Solved SCVHost.exe Trojan :/

[Amaze]

Hello everyone, my name is Sean and I have been reading several of the great posts on her that this website has assited others with in thier troubles.....

Well, I am attempting to fix a really good friend of mines laptop as she is unable to do it, (and apparently so am I, though I thought I was confident enough lol) and I have come to the conclusion that I may have to just flash the drive or get a new one for her.

I first started by removing AVG 2012/13 as I really dislike these and was unable to install my perfered AV, Sunbelt VIPRE....Then I installed MWAM PRO and ran the complete scan with both.... It turned up some 3,274 objects in both, mostly being adware/spyware.... But nonetheless alot of trojans.

I have been getting BSOD randomly, and everytime I start the pc, I recieve the following...
''
RunDLL

There was a problem starting

C:\Users\MYERS\AppData\Local\Google\Diagnostics\aepiwjvks.dll''

and MWAM reports
''
MWAM

C:\Windows\svchost.exe

Trojan.Agent
''
I quarntine it EVERYTIME, and it persitantly returns.....

Thats what brought me here, after reading a few posts, I tried running a few things, first off, I do not have a flash drive handily available, so I cannot run FRST64, so I proceeded to the next suggestion- ComboFix.
Now, everytime I attempt to run it, I BSOD....


BCCode: 1e

BCP1: FFFFFFFFC0000005

BCP2: FFFFF80002CB17EF

BCP3: 0000000000000000

BCP4: 000000007EFA0000

OS Version: 6_1_7601

Service Pack: 1_0

Product: 768_1

Is the error I recieve, I have not compared it to the previous ones on www.osronline.com- sorry if we are not allowed to post links, just putting it out there to make sure it is a realiable source LOL.
But I am at wits end with this computer as I have tried everything I to my knowledge.....

Thank you in advance for the assistance, as I know you guys are great and really try to help an not suggest low intelligent, unnessasary remarks like most other websites...KUDOS!


the specified module could not be found.

 

[Amaze]

"the specified module could not be found", belongs to the first error--RunDLL
LOL

format FAIL

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Amaze]

Thanks for the quick reply!!

I'll start the required scans, but I am unsure that Vipre provides logs for its scans- ill post what I can though.

 

[Broni]

I don't need them.

 

[Amaze]

So just MWAM & DDS?

 

[Broni]

Yes. That's MBAM.

 

[Amaze]

(FULL SCAN)

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Database version: v2011.12.24.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MYERS :: MYERS-PC [administrator]
Protection: Enabled
11/25/2012 3:15:13 PM
mbam-log-2012-11-25 (15-15-13).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 462993
Time elapsed: 5 hour(s), 36 minute(s), 7 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2464 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 81
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{4f28fa5f-7d15-4753-b4fc-d548a0f02bfb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0396d01a-1323-4a15-bd0c-1bc7510f46c6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{A8168AFE-9F36-49DE-A80A-00D19FB50207} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{f3477e9d-d2f6-49f0-9b23-854d7958d07e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{bf78452b-f168-4310-9ec0-4b9b66b845f0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{7A739956-FB82-4379-AF60-E38C48226AA7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{a083c35d-61a9-4625-bbb6-fb54e71b8527} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.DynamicBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.DynamicBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c4a25b73-8ef5-4282-9d21-c8920dd577a1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{15106ae4-6bdf-443e-80b0-3e38b59d26ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{9EF88362-131D-48B0-8969-CCC96F897AB8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.FeedManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.FeedManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5e1bdcf6-dd5f-4dd3-8783-b1454aef1830} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{d833690c-6e56-46c2-a19f-cf5fd81c9c9a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{200F1306-1316-473B-90CE-A777144BBDF5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{cae88e60-cea5-4fcb-b611-54ea6305d8ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1796ec91-d094-4a5f-b681-e16015d1ceac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3141fb47-2f0f-417d-a6fe-7047c5d2bbb4} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{16C7BB64-AC8D-4863-92ED-799D20F001DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.XMLSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.XMLSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1796EC91-D094-4A5F-B681-E16015D1CEAC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{37ed966d-4d0e-4d66-9633-bea542c92860} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{87792411-b73a-435e-86f3-ae633a690e84} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E2DAE1A4-09EE-4209-AD3B-1C96330EDCEF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.RadioSettings.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.RadioSettings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{db1384d8-1bda-4c8d-a743-e9ca671feb00} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.ScriptButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.ScriptButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1241cebd-9777-4bc6-aae5-2a77e25db246} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{64fbf8b6-c770-401a-8b84-f630edaf4448} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0D8734DB-7110-4CDB-833F-52BC93865AB2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{e045df14-bf1d-405c-a37b-a75c1551ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{f9b90065-cd7a-4439-b311-b292299182a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{47A124BA-A6E2-4ED4-AA6F-84FF29E4D7DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E045DF14-BF1D-405C-A37B-A75C1551AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{b70e008c-967b-4104-bc7b-6f7c77dbc38d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{a35ff019-6dbe-4044-b080-6f3fa78a947f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8feeda9e-8f71-45df-a797-468226d1d35b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{C285FFF4-DE32-402D-B8FD-6F34F1D5920C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MapsGalaxy_39.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A35FF019-6DBE-4044-B080-6F3FA78A947F} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 28
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39auxstb.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39datact.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39dlghk.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39dyn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39feedmg.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39highin.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39hkstub.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39htmlmu.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39httpct.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39idle.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39ieovr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39impipe.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39medint.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39mlbtn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39msg.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39Plugin.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39radio.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39regfft.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39reghk.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39regiet.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39script.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39skin.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39skplay.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39tpinst.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39uabtn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)

 

[Amaze]

(FLASH SCAN)

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Database version: v2011.12.24.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MYERS :: MYERS-PC [administrator]
Protection: Enabled
11/25/2012 3:10:26 PM
mbam-log-2012-11-25 (15-10-26).txt
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 158567
Time elapsed: 2 minute(s), 52 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2464 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 15
HKCR\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncher (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncher.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncherSettings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncherSettings.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (Adware.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (Adware.MyWebSearch) -> Data: C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)

 

[Amaze]

