NetTcpPortSharing - ok
21:58:58.0706 6440 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:58:58.0752 6440 nfrd960 - ok
21:58:58.0853 6440 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
21:58:58.0987 6440 NIS - ok
21:58:59.0043 6440 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:58:59.0096 6440 NisDrv - ok
21:58:59.0126 6440 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:58:59.0216 6440 NisSrv - ok
21:58:59.0281 6440 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:58:59.0363 6440 NlaSvc - ok
21:58:59.0389 6440 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:58:59.0506 6440 Npfs - ok
21:58:59.0529 6440 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:58:59.0681 6440 nsi - ok
21:58:59.0704 6440 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:58:59.0810 6440 nsiproxy - ok
21:58:59.0882 6440 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:59:00.0021 6440 Ntfs - ok
21:59:00.0036 6440 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:59:00.0134 6440 Null - ok
21:59:00.0181 6440 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
21:59:00.0241 6440 NVENETFD - ok


Report •

#24
January 12, 2013 at 18:27:07
21:59:00.0266 6440 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:59:00.0317 6440 nvraid - ok
21:59:00.0339 6440 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:59:00.0390 6440 nvstor - ok
21:59:00.0441 6440 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:59:00.0499 6440 nv_agp - ok
21:59:00.0521 6440 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:59:00.0574 6440 ohci1394 - ok
21:59:00.0654 6440 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:59:00.0751 6440 ose - ok
21:59:00.0996 6440 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:59:01.0640 6440 osppsvc - ok
21:59:01.0691 6440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:59:01.0788 6440 p2pimsvc - ok
21:59:01.0829 6440 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:59:01.0917 6440 p2psvc - ok
21:59:01.0938 6440 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:59:01.0994 6440 Parport - ok
21:59:02.0020 6440 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:59:02.0073 6440 partmgr - ok
21:59:02.0093 6440 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:59:02.0197 6440 PcaSvc - ok
21:59:02.0228 6440 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:59:02.0287 6440 pci - ok
21:59:02.0317 6440 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:59:02.0360 6440 pciide - ok
21:59:02.0384 6440 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:59:02.0444 6440 pcmcia - ok
21:59:02.0531 6440 [ 1171C834C5E6515765684C6938B609A1 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
21:59:02.0914 6440 PCToolsSSDMonitorSvc - ok
21:59:02.0940 6440 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:59:02.0989 6440 pcw - ok
21:59:03.0022 6440 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:59:03.0159 6440 PEAUTH - ok
21:59:03.0283 6440 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:59:03.0349 6440 PerfHost - ok
21:59:03.0427 6440 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:59:03.0650 6440 pla - ok
21:59:03.0706 6440 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:59:03.0802 6440 PlugPlay - ok
21:59:03.0820 6440 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:59:03.0889 6440 PNRPAutoReg - ok
21:59:03.0914 6440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:59:03.0997 6440 PNRPsvc - ok
21:59:04.0042 6440 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:59:04.0172 6440 PolicyAgent - ok
21:59:04.0221 6440 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:59:04.0346 6440 Power - ok
21:59:04.0400 6440 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:59:04.0531 6440 PptpMiniport - ok
21:59:04.0561 6440 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:59:04.0627 6440 Processor - ok
21:59:04.0665 6440 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:59:04.0743 6440 ProfSvc - ok
21:59:04.0753 6440 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:59:04.0811 6440 ProtectedStorage - ok
21:59:04.0863 6440 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:59:04.0981 6440 Psched - ok
21:59:05.0041 6440 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:59:05.0093 6440 PxHlpa64 - ok
21:59:05.0147 6440 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:59:05.0292 6440 ql2300 - ok
21:59:05.0319 6440 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:59:05.0382 6440 ql40xx - ok
21:59:05.0418 6440 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:59:05.0505 6440 QWAVE - ok
21:59:05.0544 6440 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:59:05.0602 6440 QWAVEdrv - ok
21:59:05.0625 6440 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:59:05.0726 6440 RasAcd - ok
21:59:05.0788 6440 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:59:05.0917 6440 RasAgileVpn - ok
21:59:05.0979 6440 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:59:06.0119 6440 RasAuto - ok