(DDS LOG)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by MYERS at 22:16:31 on 2012-11-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1571 [GMT -5:00]
.
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-netsvcs
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=E550D01001CD30A80016C36D&src_id=30659&camp_id=4046&tb_version=1.1.3001.0(B)
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Diagnostics] rundll32.exe "C:\Users\MYERS\AppData\Local\Google\Diagnostics\aepiwjvks.dll",StartupW
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3F5796AA-03E4-4D7D-BA35-28100894F8A0} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://start.toshiba.com/
x64-mDefault_Page_URL = hxxp://start.toshiba.com/
x64-BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
x64-BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-2-24 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-2-24 38016]
R1 SbFw;SbFw;C:\windows\System32\drivers\SbFw.sys [2012-11-25 253528]
R1 SBRE;SBRE;C:\windows\System32\drivers\sbredrv.sys [2012-11-25 49752]
R1 SbTis;SbTis;C:\windows\System32\drivers\sbtis.sys [2012-11-25 94296]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-2-24 204288]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-26 399432]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-2-24 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-2-24 126392]
R2 sbapifs;sbapifs;C:\windows\System32\drivers\sbapifs.sys [2010-6-14 64600]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2010-8-20 181584]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-2 2072896]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-2-24 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-24 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-2-24 1109096]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\windows\System32\drivers\SbFwIm.sys [2012-11-25 84056]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-2-24 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-26 676936]
S2 SBAMSvc;VIPRE Antivirus Premium;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2010-8-20 2763080]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-11-25 25928]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-24 243712]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\windows\System32\drivers\SbFwIm.sys [2012-11-25 84056]
S3 sbhips;sbhips;C:\windows\System32\drivers\sbhips.sys [2012-11-25 60504]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-30 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-27 03:03:37 20480 ----a-w- C:\windows\svchost.exe
2012-11-27 03:02:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-27 02:48:45 -------- d-s---w- C:\ComboFix
2012-11-27 01:09:02 98816 ----a-w- C:\windows\sed.exe
2012-11-27 01:09:02 256000 ----a-w- C:\windows\PEV.exe
2012-11-27 01:09:02 208896 ----a-w- C:\windows\MBR.exe
2012-11-25 20:02:33 -------- d-----w- C:\Users\MYERS\AppData\Roaming\Malwarebytes
2012-11-25 20:01:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-25 20:01:39 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-11-25 20:01:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-25 19:15:17 34624 ----a-w- C:\windows\System32\TURegOpt.exe
2012-11-25 19:15:11 25920 ----a-w- C:\windows\System32\authuitu.dll
2012-11-25 19:15:10 21312 ----a-w- C:\windows\SysWow64\authuitu.dll
2012-11-25 19:13:47 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2012
2012-11-25 19:12:18 -------- d-----w- C:\ProgramData\TuneUp Software
2012-11-25 19:12:06 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-11-25 18:23:24 -------- d-----w- C:\ProgramData\Sunbelt
2012-11-25 18:23:18 -------- d-----w- C:\Users\MYERS\AppData\Roaming\Sunbelt
2012-11-25 18:20:12 60504 ----a-w- C:\windows\System32\drivers\sbhips.sys
2012-11-25 18:20:11 94296 ----a-w- C:\windows\System32\drivers\sbtis.sys
2012-11-25 18:19:49 84056 ----a-w- C:\windows\System32\drivers\SbFwIm.sys
2012-11-25 18:19:48 253528 ----a-w- C:\windows\System32\drivers\SbFw.sys
2012-11-25 18:19:42 49752 ----a-w- C:\windows\System32\drivers\sbredrv.sys
2012-11-25 18:19:42 27472 ----a-w- C:\windows\System32\sbbd.exe
2012-11-25 18:19:32 -------- d-----w- C:\Program Files (x86)\Sunbelt Software
2012-11-25 17:57:20 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-11-25 17:18:16 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CBB6167-C739-41C2-B559-AFC12611D54B}\mpengine.dll
2012-11-25 17:03:22 -------- d-----w- C:\Program Files\PrivacySafeGuard
2012-11-25 17:02:50 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-11-25 17:01:49 -------- d-----w- C:\Users\MYERS\AppData\Roaming\BitTorrent
2012-11-18 07:30:39 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-18 07:30:38 9728 ----a-w- C:\windows\System32\Wdfres.dll
2012-11-18 07:30:38 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2012-11-18 07:30:38 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2012-11-18 07:17:00 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-18 07:11:51 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2012-11-18 07:11:51 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2012-11-18 07:11:51 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2012-11-18 07:11:48 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2012-11-18 07:11:47 744448 ----a-w- C:\windows\System32\WUDFx.dll
2012-11-18 07:11:47 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2012-11-17 07:07:43 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2012-11-01 22:16:55 -------- d-----w- C:\Program Files (x86)\MapsGalaxy_39
.
==================== Find3M ====================
.
2012-10-15 21:41:05 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-15 21:41:05 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-09-12 01:10:28 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-09-12 01:10:28 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
.
============= FINISH: 22:20:34.99 ===============

 

[Amaze]

Need the attach log>?

 

[Broni]

Yes.

 

[Amaze]

Hope .7z is OK

 

[Broni]

No.
Re-read forum rules:

Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it into a couple of replies.

 

[Amaze]

:X sorry, saw the attach part in the log and just....

eh

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/12/2012 9:04:23 PM
System Uptime: 11/26/2012 10:00:53 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD E-300 APU with Radeon(tm) HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 231.639 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP168: 11/10/2012 3:00:23 AM - Windows Update
RP169: 11/10/2012 3:15:37 AM - Windows Update
RP170: 11/10/2012 7:29:37 AM - Windows Update
RP171: 11/10/2012 8:30:30 PM - Windows Update
RP172: 11/11/2012 12:07:14 AM - Windows Update
RP173: 11/11/2012 3:01:07 AM - Windows Update
RP174: 11/11/2012 3:25:14 PM - Windows Update
RP175: 11/11/2012 7:00:33 PM - Windows Backup
RP176: 11/11/2012 7:30:55 PM - Windows Update
RP177: 11/12/2012 3:00:21 AM - Windows Update
RP178: 11/12/2012 3:46:03 AM - Windows Update
RP179: 11/12/2012 11:18:38 PM - Windows Backup
RP180: 11/13/2012 1:48:49 AM - Windows Update
RP181: 11/15/2012 12:43:16 AM - Windows Update
RP182: 11/15/2012 3:00:26 AM - Windows Update
RP183: 11/15/2012 4:15:28 AM - Windows Update
RP184: 11/16/2012 2:17:01 AM - Windows Update
RP185: 11/16/2012 2:38:14 AM - Windows Update
RP186: 11/16/2012 3:00:20 AM - Windows Update
RP187: 11/16/2012 9:34:19 AM - Windows Update
RP188: 11/16/2012 12:07:29 PM - Windows Update
RP189: 11/17/2012 12:40:18 AM - Restore Operation
RP190: 11/17/2012 1:03:22 AM - Windows Update
RP191: 11/17/2012 2:07:12 AM - Windows Update
RP192: 11/17/2012 2:09:07 PM - Restore Operation
RP193: 11/17/2012 2:28:34 PM - Windows Update
RP194: 11/18/2012 2:11:22 AM - Windows Update
RP195: 11/22/2012 8:26:11 AM - Windows Backup
RP196: 11/22/2012 10:13:24 AM - Windows Update
RP197: 11/24/2012 7:58:10 PM - Windows Update
RP198: 11/25/2012 12:30:25 PM - Installed 7-Zip 9.20 (x64 edition)
RP199: 11/25/2012 1:18:39 PM - Installed VIPRE Antivirus Premium.
RP200: 11/25/2012 2:12:38 PM - Installed TuneUp Utilities 2012
RP201: 11/25/2012 7:00:39 PM - Windows Backup
RP202: 11/25/2012 10:57:29 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Reader XI
ALOT Appbar
Amazon Links
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Ask Toolbar
Ask Toolbar Updater
ASPCA Reminder by We-Care.com v4.1.17.1
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Bejeweled 3
BitTorrent
Cases of Stolen Beauty
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Conexant HD Audio
Curse at Twilight
D3DX10
ETDWare PS/2-X64 8.0.8.0_R01
FATE - The Traitor Soul
Ghost Whisperer
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
House of 1000 Doors: The Palm of Zoroaster
Junk Mail filter update
Label@Once 1.0
Letters from Nowhere 2
Magic Academy
Malwarebytes Anti-Malware version 1.65.1.1000
MapsGalaxy Toolbar
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
Privacy SafeGuard version 1.1
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Revo Uninstaller 1.94
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Setup Support for WeCare 1.0
Skype Launcher
Skype™ 5.10
Tales of Lagoona
Temple of Life Collector's Edition
The Hidden Object Show - Season 2
Theatre of the Absurd Collector's Edition
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
VIPRE Antivirus Premium
Visual Studio 2008 x64 Redistributables
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 1.10.02
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
11/26/2012 9:43:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/26/2012 9:43:29 PM, Error: Service Control Manager [7034] - The VIPRE Antivirus Premium service terminated unexpectedly. It has done this 3 time(s).
11/26/2012 9:43:12 PM, Error: Service Control Manager [7034] - The VIPRE Antivirus Premium service terminated unexpectedly. It has done this 2 time(s).
11/26/2012 9:38:58 PM, Error: Service Control Manager [7034] - The VIPRE Antivirus Premium service terminated unexpectedly. It has done this 1 time(s).
11/26/2012 9:33:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/26/2012 9:33:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/26/2012 9:33:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/26/2012 9:33:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/26/2012 9:33:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/26/2012 9:33:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/26/2012 9:33:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SbFw SbTis spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
11/26/2012 9:33:10 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/26/2012 9:33:10 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/26/2012 9:33:10 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/26/2012 9:33:10 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/26/2012 9:33:10 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/26/2012 9:33:10 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/26/2012 9:33:09 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/26/2012 9:33:09 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/26/2012 9:33:09 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/26/2012 9:33:09 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/26/2012 8:55:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb17ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112612-38111-01.
11/26/2012 8:50:10 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/26/2012 8:20:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cbf7ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112612-36941-01.
11/26/2012 7:44:03 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
11/26/2012 7:44:02 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
11/26/2012 7:43:57 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/26/2012 7:43:57 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
11/26/2012 7:08:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SbFw SbTis spldr tdx vwififlt Wanarpv6 WfpLwf
11/25/2012 2:52:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wbengine service.
11/25/2012 2:20:24 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
11/25/2012 2:04:25 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer AMAZE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3F5796AA-03E4-4D7D-BA35-28100894F8A0}. The master browser is stopping or an election is being forced.
11/25/2012 12:45:07 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753637.
11/25/2012 12:44:53 PM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
11/25/2012 12:39:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
11/25/2012 12:08:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/25/2012 12:08:29 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/25/2012 12:08:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/25/2012 12:07:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002d104aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112512-50809-01.
11/25/2012 11:53:25 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000010000000c, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c26638). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112512-60263-01.
11/25/2012 10:58:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2763523).
11/25/2012 10:58:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2761226).
11/25/2012 10:58:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
11/25/2012 10:58:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2750841).
11/25/2012 10:58:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2727528).
11/25/2012 10:58:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452).
11/25/2012 10:58:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2761217).
11/25/2012 1:29:33 PM, Error: Service Control Manager [7034] - The MapsGalaxyService service terminated unexpectedly. It has done this 1 time(s).
11/25/2012 1:05:42 PM, Error: Service Control Manager [7034] - The Toshiba Laptop Checkup Application Launcher service terminated unexpectedly. It has done this 1 time(s).
11/24/2012 7:50:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Amaze]