21:59:06.0141 6440 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:59:06.0258 6440 Rasl2tp - ok
21:59:06.0297 6440 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:59:06.0458 6440 RasMan - ok
21:59:06.0476 6440 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:59:06.0604 6440 RasPppoe - ok
21:59:06.0643 6440 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:59:06.0761 6440 RasSstp - ok
21:59:06.0784 6440 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:59:06.0914 6440 rdbss - ok
21:59:06.0936 6440 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:59:06.0994 6440 rdpbus - ok
21:59:07.0054 6440 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:59:07.0163 6440 RDPCDD - ok
21:59:07.0180 6440 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:59:07.0287 6440 RDPENCDD - ok
21:59:07.0311 6440 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:59:07.0417 6440 RDPREFMP - ok
21:59:07.0456 6440 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:59:07.0521 6440 RDPWD - ok
21:59:07.0570 6440 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:59:07.0635 6440 rdyboost - ok
21:59:07.0666 6440 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:59:07.0858 6440 RemoteAccess - ok
21:59:07.0903 6440 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:59:08.0044 6440 RemoteRegistry - ok
21:59:08.0059 6440 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:59:08.0196 6440 RpcEptMapper - ok
21:59:08.0224 6440 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:59:08.0279 6440 RpcLocator - ok
21:59:08.0311 6440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:59:08.0471 6440 RpcSs - ok
21:59:08.0535 6440 [ 6E5C3D18C3BCC72AA527DBC5FA61AB8F ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
21:59:08.0593 6440 RSPCIESTOR - ok
21:59:08.0651 6440 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:59:08.0768 6440 rspndr - ok
21:59:08.0831 6440 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:59:08.0901 6440 RTL8167 - ok
21:59:08.0920 6440 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:59:08.0977 6440 SamSs - ok
21:59:09.0011 6440 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:59:09.0180 6440 SASDIFSV - ok
21:59:09.0200 6440 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:59:09.0235 6440 SASKUTIL - ok
21:59:09.0265 6440 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:59:09.0312 6440 sbp2port - ok
21:59:09.0340 6440 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:59:09.0482 6440 SCardSvr - ok
21:59:09.0512 6440 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:59:09.0620 6440 scfilter - ok
21:59:09.0659 6440 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:59:09.0886 6440 Schedule - ok
21:59:09.0918 6440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:59:10.0046 6440 SCPolicySvc - ok
21:59:10.0062 6440 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:59:10.0123 6440 sdbus - ok
21:59:10.0146 6440 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:59:10.0221 6440 SDRSVC - ok
21:59:10.0264 6440 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:59:10.0398 6440 secdrv - ok
21:59:10.0420 6440 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:59:10.0552 6440 seclogon - ok
21:59:10.0603 6440 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:59:10.0737 6440 SENS - ok
21:59:10.0750 6440 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:59:10.0814 6440 SensrSvc - ok
21:59:10.0833 6440 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:59:10.0894 6440 Serenum - ok
21:59:10.0939 6440 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:59:10.0999 6440 Serial - ok
21:59:11.0053 6440 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:59:11.0112 6440 sermouse - ok
21:59:11.0153 6440 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:59:11.0293 6440 SessionEnv - ok
21:59:11.0323 6440 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:59:11.0381 6440 sffdisk - ok
21:59:11.0387 6440 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:59:11.0443 6440 sffp_mmc - ok
21:59:11.0478 6440 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:59:11.0550 6440 sffp_sd - ok
21:59:11.0569 6440 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:59:11.0616 6440 sfloppy - ok
21:59:11.0654 6440 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:59:11.0805 6440 SharedAccess - ok
21:59:11.0832 6440 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:59:11.0983 6440 ShellHWDetection - ok
21:59:12.0035 6440 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:59:12.0075 6440 SiSRaid2 - ok
21:59:12.0104 6440 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:59:12.0148 6440 SiSRaid4 - ok
21:59:12.0237 6440 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:59:12.0535 6440 SkypeUpdate - ok
21:59:12.0603 6440 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:59:12.0723 6440 Smb - ok
21:59:12.0779 6440 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:59:12.0842 6440 SNMPTRAP - ok