22:59:06.0016 3936 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:59:07.0140 3936 ============================================================
22:59:07.0140 3936 Current date / time: 2012/11/26 22:59:07.0140
22:59:07.0140 3936 SystemInfo:
22:59:07.0140 3936
22:59:07.0140 3936 OS Version: 6.1.7601 ServicePack: 1.0
22:59:07.0140 3936 Product type: Workstation
22:59:07.0140 3936 ComputerName: MYERS-PC
22:59:07.0140 3936 UserName: MYERS
22:59:07.0140 3936 Windows directory: C:\windows
22:59:07.0140 3936 System windows directory: C:\windows
22:59:07.0140 3936 Running under WOW64
22:59:07.0140 3936 Processor architecture: Intel x64
22:59:07.0140 3936 Number of processors: 2
22:59:07.0140 3936 Page size: 0x1000
22:59:07.0140 3936 Boot type: Normal boot
22:59:07.0140 3936 ============================================================
22:59:09.0448 3936 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:59:09.0464 3936 ============================================================
22:59:09.0464 3936 \Device\Harddisk0\DR0:
22:59:09.0464 3936 MBR partitions:
22:59:09.0464 3936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235D7000
22:59:09.0464 3936 ============================================================
22:59:09.0495 3936 C: <-> \Device\Harddisk0\DR0\Partition1
22:59:09.0495 3936 ============================================================
22:59:09.0495 3936 Initialize success
22:59:09.0495 3936 ============================================================
22:59:26.0296 3688 ============================================================
22:59:26.0296 3688 Scan started
22:59:26.0296 3688 Mode: Manual;
22:59:26.0296 3688 ============================================================
22:59:27.0498 3688 ================ Scan system memory ========================
22:59:27.0498 3688 System memory - ok
22:59:27.0498 3688 ================ Scan services =============================
22:59:28.0012 3688 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
22:59:28.0059 3688 1394ohci - ok
22:59:28.0106 3688 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:59:28.0122 3688 ACPI - ok
22:59:28.0168 3688 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:59:28.0200 3688 AcpiPmi - ok
22:59:28.0340 3688 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:59:28.0340 3688 AdobeARMservice - ok
22:59:28.0543 3688 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:59:28.0558 3688 AdobeFlashPlayerUpdateSvc - ok
22:59:28.0652 3688 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
22:59:28.0683 3688 adp94xx - ok
22:59:28.0777 3688 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
22:59:28.0808 3688 adpahci - ok
22:59:28.0855 3688 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
22:59:28.0886 3688 adpu320 - ok
22:59:28.0933 3688 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:59:28.0948 3688 AeLookupSvc - ok
22:59:29.0026 3688 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
22:59:29.0073 3688 AFD - ok
22:59:29.0136 3688 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
22:59:29.0151 3688 agp440 - ok
22:59:29.0198 3688 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
22:59:29.0229 3688 ALG - ok
22:59:29.0276 3688 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
22:59:29.0292 3688 aliide - ok
22:59:29.0354 3688 [ 2F2E91FD092811353C3BC968BEC274D8 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
22:59:29.0370 3688 AMD External Events Utility - ok
22:59:29.0401 3688 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
22:59:29.0432 3688 amdide - ok
22:59:29.0479 3688 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
22:59:29.0494 3688 AmdK8 - ok
22:59:29.0884 3688 [ 194D76D2083318A2E7071A988E02ECF4 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
22:59:30.0306 3688 amdkmdag - ok
22:59:30.0399 3688 [ 1EEFFCE9A3A65A56A28793EAA3F57026 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
22:59:30.0446 3688 amdkmdap - ok
22:59:30.0493 3688 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
22:59:30.0508 3688 AmdPPM - ok
22:59:30.0540 3688 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
22:59:30.0602 3688 amdsata - ok
22:59:30.0633 3688 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
22:59:30.0664 3688 amdsbs - ok
22:59:30.0680 3688 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
22:59:30.0696 3688 amdxata - ok
22:59:30.0742 3688 [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys
22:59:30.0742 3688 amd_sata - ok
22:59:30.0774 3688 [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys
22:59:30.0789 3688 amd_xata - ok
22:59:30.0867 3688 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
22:59:30.0898 3688 AppID - ok
22:59:30.0945 3688 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:59:30.0976 3688 AppIDSvc - ok
22:59:30.0992 3688 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
22:59:31.0008 3688 Appinfo - ok
22:59:31.0070 3688 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
22:59:31.0101 3688 arc - ok
22:59:31.0132 3688 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
22:59:31.0164 3688 arcsas - ok
22:59:31.0460 3688 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:59:31.0491 3688 aspnet_state - ok
22:59:31.0538 3688 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:59:31.0554 3688 AsyncMac - ok
22:59:31.0600 3688 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
22:59:31.0647 3688 atapi - ok
22:59:31.0741 3688 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:59:31.0756 3688 AudioEndpointBuilder - ok
22:59:31.0788 3688 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
22:59:31.0803 3688 AudioSrv - ok
22:59:31.0866 3688 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
22:59:31.0897 3688 AxInstSV - ok
22:59:31.0959 3688 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
22:59:32.0006 3688 b06bdrv - ok
22:59:32.0068 3688 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
22:59:32.0100 3688 b57nd60a - ok
22:59:32.0178 3688 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
22:59:32.0193 3688 BDESVC - ok
22:59:32.0209 3688 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
22:59:32.0224 3688 Beep - ok
22:59:32.0302 3688 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
22:59:32.0334 3688 BFE - ok
22:59:32.0396 3688 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
22:59:32.0427 3688 BITS - ok
22:59:32.0490 3688 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:59:32.0521 3688 blbdrive - ok
22:59:32.0614 3688 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:59:32.0646 3688 bowser - ok
22:59:32.0708 3688 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
22:59:32.0724 3688 BrFiltLo - ok
22:59:32.0724 3688 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
22:59:32.0755 3688 BrFiltUp - ok
22:59:32.0770 3688 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
22:59:32.0817 3688 BridgeMP - ok
22:59:32.0880 3688 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
22:59:32.0895 3688 Browser - ok
22:59:32.0942 3688 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
22:59:32.0973 3688 Brserid - ok
22:59:33.0020 3688 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:59:33.0051 3688 BrSerWdm - ok
22:59:33.0067 3688 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:59:33.0082 3688 BrUsbMdm - ok
22:59:33.0114 3688 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
22:59:33.0129 3688 BrUsbSer - ok
22:59:33.0145 3688 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
22:59:33.0176 3688 BTHMODEM - ok
22:59:33.0254 3688 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
22:59:33.0270 3688 bthserv - ok
22:59:33.0301 3688 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:59:33.0316 3688 cdfs - ok
22:59:33.0363 3688 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
22:59:33.0410 3688 cdrom - ok
22:59:33.0457 3688 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
22:59:33.0472 3688 CertPropSvc - ok
22:59:33.0504 3688 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
22:59:33.0535 3688 circlass - ok
22:59:33.0582 3688 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
22:59:33.0597 3688 CLFS - ok
22:59:33.0675 3688 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:59:33.0691 3688 clr_optimization_v2.0.50727_32 - ok
22:59:33.0722 3688 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:59:33.0753 3688 clr_optimization_v2.0.50727_64 - ok
22:59:34.0050 3688 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:59:34.0050 3688 clr_optimization_v4.0.30319_32 - ok
22:59:34.0081 3688 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:59:34.0081 3688 clr_optimization_v4.0.30319_64 - ok
22:59:34.0143 3688 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:59:34.0174 3688 CmBatt - ok
22:59:34.0190 3688 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
22:59:34.0190 3688 cmdide - ok
22:59:34.0268 3688 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
22:59:34.0299 3688 CNG - ok
22:59:34.0408 3688 [ 99B1B888B793DE320C5479B3C953781F ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
22:59:34.0611 3688 CnxtHdAudService - ok
22:59:34.0689 3688 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
22:59:34.0720 3688 Compbatt - ok
22:59:34.0752 3688 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
22:59:34.0767 3688 CompositeBus - ok
22:59:34.0798 3688 COMSysApp - ok
22:59:34.0814 3688 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
22:59:34.0861 3688 crcdisk - ok
22:59:34.0923 3688 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
22:59:34.0939 3688 CryptSvc - ok
22:59:35.0001 3688 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
22:59:35.0017 3688 DcomLaunch - ok
22:59:35.0064 3688 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
22:59:35.0110 3688 defragsvc - ok
22:59:35.0173 3688 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:59:35.0173 3688 DfsC - ok
22:59:35.0235 3688 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
22:59:35.0251 3688 Dhcp - ok
22:59:35.0282 3688 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
22:59:35.0298 3688 discache - ok
22:59:35.0360 3688 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
22:59:35.0391 3688 Disk - ok
22:59:35.0438 3688 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:59:35.0454 3688 Dnscache - ok
22:59:35.0485 3688 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
22:59:35.0516 3688 dot3svc - ok
22:59:35.0563 3688 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
22:59:35.0563 3688 DPS - ok
22:59:35.0641 3688 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:59:35.0656 3688 drmkaud - ok
22:59:35.0719 3688 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:59:35.0781 3688 DXGKrnl - ok
22:59:35.0828 3688 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
22:59:35.0828 3688 EapHost - ok
22:59:35.0984 3688 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
22:59:36.0062 3688 ebdrv - ok
22:59:36.0140 3688 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
22:59:36.0140 3688 EFS - ok
22:59:36.0249 3688 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:59:36.0280 3688 ehRecvr - ok
22:59:36.0296 3688 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
22:59:36.0327 3688 ehSched - ok
22:59:36.0421 3688 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
22:59:36.0468 3688 elxstor - ok
22:59:36.0483 3688 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
22:59:36.0499 3688 ErrDev - ok
22:59:36.0608 3688 [ 5D82D501D2FEE413B1F45F0302B5802C ] ETD C:\windows\system32\DRIVERS\ETD.sys
22:59:36.0670 3688 ETD - ok
22:59:36.0717 3688 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
22:59:36.0733 3688 EventSystem - ok
22:59:36.0811 3688 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
22:59:36.0842 3688 exfat - ok
22:59:36.0873 3688 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
22:59:36.0920 3688 fastfat - ok
22:59:37.0014 3688 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
22:59:37.0029 3688 Fax - ok
22:59:37.0076 3688 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
22:59:37.0092 3688 fdc - ok
22:59:37.0138 3688 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
22:59:37.0138 3688 fdPHost - ok
22:59:37.0170 3688 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

 

[Amaze]

22:59:37.0201 3688 FDResPub - ok
22:59:37.0232 3688 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:59:37.0263 3688 FileInfo - ok
22:59:37.0294 3688 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:59:37.0310 3688 Filetrace - ok
22:59:37.0341 3688 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
22:59:37.0372 3688 flpydisk - ok
22:59:37.0419 3688 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:59:37.0435 3688 FltMgr - ok
22:59:37.0528 3688 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
22:59:37.0560 3688 FontCache - ok
22:59:37.0622 3688 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:59:37.0622 3688 FontCache3.0.0.0 - ok
22:59:37.0669 3688 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:59:37.0700 3688 FsDepends - ok
22:59:37.0747 3688 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:59:37.0762 3688 Fs_Rec - ok
22:59:37.0825 3688 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:59:37.0872 3688 fvevol - ok
22:59:37.0934 3688 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
22:59:38.0527 3688 FwLnk - ok
22:59:38.0620 3688 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
22:59:38.0636 3688 gagp30kx - ok
22:59:38.0761 3688 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:59:38.0761 3688 GamesAppService - ok
22:59:38.0839 3688 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
22:59:38.0870 3688 gpsvc - ok
22:59:38.0979 3688 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:59:38.0995 3688 gupdate - ok
22:59:39.0010 3688 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:59:39.0010 3688 gupdatem - ok
22:59:39.0104 3688 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:59:39.0120 3688 gusvc - ok
22:59:39.0166 3688 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:59:39.0198 3688 hcw85cir - ok
22:59:39.0244 3688 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:59:39.0291 3688 HdAudAddService - ok
22:59:39.0322 3688 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
22:59:39.0322 3688 HDAudBus - ok
22:59:39.0369 3688 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
22:59:39.0369 3688 HidBatt - ok
22:59:39.0400 3688 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
22:59:39.0416 3688 HidBth - ok
22:59:39.0447 3688 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
22:59:39.0478 3688 HidIr - ok
22:59:39.0525 3688 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
22:59:39.0541 3688 hidserv - ok
22:59:39.0588 3688 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:59:39.0603 3688 HidUsb - ok
22:59:39.0619 3688 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
22:59:39.0634 3688 hkmsvc - ok
22:59:39.0666 3688 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:59:39.0712 3688 HomeGroupListener - ok
22:59:39.0759 3688 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:59:39.0775 3688 HomeGroupProvider - ok
22:59:39.0837 3688 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:59:39.0853 3688 HpSAMD - ok
22:59:39.0931 3688 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:59:40.0009 3688 HTTP - ok
22:59:40.0024 3688 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:59:40.0056 3688 hwpolicy - ok
22:59:40.0102 3688 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
22:59:40.0118 3688 i8042prt - ok
22:59:40.0180 3688 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:59:40.0212 3688 iaStorV - ok
22:59:40.0305 3688 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:59:40.0352 3688 idsvc - ok
22:59:40.0430 3688 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
22:59:40.0446 3688 iirsp - ok
22:59:40.0524 3688 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
22:59:40.0539 3688 IKEEXT - ok
22:59:40.0570 3688 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
22:59:40.0602 3688 intelide - ok
22:59:40.0664 3688 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
22:59:40.0695 3688 intelppm - ok
22:59:40.0742 3688 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:59:40.0773 3688 IPBusEnum - ok
22:59:40.0789 3688 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:59:40.0804 3688 IpFilterDriver - ok
22:59:40.0882 3688 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
22:59:40.0914 3688 iphlpsvc - ok
22:59:40.0960 3688 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:59:40.0992 3688 IPMIDRV - ok
22:59:41.0007 3688 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:59:41.0023 3688 IPNAT - ok
22:59:41.0054 3688 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
22:59:41.0085 3688 IRENUM - ok
22:59:41.0101 3688 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:59:41.0116 3688 isapnp - ok
22:59:41.0179 3688 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:59:41.0226 3688 iScsiPrt - ok
22:59:41.0272 3688 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
22:59:41.0288 3688 kbdclass - ok
22:59:41.0319 3688 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
22:59:41.0350 3688 kbdhid - ok
22:59:41.0397 3688 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
22:59:41.0397 3688 KeyIso - ok
22:59:41.0460 3688 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:59:41.0475 3688 KSecDD - ok
22:59:41.0522 3688 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:59:41.0553 3688 KSecPkg - ok
22:59:41.0584 3688 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
22:59:41.0616 3688 ksthunk - ok
22:59:41.0678 3688 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
22:59:41.0725 3688 KtmRm - ok
22:59:41.0803 3688 [ 0E154DA6CA9105354A07D0C576804037 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
22:59:41.0803 3688 L1C - ok
22:59:41.0865 3688 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
22:59:41.0881 3688 LanmanServer - ok
22:59:41.0928 3688 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:59:41.0943 3688 LanmanWorkstation - ok
22:59:42.0006 3688 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:59:42.0021 3688 lltdio - ok
22:59:42.0068 3688 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
22:59:42.0115 3688 lltdsvc - ok
22:59:42.0130 3688 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
22:59:42.0162 3688 lmhosts - ok
22:59:42.0240 3688 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
22:59:42.0271 3688 LSI_FC - ok
22:59:42.0286 3688 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
22:59:42.0302 3688 LSI_SAS - ok
22:59:42.0333 3688 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
22:59:42.0333 3688 LSI_SAS2 - ok
22:59:42.0364 3688 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
22:59:42.0396 3688 LSI_SCSI - ok
22:59:42.0442 3688 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
22:59:42.0458 3688 luafv - ok
22:59:42.0567 3688 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
22:59:44.0158 3688 MBAMProtector - ok
22:59:44.0236 3688 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:59:44.0252 3688 MBAMScheduler - ok
22:59:44.0330 3688 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:59:44.0346 3688 MBAMService - ok
22:59:44.0377 3688 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:59:44.0424 3688 Mcx2Svc - ok
22:59:44.0455 3688 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
22:59:44.0470 3688 megasas - ok
22:59:44.0548 3688 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
22:59:44.0611 3688 MegaSR - ok
22:59:44.0673 3688 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
22:59:44.0673 3688 MMCSS - ok
22:59:44.0689 3688 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
22:59:44.0720 3688 Modem - ok
22:59:44.0767 3688 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:59:44.0767 3688 monitor - ok
22:59:44.0798 3688 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:59:44.0814 3688 mouclass - ok
22:59:44.0829 3688 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:59:44.0860 3688 mouhid - ok
22:59:44.0892 3688 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:59:44.0923 3688 mountmgr - ok
22:59:44.0985 3688 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
22:59:45.0016 3688 mpio - ok
22:59:45.0032 3688 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:59:45.0048 3688 mpsdrv - ok
22:59:45.0110 3688 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
22:59:45.0141 3688 MpsSvc - ok
22:59:45.0188 3688 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:59:45.0235 3688 MRxDAV - ok
22:59:45.0250 3688 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:59:45.0266 3688 mrxsmb - ok
22:59:45.0297 3688 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:59:45.0344 3688 mrxsmb10 - ok
22:59:45.0360 3688 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:59:45.0375 3688 mrxsmb20 - ok
22:59:45.0391 3688 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
22:59:45.0406 3688 msahci - ok
22:59:45.0422 3688 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:59:45.0453 3688 msdsm - ok
22:59:45.0484 3688 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
22:59:45.0516 3688 MSDTC - ok
22:59:45.0547 3688 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:59:45.0578 3688 Msfs - ok
22:59:45.0625 3688 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:59:45.0640 3688 mshidkmdf - ok
22:59:45.0656 3688 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:59:45.0672 3688 msisadrv - ok
22:59:45.0718 3688 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:59:45.0734 3688 MSiSCSI - ok
22:59:45.0750 3688 msiserver - ok
22:59:45.0796 3688 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:59:45.0828 3688 MSKSSRV - ok
22:59:45.0859 3688 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:59:45.0890 3688 MSPCLOCK - ok
22:59:45.0906 3688 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:59:45.0921 3688 MSPQM - ok
22:59:45.0968 3688 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:59:46.0015 3688 MsRPC - ok
22:59:46.0030 3688 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
22:59:46.0046 3688 mssmbios - ok
22:59:46.0093 3688 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:59:46.0124 3688 MSTEE - ok
22:59:46.0140 3688 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
22:59:46.0155 3688 MTConfig - ok
22:59:46.0171 3688 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
22:59:46.0186 3688 Mup - ok
22:59:46.0249 3688 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
22:59:46.0264 3688 napagent - ok
22:59:46.0358 3688 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

 

[Amaze]