21:59:12.0865 6440 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:59:12.0910 6440 spldr - ok
21:59:12.0954 6440 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:59:13.0076 6440 Spooler - ok
21:59:13.0176 6440 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:59:13.0473 6440 sppsvc - ok
21:59:13.0498 6440 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:59:13.0641 6440 sppuinotify - ok
21:59:13.0739 6440 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
21:59:13.0824 6440 SRTSP - ok
21:59:13.0847 6440 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
21:59:13.0906 6440 SRTSPX - ok
21:59:13.0948 6440 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:59:14.0032 6440 srv - ok
21:59:14.0067 6440 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:59:14.0131 6440 srv2 - ok
21:59:14.0194 6440 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:59:14.0270 6440 SrvHsfHDA - ok
21:59:14.0323 6440 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:59:14.0446 6440 SrvHsfV92 - ok
21:59:14.0477 6440 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:59:14.0562 6440 SrvHsfWinac - ok
21:59:14.0581 6440 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:59:14.0641 6440 srvnet - ok
21:59:14.0697 6440 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:59:14.0833 6440 SSDPSRV - ok
21:59:14.0854 6440 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:59:14.0990 6440 SstpSvc - ok
21:59:15.0080 6440 [ 7BF818B11C1FEDC3E76D233124470A30 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
21:59:15.0223 6440 STacSV - ok
21:59:15.0250 6440 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:59:15.0296 6440 stexstor - ok
21:59:15.0345 6440 [ EBC1A5E076A9BE314D3D9E8ED19ABB0A ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
21:59:15.0438 6440 STHDA - ok
21:59:15.0492 6440 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:59:15.0588 6440 stisvc - ok
21:59:15.0602 6440 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:59:15.0650 6440 swenum - ok
21:59:15.0761 6440 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:59:15.0930 6440 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:59:15.0930 6440 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:59:15.0973 6440 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:59:16.0128 6440 swprv - ok
21:59:16.0196 6440 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
21:59:16.0287 6440 SymDS - ok
21:59:16.0344 6440 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
21:59:16.0477 6440 SymEFA - ok
21:59:16.0524 6440 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:59:16.0607 6440 SymEvent - ok
21:59:16.0638 6440 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
21:59:16.0710 6440 SymIRON - ok
21:59:16.0733 6440 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
21:59:16.0839 6440 SymNetS - ok
21:59:16.0930 6440 [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:59:17.0048 6440 SynTP - ok
21:59:17.0121 6440 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:59:17.0305 6440 SysMain - ok
21:59:17.0325 6440 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:59:17.0410 6440 TabletInputService - ok
21:59:17.0432 6440 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:59:17.0563 6440 TapiSrv - ok
21:59:17.0579 6440 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:59:17.0701 6440 TBS - ok
21:59:17.0801 6440 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:59:17.0969 6440 Tcpip - ok
21:59:18.0037 6440 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:59:18.0180 6440 TCPIP6 - ok
21:59:18.0214 6440 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:59:18.0266 6440 tcpipreg - ok
21:59:18.0302 6440 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:59:18.0346 6440 TDPIPE - ok
21:59:18.0369 6440 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:59:18.0414 6440 TDTCP - ok
21:59:18.0436 6440 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:59:18.0552 6440 tdx - ok
21:59:18.0581 6440 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:59:18.0635 6440 TermDD - ok
21:59:18.0673 6440 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:59:18.0818 6440 TermService - ok
21:59:18.0829 6440 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:59:18.0906 6440 Themes - ok
21:59:18.0927 6440 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:59:19.0041 6440 THREADORDER - ok
21:59:19.0056 6440 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:59:19.0181 6440 TrkWks - ok
21:59:19.0239 6440 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:59:19.0366 6440 TrustedInstaller - ok
21:59:19.0389 6440 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:59:19.0501 6440 tssecsrv - ok
21:59:19.0540 6440 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:59:19.0589 6440 TsUsbFlt - ok
21:59:19.0620 6440 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:59:19.0667 6440 TsUsbGD - ok
21:59:19.0710 6440 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:59:19.0828 6440 tunnel - ok
21:59:19.0848 6440 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:59:19.0897 6440 uagp35 - ok
21:59:19.0918 6440 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:59:20.0036 6440 udfs - ok
21:59:20.0079 6440 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:59:20.0138 6440 UI0Detect - ok
21:59:20.0187 6440 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:59:20.0234 6440 uliagpkx - ok
21:59:20.0281 6440 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:59:20.0324 6440 umbus - ok
21:59:20.0376 6440 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:59:20.0436 6440 UmPass - ok
21:59:20.0565 6440 [ 6F895CA96552069B3D3EF5B4F6E90D3E ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:59:21.0040 6440 UNS - ok
21:59:21.0130 6440 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:59:21.0280 6440 upnphost - ok
21:59:21.0323 6440 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:59:21.0386 6440 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:59:21.0386 6440 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:59:21.0421 6440 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:59:21.0513 6440 usbccgp - ok
21:59:21.0565 6440 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:59:21.0626 6440 usbcir - ok
21:59:21.0640 6440 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:59:21.0685 6440 usbehci - ok
21:59:21.0748 6440 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:59:21.0815 6440 usbhub - ok
21:59:21.0866 6440 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:59:21.0910 6440 usbohci - ok
21:59:21.0971 6440 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:59:22.0025 6440 usbprint - ok
21:59:22.0062 6440 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:59:22.0132 6440 USBSTOR - ok
21:59:22.0150 6440 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:59:22.0194 6440 usbuhci - ok
21:59:22.0219 6440 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:59:22.0284 6440 usbvideo - ok
21:59:22.0312 6440 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:59:22.0465 6440 UxSms - ok
21:59:22.0486 6440 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:59:22.0538 6440 VaultSvc - ok
21:59:22.0561 6440 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:59:22.0604 6440 vdrvroot - ok
21:59:22.0630 6440 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:59:22.0761 6440 vds - ok
21:59:22.0779 6440 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:59:22.0872 6440 vga - ok
21:59:22.0896 6440 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:59:23.0011 6440 VgaSave - ok
21:59:23.0031 6440 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:59:23.0093 6440 vhdmp - ok
21:59:23.0109 6440 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:59:23.0154 6440 viaide - ok
21:59:23.0175 6440 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:59:23.0248 6440 volmgr - ok
21:59:23.0285 6440 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:59:23.0354 6440 volmgrx - ok
21:59:23.0378 6440 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:59:23.0442 6440 volsnap - ok
21:59:23.0504 6440 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:59:23.0559 6440 vsmraid - ok
21:59:23.0626 6440 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:59:23.0847 6440 VSS - ok
21:59:23.0867 6440 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:59:23.0922 6440 vwifibus - ok
21:59:23.0939 6440 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:59:24.0001 6440 vwififlt - ok
21:59:24.0047 6440 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:59:24.0109 6440 vwifimp - ok
21:59:24.0172 6440 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:59:24.0325 6440 W32Time - ok
21:59:24.0365 6440 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:59:24.0411 6440 WacomPen - ok
21:59:24.0450 6440 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:59:24.0561 6440 WANARP - ok
21:59:24.0585 6440 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:59:24.0692 6440 Wanarpv6 - ok
21:59:24.0785 6440 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:59:25.0460 6440 WatAdminSvc - ok
21:59:25.0563 6440 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:59:25.0763 6440 wbengine - ok
21:59:25.0789 6440 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:59:25.0882 6440 WbioSrvc - ok
21:59:25.0903 6440 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:59:25.0998 6440 wcncsvc - ok
21:59:26.0013 6440 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:59:26.0083 6440 WcsPlugInService - ok
21:59:26.0101 6440 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:59:26.0147 6440 Wd - ok
21:59:26.0187 6440 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:59:26.0272 6440 Wdf01000 - ok
21:59:26.0287 6440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:59:26.0400 6440 WdiServiceHost - ok
21:59:26.0406 6440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:59:26.0496 6440 WdiSystemHost - ok