22:59:46.0389 3688 NativeWifiP - ok
22:59:46.0467 3688 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
22:59:46.0498 3688 NDIS - ok
22:59:46.0576 3688 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:59:46.0608 3688 NdisCap - ok
22:59:46.0654 3688 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:59:46.0686 3688 NdisTapi - ok
22:59:46.0717 3688 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:59:46.0748 3688 Ndisuio - ok
22:59:46.0779 3688 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:59:46.0810 3688 NdisWan - ok
22:59:46.0826 3688 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:59:46.0842 3688 NDProxy - ok
22:59:46.0873 3688 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:59:46.0904 3688 NetBIOS - ok
22:59:46.0951 3688 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:59:46.0982 3688 NetBT - ok
22:59:47.0029 3688 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
22:59:47.0044 3688 Netlogon - ok
22:59:47.0107 3688 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
22:59:47.0122 3688 Netman - ok
22:59:47.0200 3688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:47.0232 3688 NetMsmqActivator - ok
22:59:47.0247 3688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:47.0263 3688 NetPipeActivator - ok
22:59:47.0310 3688 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
22:59:47.0341 3688 netprofm - ok
22:59:47.0356 3688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:47.0356 3688 NetTcpActivator - ok
22:59:47.0372 3688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:47.0372 3688 NetTcpPortSharing - ok
22:59:47.0450 3688 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
22:59:47.0466 3688 nfrd960 - ok
22:59:47.0528 3688 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
22:59:47.0544 3688 NlaSvc - ok
22:59:47.0637 3688 Norton PC Checkup Application Launcher - ok
22:59:47.0668 3688 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
22:59:47.0700 3688 Npfs - ok
22:59:47.0746 3688 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
22:59:47.0746 3688 nsi - ok
22:59:47.0762 3688 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:59:47.0778 3688 nsiproxy - ok
22:59:47.0887 3688 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:59:47.0949 3688 Ntfs - ok
22:59:47.0980 3688 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
22:59:47.0996 3688 Null - ok
22:59:48.0043 3688 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
22:59:48.0074 3688 nvraid - ok
22:59:48.0105 3688 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
22:59:48.0136 3688 nvstor - ok
22:59:48.0168 3688 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:59:48.0199 3688 nv_agp - ok
22:59:48.0230 3688 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:59:48.0261 3688 ohci1394 - ok
22:59:48.0324 3688 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:59:48.0370 3688 p2pimsvc - ok
22:59:48.0589 3688 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
22:59:48.0651 3688 p2psvc - ok
22:59:48.0682 3688 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
22:59:48.0714 3688 Parport - ok
22:59:48.0760 3688 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
22:59:48.0792 3688 partmgr - ok
22:59:48.0823 3688 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
22:59:48.0838 3688 PcaSvc - ok
22:59:48.0885 3688 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
22:59:48.0901 3688 PCCUJobMgr - ok
22:59:48.0948 3688 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
22:59:48.0979 3688 pci - ok
22:59:48.0994 3688 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
22:59:49.0010 3688 pciide - ok
22:59:49.0057 3688 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
22:59:49.0088 3688 pcmcia - ok
22:59:49.0104 3688 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
22:59:49.0119 3688 pcw - ok
22:59:49.0197 3688 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:59:49.0244 3688 PEAUTH - ok
22:59:49.0400 3688 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
22:59:49.0431 3688 PerfHost - ok
22:59:49.0509 3688 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
22:59:49.0540 3688 PGEffect - ok
22:59:49.0618 3688 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
22:59:49.0696 3688 pla - ok
22:59:49.0759 3688 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:59:49.0790 3688 PlugPlay - ok
22:59:49.0821 3688 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:59:49.0852 3688 PNRPAutoReg - ok
22:59:49.0884 3688 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:59:49.0884 3688 PNRPsvc - ok
22:59:49.0946 3688 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:59:49.0977 3688 PolicyAgent - ok
22:59:50.0024 3688 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
22:59:50.0040 3688 Power - ok
22:59:50.0102 3688 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:59:50.0118 3688 PptpMiniport - ok
22:59:50.0133 3688 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
22:59:50.0164 3688 Processor - ok
22:59:50.0227 3688 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
22:59:50.0242 3688 ProfSvc - ok
22:59:50.0274 3688 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
22:59:50.0274 3688 ProtectedStorage - ok
22:59:50.0320 3688 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:59:50.0336 3688 Psched - ok
22:59:50.0414 3688 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
22:59:50.0476 3688 ql2300 - ok
22:59:50.0539 3688 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
22:59:50.0570 3688 ql40xx - ok
22:59:50.0617 3688 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
22:59:50.0664 3688 QWAVE - ok
22:59:50.0695 3688 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:59:50.0710 3688 QWAVEdrv - ok
22:59:50.0726 3688 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:59:50.0742 3688 RasAcd - ok
22:59:50.0820 3688 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:59:50.0835 3688 RasAgileVpn - ok
22:59:50.0882 3688 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
22:59:50.0898 3688 RasAuto - ok
22:59:50.0929 3688 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:59:50.0960 3688 Rasl2tp - ok
22:59:51.0007 3688 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
22:59:51.0022 3688 RasMan - ok
22:59:51.0054 3688 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:59:51.0069 3688 RasPppoe - ok
22:59:51.0100 3688 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:59:51.0132 3688 RasSstp - ok
22:59:51.0178 3688 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:59:51.0225 3688 rdbss - ok
22:59:51.0241 3688 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
22:59:51.0241 3688 rdpbus - ok
22:59:51.0288 3688 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:59:51.0319 3688 RDPCDD - ok
22:59:51.0334 3688 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:59:51.0350 3688 RDPENCDD - ok
22:59:51.0397 3688 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:59:51.0397 3688 RDPREFMP - ok
22:59:51.0459 3688 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:59:51.0475 3688 RDPWD - ok
22:59:51.0537 3688 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:59:51.0568 3688 rdyboost - ok
22:59:51.0615 3688 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
22:59:51.0646 3688 RemoteAccess - ok
22:59:51.0709 3688 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:59:51.0724 3688 RemoteRegistry - ok
22:59:51.0740 3688 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:59:51.0756 3688 RpcEptMapper - ok
22:59:51.0802 3688 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
22:59:51.0834 3688 RpcLocator - ok
22:59:51.0865 3688 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
22:59:51.0896 3688 RpcSs - ok
22:59:51.0943 3688 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:59:51.0974 3688 rspndr - ok
22:59:52.0036 3688 [ 0E3DCF76F11DC431B088A2DFD7265CDA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
22:59:52.0863 3688 RSUSBSTOR - ok
22:59:52.0972 3688 [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
22:59:53.0113 3688 RTL8192Ce - ok
22:59:53.0144 3688 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
22:59:53.0160 3688 SamSs - ok
22:59:53.0378 3688 [ AD720D4D463B72C58DA9FF5933723A66 ] SBAMSvc C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
22:59:53.0440 3688 SBAMSvc - ok
22:59:53.0518 3688 [ F90431C321F42F0E647B0C6A49644D97 ] sbapifs C:\windows\system32\DRIVERS\sbapifs.sys
22:59:53.0534 3688 sbapifs - ok
22:59:53.0612 3688 [ E69DF6EC9606C2C42CCB4EA3A18CC344 ] SbFw C:\windows\system32\drivers\SbFw.sys
22:59:53.0643 3688 SbFw - ok
22:59:53.0752 3688 [ F60BC3EF681EA9AA5AE25FA67E3AA310 ] SBFWIMCL C:\windows\system32\DRIVERS\sbfwim.sys
22:59:53.0752 3688 SBFWIMCL - ok
22:59:53.0799 3688 [ F60BC3EF681EA9AA5AE25FA67E3AA310 ] SBFWIMCLMP C:\windows\system32\DRIVERS\SBFWIM.sys
22:59:53.0799 3688 SBFWIMCLMP - ok
22:59:53.0846 3688 [ 97D0D3141F438FC6AEC4B00C6E962E4D ] sbhips C:\windows\system32\drivers\sbhips.sys
22:59:53.0877 3688 sbhips - ok
22:59:53.0908 3688 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:59:53.0940 3688 sbp2port - ok
22:59:53.0971 3688 [ 9FFBE1A6D3A919D83AD7984DBC012F8C ] SBPIMSvc C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
22:59:53.0986 3688 SBPIMSvc - ok
22:59:54.0064 3688 [ 7E07D2A5B910C71D6474E9AA0EAA1825 ] SBRE C:\windows\system32\drivers\SBREdrv.sys
22:59:54.0080 3688 SBRE - ok
22:59:54.0158 3688 [ C470FA779D0BD9A2309A04E49DD0EB8C ] SbTis C:\windows\system32\drivers\sbtis.sys