21:59:26.0515 6440 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:59:26.0610 6440 WebClient - ok
21:59:26.0626 6440 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:59:26.0772 6440 Wecsvc - ok
21:59:26.0781 6440 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:59:26.0922 6440 wercplsupport - ok
21:59:26.0969 6440 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:59:27.0094 6440 WerSvc - ok
21:59:27.0150 6440 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:59:27.0247 6440 WfpLwf - ok
21:59:27.0266 6440 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:59:27.0307 6440 WIMMount - ok
21:59:27.0320 6440 WinDefend - ok
21:59:27.0348 6440 WinHttpAutoProxySvc - ok
21:59:27.0419 6440 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:59:27.0568 6440 Winmgmt - ok
21:59:27.0645 6440 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:59:27.0881 6440 WinRM - ok
21:59:27.0990 6440 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:59:28.0074 6440 WinUsb - ok
21:59:28.0130 6440 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:59:28.0270 6440 Wlansvc - ok
21:59:28.0314 6440 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:59:28.0380 6440 wlcrasvc - ok
21:59:28.0509 6440 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:59:28.0841 6440 wlidsvc - ok
21:59:28.0899 6440 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:59:28.0945 6440 WmiAcpi - ok
21:59:28.0983 6440 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:59:29.0079 6440 wmiApSrv - ok
21:59:29.0129 6440 WMPNetworkSvc - ok
21:59:29.0153 6440 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:59:29.0218 6440 WPCSvc - ok
21:59:29.0236 6440 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:59:29.0339 6440 WPDBusEnum - ok
21:59:29.0377 6440 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:59:29.0490 6440 ws2ifsl - ok
21:59:29.0504 6440 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:59:29.0592 6440 wscsvc - ok
21:59:29.0597 6440 WSearch - ok
21:59:29.0683 6440 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:59:29.0890 6440 wuauserv - ok
21:59:29.0920 6440 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:59:29.0973 6440 WudfPf - ok
21:59:30.0029 6440 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:59:30.0095 6440 WUDFRd - ok
21:59:30.0141 6440 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:59:30.0212 6440 wudfsvc - ok
21:59:30.0249 6440 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll
21:59:30.0329 6440 WwanSvc - ok
21:59:30.0380 6440 ================ Scan global ===============================
21:59:30.0413 6440 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:59:30.0450 6440 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:59:30.0465 6440 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:59:30.0493 6440 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:59:30.0534 6440 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:59:30.0541 6440 [Global] - ok
21:59:30.0541 6440 ================ Scan MBR ==================================
21:59:30.0550 6440 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:59:30.0970 6440 \Device\Harddisk0\DR0 - ok
21:59:30.0971 6440 ================ Scan VBR ==================================
21:59:30.0975 6440 [ 967F6849E451518931400B6C818E3B4B ] \Device\Harddisk0\DR0\Partition1
21:59:30.0978 6440 \Device\Harddisk0\DR0\Partition1 - ok
21:59:31.0015 6440 [ B8D7B0392121960713EEF91FB8D08CAA ] \Device\Harddisk0\DR0\Partition2
21:59:31.0017 6440 \Device\Harddisk0\DR0\Partition2 - ok
21:59:31.0048 6440 [ 7FFC43B5E5B90404FFECE482252EC3D6 ] \Device\Harddisk0\DR0\Partition3
21:59:31.0051 6440 \Device\Harddisk0\DR0\Partition3 - ok
21:59:31.0067 6440 [ 9BDADF78F664CD341030C25AA0935518 ] \Device\Harddisk0\DR0\Partition4
21:59:31.0068 6440 \Device\Harddisk0\DR0\Partition4 - ok
21:59:31.0069 6440 ============================================================
21:59:31.0069 6440 Scan finished
21:59:31.0069 6440 ============================================================
21:59:31.0089 0864 Detected object count: 2
21:59:31.0089 0864 Actual detected object count: 2
22:01:04.0658 0864 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - copied to quarantine
22:01:04.0813 0864 HKLM\SYSTEM\ControlSet001\services\SwitchBoard - will be deleted on reboot
22:01:04.0859 0864 HKLM\SYSTEM\ControlSet002\services\SwitchBoard - will be deleted on reboot
22:01:05.0036 0864 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - will be deleted on reboot
22:01:05.0036 0864 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:01:05.0069 0864 C:\Windows\system32\Drivers\usbaapl64.sys - copied to quarantine
22:01:05.0105 0864 HKLM\SYSTEM\ControlSet001\services\USBAAPL64 - will be deleted on reboot
22:01:05.0127 0864 HKLM\SYSTEM\ControlSet002\services\USBAAPL64 - will be deleted on reboot
22:01:05.0144 0864 C:\Windows\system32\Drivers\usbaapl64.sys - will be deleted on reboot
22:01:05.0144 0864 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Delete

It says a reboot is necessary so will I do that now ?


Report •

#25
January 12, 2013 at 18:36:12
Sorry just read the end of part 2 of log - Yes please reboot.

While I look through the log please download and run WiseRegistryCleaner from this link: http://www.wisecleaner.com/download...
Run the two tabs Registry Cleaner and System Tuneup.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#26
January 12, 2013 at 18:58:21
Okay I have done that and cleaned up the registry and ran the system tuneup, I also have had to reboot again, what do I do next ?

Report •

#27
January 12, 2013 at 18:59:23
How is the laptop running now?

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#28
January 12, 2013 at 19:07:34
The laptop is running fine (: , is the virus fully removed ?

Report •

#29
January 12, 2013 at 19:09:50
Download and run HighJackThis save log only, fix nothing:
http://www.bleepingcomputer.com/dow...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#30
January 12, 2013 at 19:15:33
Here is the log :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:14:12, on 06/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\Jade\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files (x86)\Lexmark Printable Web\bho.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\ezprint.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [RMAlert] "C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe" /PRODUCT=RM /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jade\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jade\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Jade\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxdx_device - Unknown owner - C:\Windows\system32\lxdxcoms.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16891 bytes


Report •

#31
January 12, 2013 at 19:41:10
Re-run HJT again and check mark these items for removal:

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)


NOTE: This entry is a suggested removal, do you want this it is part of Registry Mechanic from PC Tools?

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKLM\..\Run: [RMAlert] "C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe" /PRODUCT=RM /R

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#32
January 12, 2013 at 19:51:52
Okay I have done that and I also removed the suggested removal files too as I don't need registry mechanic from pc tools, what do I do next ? :)

Report •

#33
January 12, 2013 at 19:56:55
Last thing since we have found some real nasties, is to run ESET's online scanner.
It needs to be ran using Internet Explorer.
http://www.eset.com/me/home/product...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#34
January 13, 2013 at 03:01:58
Going over your HJT log again, I see you have McAfee and Norton products installed at the same time. This can cause conflicts which could leave your pc exposed to viruses etc. I would remove Norton's entries. Run HJT again and check mark the following for removal:

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#35
January 13, 2013 at 06:44:39
Okay I removed all that norton stuff. I ran the ESET online scanner and this is the log that I got at the end :

C:\Users\Jade\Downloads\Grimm_2x01_(HDTV-x264-LOL)[VTV].exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined


Report •

#36
January 13, 2013 at 11:35:48
Whats my next move ? (:

Report •

#37
January 13, 2013 at 11:52:13
I have been talking to Johnw about the WindowsXP MBR code and we both think its odd since you know nothing of a WindowsXP OS anywhere.

Please download and run ListParts64 by Farbar (for 64-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Post those results in your next reply.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#38
January 13, 2013 at 12:26:59
okay not a problem heres the results

ListParts by Farbar Version: 30-10-2012
Ran by Jade (administrator) on 06-01-2013 at 21:24:14
Windows 7 (X64)
Running From: C:\Users\Jade\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 81%
Total physical RAM: 5941.86 MB
Available physical RAM: 1126.07 MB
Total Pagefile: 11881.91 MB
Available Pagefile: 6394.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:576.85 GB) (Free:112.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Recovery) (Fixed) (Total:15.16 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.02 GB) FAT32
5 Drive g: (JADE) (Fixed) (Total:298.02 GB) (Free:231.53 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 576 GB 200 MB
Partition 3 Primary 15 GB 577 GB
Partition 4 Primary 4063 MB 592 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 576 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Recovery NTFS Partition 15 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E HP_TOOLS FAT32 Partition 4063 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 B

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G JADE FAT32 Partition 298 GB Healthy

======================================================================================================

****** End Of Log ******


Report •

#39
January 13, 2013 at 13:06:20
Well the log looks ok, so unless anyone want's to add anything or you are having any other troubles you should be ok.

NOTE: The only other things I recommend are;
* Is that your pc's date is out by a @ week. You should fix this.

* And I would update and run a full Malwarebytes scan at some stage to catch any leftovers lurking on your pc. (Post the log if anything is found)

* Also run Wise Disk Cleaner from this link: http://www.wisecleaner.com/
Run the "Common Cleaner", "Advanced Cleaner" and "Slimming Down" tabs.
The Slimming Down Mode is all optional and it is up to you what you remove :)
It wouldn't hurt to check for Fragmentation, so you could run the "Disk Defrag" as well.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#40
January 13, 2013 at 13:12:27
I would also install the WOT browser addon, as it was most likely a torrent download that you were infected by. This tool will rate the sites you download from and help block bad ones.
http://www.computing.net/howtos/sho...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#41
January 13, 2013 at 13:29:55
Okay I will do all those, my windows updates were set to update automatically every day but one morning when I turned on my laptop windows was unable to start, the screen was just black with the mouse cursor on it but there was no logon screen or anything and I had to do a system restore and the same happened with another computer I have aswell when I did the automatic windows update aswell so I changed the update option from automatic to telling me when theres updates and I can choose whether to update or not, could the update have caused windows not to start ?