 

[Amaze]

22:59:54.0189 3688 SbTis - ok
22:59:54.0236 3688 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
22:59:54.0267 3688 SCardSvr - ok
22:59:54.0314 3688 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:59:54.0361 3688 scfilter - ok
22:59:54.0439 3688 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
22:59:54.0470 3688 Schedule - ok
22:59:54.0501 3688 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
22:59:54.0517 3688 SCPolicySvc - ok
22:59:54.0595 3688 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:59:54.0595 3688 SDRSVC - ok
22:59:54.0657 3688 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
22:59:54.0688 3688 secdrv - ok
22:59:54.0735 3688 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
22:59:54.0766 3688 seclogon - ok
22:59:54.0782 3688 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
22:59:54.0798 3688 SENS - ok
22:59:54.0844 3688 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
22:59:54.0876 3688 SensrSvc - ok
22:59:54.0907 3688 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
22:59:54.0938 3688 Serenum - ok
22:59:55.0000 3688 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
22:59:55.0016 3688 Serial - ok
22:59:55.0047 3688 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
22:59:55.0063 3688 sermouse - ok
22:59:55.0156 3688 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
22:59:55.0172 3688 SessionEnv - ok
22:59:55.0188 3688 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:59:55.0203 3688 sffdisk - ok
22:59:55.0219 3688 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:59:55.0250 3688 sffp_mmc - ok
22:59:55.0281 3688 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:59:55.0312 3688 sffp_sd - ok
22:59:55.0328 3688 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
22:59:55.0359 3688 sfloppy - ok
22:59:55.0422 3688 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
22:59:55.0453 3688 SharedAccess - ok
22:59:55.0515 3688 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:59:55.0531 3688 ShellHWDetection - ok
22:59:55.0593 3688 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
22:59:55.0640 3688 SiSRaid2 - ok
22:59:55.0656 3688 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
22:59:55.0671 3688 SiSRaid4 - ok
22:59:55.0749 3688 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:59:55.0780 3688 SkypeUpdate - ok
22:59:55.0843 3688 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
22:59:55.0874 3688 Smb - ok
22:59:55.0952 3688 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:59:55.0999 3688 SNMPTRAP - ok
22:59:56.0030 3688 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
22:59:56.0061 3688 spldr - ok
22:59:56.0124 3688 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
22:59:56.0155 3688 Spooler - ok
22:59:56.0295 3688 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
22:59:56.0389 3688 sppsvc - ok
22:59:56.0404 3688 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
22:59:56.0436 3688 sppuinotify - ok
22:59:56.0467 3688 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
22:59:56.0514 3688 srv - ok
22:59:56.0576 3688 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:59:56.0607 3688 srv2 - ok
22:59:56.0654 3688 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:59:56.0685 3688 srvnet - ok
22:59:56.0748 3688 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:59:56.0763 3688 SSDPSRV - ok
22:59:56.0794 3688 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
22:59:56.0826 3688 SstpSvc - ok
22:59:56.0857 3688 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
22:59:56.0872 3688 stexstor - ok
22:59:56.0950 3688 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
22:59:56.0997 3688 stisvc - ok
22:59:57.0044 3688 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
22:59:57.0075 3688 swenum - ok
22:59:57.0138 3688 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
22:59:57.0169 3688 swprv - ok
22:59:57.0262 3688 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
22:59:57.0309 3688 SysMain - ok
22:59:57.0340 3688 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
22:59:57.0372 3688 TabletInputService - ok
22:59:57.0403 3688 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
22:59:57.0450 3688 TapiSrv - ok
22:59:57.0481 3688 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
22:59:57.0496 3688 TBS - ok
22:59:57.0621 3688 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:59:57.0699 3688 Tcpip - ok
22:59:57.0777 3688 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
22:59:57.0808 3688 TCPIP6 - ok
22:59:57.0855 3688 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:59:57.0871 3688 tcpipreg - ok
22:59:57.0918 3688 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
22:59:57.0933 3688 tdcmdpst - ok
22:59:57.0980 3688 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:59:58.0011 3688 TDPIPE - ok
22:59:58.0042 3688 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:59:58.0074 3688 TDTCP - ok
22:59:58.0089 3688 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:59:58.0120 3688 tdx - ok
22:59:58.0183 3688 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
22:59:58.0214 3688 TermDD - ok
22:59:58.0276 3688 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
22:59:58.0292 3688 TermService - ok
22:59:58.0323 3688 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
22:59:58.0339 3688 Themes - ok
22:59:58.0386 3688 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
22:59:58.0386 3688 THREADORDER - ok
22:59:58.0510 3688 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:59:58.0542 3688 TMachInfo - ok
22:59:58.0604 3688 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
22:59:58.0635 3688 TODDSrv - ok
22:59:58.0869 3688 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:59:58.0947 3688 TosCoSrv - ok
22:59:59.0166 3688 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:59:59.0181 3688 TOSHIBA HDD SSD Alert Service - ok
22:59:59.0228 3688 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
22:59:59.0244 3688 TrkWks - ok
22:59:59.0306 3688 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:59:59.0322 3688 TrustedInstaller - ok
22:59:59.0353 3688 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:59:59.0384 3688 tssecsrv - ok
22:59:59.0400 3688 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
22:59:59.0431 3688 TsUsbFlt - ok
22:59:59.0462 3688 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
22:59:59.0478 3688 TsUsbGD - ok
22:59:59.0743 3688 [ 3DBE7B3087EC53EE4AAFA83F2E80A415 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
22:59:59.0805 3688 TuneUp.UtilitiesSvc - ok
22:59:59.0883 3688 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
22:59:59.0883 3688 TuneUpUtilitiesDrv - ok
22:59:59.0930 3688 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:59:59.0961 3688 tunnel - ok
23:00:00.0024 3688 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
23:00:00.0039 3688 TVALZ - ok
23:00:00.0070 3688 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
23:00:00.0086 3688 uagp35 - ok
23:00:00.0117 3688 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
23:00:00.0148 3688 udfs - ok
23:00:00.0211 3688 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
23:00:00.0242 3688 UI0Detect - ok
23:00:00.0304 3688 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
23:00:00.0320 3688 uliagpkx - ok
23:00:00.0351 3688 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
23:00:00.0382 3688 umbus - ok
23:00:00.0414 3688 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
23:00:00.0429 3688 UmPass - ok
23:00:00.0476 3688 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
23:00:00.0492 3688 upnphost - ok
23:00:00.0570 3688 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
23:00:00.0601 3688 usbccgp - ok
23:00:00.0632 3688 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
23:00:00.0648 3688 usbcir - ok
23:00:00.0663 3688 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
23:00:00.0694 3688 usbehci - ok
23:00:00.0757 3688 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
23:00:00.0804 3688 usbhub - ok
23:00:00.0819 3688 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
23:00:00.0850 3688 usbohci - ok
23:00:00.0882 3688 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
23:00:00.0913 3688 usbprint - ok
23:00:00.0944 3688 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
23:00:00.0975 3688 USBSTOR - ok
23:00:00.0991 3688 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
23:00:01.0006 3688 usbuhci - ok
23:00:01.0053 3688 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
23:00:01.0084 3688 usbvideo - ok
23:00:01.0131 3688 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
23:00:01.0147 3688 UxSms - ok
23:00:01.0178 3688 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