Report •

#42
January 13, 2013 at 13:38:13
Yes it can happen. - Google this - "can a windows7 update stop a pc from booting?"

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#43
January 13, 2013 at 14:02:46
Ahh okay well I have just turned windows updates off

Thanks so much for all your help! The laptop seems to be working fine now , I am running a malaware bytes full scan so it will probably take a while but hopefully everything will be fine, thanks again (:


Report •

#44
January 13, 2013 at 14:12:54
Your most welcome, glad to be of service. Let us know if you have any other problems. And don't forget to select a Best Answer :)

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#45
January 13, 2013 at 15:22:12
this is the log from the full malaware bytes scan :

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.12.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jade :: JADE-HP [administrator]

Protection: Enabled

06/01/2013 21:30:24
MBAM-log-2013-01-06 (21-20-34).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 478749
Time elapsed: 1 hour(s), 50 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> No action taken.

(end)


Report •

#46
January 13, 2013 at 15:29:35
You can go ahead and remove this infected item :)

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#47
January 13, 2013 at 15:43:40
Johnw has suggested you run Combofix to catch anything we missed as well as fix any damage caused. I would like to see a Combofix log as well :)
Combofix download link: http://www.bleepingcomputer.com/dow...

NOTE:
* Save to Desktop.
* Turn off McAfee's real time scanner's.
* Disable Malwarebytes real time scanner if it is running.
* Once you start the Combofix scan do not open anything or play with your mouse. It can stall Combofix and cause problems.
* Read the following instructions very carefully please.
http://www.bleepingcomputer.com/com...
Post log in your next reply.

Sorry for this but we like to be sure we have everything :)

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#48
January 14, 2013 at 09:39:46
Here is the log from combofix:

ComboFix 13-01-14.01 - Jade 06/01/2013 21:56:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5942.3921 [GMT 0:00]
Running from: c:\users\Jade\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Vid-Saver.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\users\Jade\AppData\Local\Vid-Saver
c:\users\Jade\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
c:\users\Jade\Favorites\# Crack\TS3W.exe
c:\users\Jade\Favorites\Autorun.exe
c:\users\Jade\Favorites\Sims3EP04Setup.exe
c:\users\Jade\Favorites\Support\EADM\eadm-installer.exe
c:\users\Jade\Favorites\Support\Updates\TS3_1.21.123.0110xx_update.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-06 22:01 . 2013-01-06 22:01 -------- d-----w- c:\program files (x86)\ESET
2013-01-06 22:01 . 2013-01-06 22:01 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-06 22:00 . 2013-01-06 22:00 -------- d-----w- c:\users\Jade\AppData\Roaming\Malwarebytes
2013-01-06 21:59 . 2013-01-06 21:59 -------- d-----w- c:\programdata\Malwarebytes
2013-01-06 21:59 . 2013-01-06 22:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-06 21:59 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-06 21:59 . 2013-01-06 21:59 -------- d-----w- c:\users\Jade\AppData\Local\Programs
2013-01-06 21:45 . 2013-01-06 21:45 -------- d-----w- c:\users\Jade\AppData\Roaming\SUPERAntiSpyware.com
2013-01-06 21:44 . 2013-01-06 21:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-06 21:44 . 2013-01-06 21:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-06 21:42 . 2013-01-06 21:42 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F51FD0C-4F96-4FC4-A91A-A5C5E96E5E19}\gapaengine.dll
2013-01-06 21:42 . 2012-11-08 09:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFB02C8C-69E4-4AE6-BF2F-69CBD702E5DD}\mpengine.dll
2013-01-06 21:36 . 2013-01-06 21:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-06 21:36 . 2013-01-06 21:37 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-06 21:32 . 2013-01-06 21:16 -------- d-----w- c:\users\Jade\AppData\Roaming\Wise Care 365
2013-01-06 21:22 . 2013-01-06 21:22 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-06 21:15 . 2013-01-06 21:15 -------- d-----w- c:\program files\HitmanPro
2013-01-06 21:14 . 2013-01-06 21:56 -------- d-----w- c:\programdata\HitmanPro
2013-01-06 21:12 . 2013-01-06 21:12 388096 ----a-r- c:\users\Jade\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-06 21:12 . 2013-01-06 21:12 -------- d-----w- c:\program files (x86)\Trend Micro
2013-01-06 21:11 . 2013-01-06 21:20 -------- d-----w- c:\users\Jade\AppData\Roaming\Wise Registry Cleaner
2013-01-06 21:10 . 2013-01-06 21:31 -------- d-----w- c:\program files (x86)\Wise
2013-01-06 21:07 . 2013-01-06 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 20:01 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-08 20:00 . 2012-12-08 20:01 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-08 20:00 . 2012-12-08 20:00 -------- d-----w- c:\program files\iPod
2012-12-08 20:00 . 2012-12-08 20:01 -------- d-----w- c:\program files\iTunes
2012-12-08 19:52 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F184A058-564C-44A4-B7BE-3BBCAA7E961D}\mpengine.dll
2012-12-08 19:50 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-08 19:50 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-08 19:50 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-08 19:50 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-08 19:50 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-08 19:50 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-08 19:50 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-08 19:48 . 2012-12-08 20:00 -------- d-----w- c:\users\Jade\AppData\Roaming\calibre
2012-12-08 19:48 . 2012-12-09 03:32 -------- d-----w- c:\program files (x86)\Calibre2
2012-12-08 19:40 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-08 19:40 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-08 19:40 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-08 19:40 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-08 19:32 . 2012-12-09 03:32 -------- d-----w- c:\users\Jade\AppData\Roaming\Free Download Manager
2012-12-08 19:27 . 2012-12-08 19:27 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-06 21:24 . 2012-05-06 19:06 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-06 21:24 . 2011-07-16 06:05 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-08 19:52 . 2012-01-18 19:19 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-18 18:25 . 2012-11-24 19:43 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-10-16 08:38 . 2012-12-08 19:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-08 19:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-08 19:28 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-24 19:43 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-24 19:43 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-24 19:43 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-24 19:43 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-08 969104]
"Facebook Update"="c:\users\Jade\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Spotify Web Helper"="c:\users\Jade\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-14 1199576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-07-23 111640]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"lxdumon.exe"="c:\program files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-10-14 676520]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 5600-6600 Series\ezprint.exe" [2010-10-14 131752]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Jade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-4-19 969216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [2012-07-17 580648]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-29 1075712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-04-13 339048]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys [2009-02-12 26024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-01-06 108904]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-04-25 197504]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-04-13 2425960]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 1039872]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2011-05-10 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-10 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-01-07 565352]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 21:24]
.
2012-10-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-603234931-4281251525-1305880066-1001Core.job
- c:\users\Jade\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-10 23:29]
.
2013-01-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-603234931-4281251525-1305880066-1001UA.job
- c:\users\Jade\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-10 23:29]
.
2013-01-06 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-10-30 11:16]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 20:09]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 20:09]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603234931-4281251525-1305880066-1001Core.job
- c:\users\Jade\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 14:58]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603234931-4281251525-1305880066-1001UA.job
- c:\users\Jade\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 14:58]
.
2012-10-15 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-03-14 14:14]
.
2012-09-26 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-03-14 14:14]
.
2013-01-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5be5eda5-e342-4d6c-89db-81cefbe385d1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-01-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task dac8589e-451f-43ee-8d59-eab162f9b50d.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-01-06 c:\windows\Tasks\Wise Care 365.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-01-06 17:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-10 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-10 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-10 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-13 1424896]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-19 44880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\
FF - ExtSQL: 2012-11-15 18:29; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; c:\users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\90ojfa5c.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - ExtSQL: 2012-12-09 03:32; fdm_ffext@freedownloadmanager.org; c:\users\Jade\AppData\Roaming\Free Download Manager\Firefox\Extension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-39526188.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-06 21:11:02
ComboFix-quarantined-files.txt 2013-01-06 21:11
.
Pre-Run: 127,843,213,312 bytes free
Post-Run: 127,462,666,240 bytes free
.
- - End Of File - - C0410FE51CE21E592A675E2F215D9224


Report •

#49
January 14, 2013 at 12:59:59
Does everything look okay ?

Report •

#50
January 14, 2013 at 13:08:05
Yes it looks ok, it deleted nothing too nasty :) You should be good from now on.
Let us know if you have any other issues with your laptop.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •


Ask Question