 

[Amaze]

23:00:01.0194 3688 VaultSvc - ok
23:00:01.0240 3688 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
23:00:01.0256 3688 vdrvroot - ok
23:00:01.0303 3688 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
23:00:01.0443 3688 vds - ok
23:00:01.0459 3688 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
23:00:01.0490 3688 vga - ok
23:00:01.0506 3688 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
23:00:01.0537 3688 VgaSave - ok
23:00:01.0568 3688 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
23:00:01.0599 3688 vhdmp - ok
23:00:01.0630 3688 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
23:00:01.0662 3688 viaide - ok
23:00:01.0677 3688 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
23:00:01.0693 3688 volmgr - ok
23:00:01.0740 3688 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
23:00:01.0771 3688 volmgrx - ok
23:00:01.0802 3688 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
23:00:01.0880 3688 volsnap - ok
23:00:01.0911 3688 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
23:00:01.0942 3688 vsmraid - ok
23:00:02.0036 3688 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
23:00:02.0067 3688 VSS - ok
23:00:02.0098 3688 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
23:00:02.0130 3688 vwifibus - ok
23:00:02.0176 3688 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
23:00:02.0208 3688 vwififlt - ok
23:00:02.0270 3688 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
23:00:02.0301 3688 W32Time - ok
23:00:02.0332 3688 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
23:00:02.0348 3688 WacomPen - ok
23:00:02.0410 3688 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
23:00:02.0426 3688 WANARP - ok
23:00:02.0442 3688 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
23:00:02.0442 3688 Wanarpv6 - ok
23:00:02.0566 3688 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
23:00:02.0613 3688 WatAdminSvc - ok
23:00:02.0707 3688 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
23:00:02.0754 3688 wbengine - ok
23:00:02.0785 3688 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
23:00:02.0800 3688 WbioSrvc - ok
23:00:02.0832 3688 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
23:00:02.0863 3688 wcncsvc - ok
23:00:02.0878 3688 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
23:00:02.0925 3688 WcsPlugInService - ok
23:00:02.0972 3688 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
23:00:02.0972 3688 Wd - ok
23:00:03.0050 3688 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
23:00:03.0097 3688 Wdf01000 - ok
23:00:03.0128 3688 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
23:00:03.0144 3688 WdiServiceHost - ok
23:00:03.0159 3688 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
23:00:03.0175 3688 WdiSystemHost - ok
23:00:03.0206 3688 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
23:00:03.0237 3688 WebClient - ok
23:00:03.0284 3688 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
23:00:03.0331 3688 Wecsvc - ok
23:00:03.0378 3688 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
23:00:03.0393 3688 wercplsupport - ok
23:00:03.0440 3688 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
23:00:03.0440 3688 WerSvc - ok
23:00:03.0518 3688 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
23:00:03.0565 3688 WfpLwf - ok
23:00:03.0580 3688 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
23:00:03.0596 3688 WIMMount - ok
23:00:03.0643 3688 WinDefend - ok
23:00:03.0674 3688 WinHttpAutoProxySvc - ok
23:00:03.0752 3688 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
23:00:03.0768 3688 Winmgmt - ok
23:00:03.0877 3688 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
23:00:03.0955 3688 WinRM - ok
23:00:04.0064 3688 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
23:00:04.0142 3688 Wlansvc - ok
23:00:04.0220 3688 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:00:04.0236 3688 wlcrasvc - ok
23:00:04.0392 3688 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:00:04.0438 3688 wlidsvc - ok
23:00:04.0470 3688 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
23:00:04.0485 3688 WmiAcpi - ok
23:00:04.0579 3688 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
23:00:04.0610 3688 wmiApSrv - ok
23:00:04.0657 3688 WMPNetworkSvc - ok
23:00:04.0719 3688 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
23:00:04.0735 3688 WPCSvc - ok
23:00:04.0766 3688 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
23:00:04.0797 3688 WPDBusEnum - ok
23:00:04.0844 3688 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
23:00:04.0875 3688 ws2ifsl - ok
23:00:04.0906 3688 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
23:00:04.0922 3688 wscsvc - ok
23:00:04.0922 3688 WSearch - ok
23:00:05.0062 3688 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
23:00:05.0125 3688 wuauserv - ok
23:00:05.0172 3688 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
23:00:05.0187 3688 WudfPf - ok
23:00:05.0265 3688 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
23:00:05.0296 3688 WUDFRd - ok
23:00:05.0328 3688 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
23:00:05.0343 3688 wudfsvc - ok
23:00:05.0390 3688 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
23:00:05.0406 3688 WwanSvc - ok
23:00:05.0562 3688 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:00:05.0608 3688 YahooAUService - ok
23:00:05.0655 3688 ================ Scan global ===============================
23:00:05.0702 3688 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
23:00:05.0749 3688 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
23:00:05.0780 3688 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
23:00:05.0827 3688 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
23:00:05.0889 3688 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
23:00:05.0905 3688 [Global] - ok
23:00:05.0905 3688 ================ Scan MBR ==================================
23:00:05.0920 3688 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
23:00:05.0920 3688 Suspicious mbr (Forged): \Device\Harddisk0\DR0
23:00:05.0983 3688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
23:00:05.0983 3688 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
23:00:05.0983 3688 ================ Scan VBR ==================================
23:00:06.0014 3688 [ 0E8181833307AF9717CE06CA6178D97C ] \Device\Harddisk0\DR0\Partition1
23:00:06.0014 3688 \Device\Harddisk0\DR0\Partition1 - ok
23:00:06.0014 3688 ============================================================
23:00:06.0014 3688 Scan finished
23:00:06.0014 3688 ============================================================
23:00:06.0061 4808 Detected object count: 1
23:00:06.0061 4808 Actual detected object count: 1
23:00:46.0044 4808 \Device\Harddisk0\DR0\# - copied to quarantine
23:00:46.0059 4808 \Device\Harddisk0\DR0 - copied to quarantine
23:00:46.0153 4808 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
23:00:46.0168 4808 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
23:00:46.0200 4808 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:00:46.0215 4808 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:00:46.0262 4808 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:00:46.0293 4808 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:00:46.0309 4808 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
23:00:46.0340 4808 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:00:46.0356 4808 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
23:00:46.0387 4808 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:00:46.0418 4808 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:00:46.0434 4808 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
23:00:46.0449 4808 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
23:00:46.0480 4808 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
23:00:46.0527 4808 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:00:46.0621 4808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
23:00:46.0621 4808 \Device\Harddisk0\DR0 - ok
23:00:47.0292 4808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

 

[Amaze]

After the reboot, got the same RunDLL error, and MBAM picked up the same trojan again that its been picking up after every reboot.

 

[Amaze]

BTW- is it normal for IE to constantly "stop working" if the character limit is reached?

I think I had to recover the webpage at least 12 times to get the logs posted

 

[Broni]

Your computer is most likely still infected.
We just got rid of TDL rootkit.

Re-run MBAM and post new log.

Next....

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Amaze]

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.26.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MYERS :: MYERS-PC [administrator]
Protection: Enabled
11/27/2012 12:53:07 PM
mbam-log-2012-11-27 (19-06-55).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 503383
Time elapsed: 6 hour(s), 1 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> No action taken.
HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (PUP.MyWebSearch) -> No action taken.
Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> No action taken.
C:\Program Files (x86)\Savings Sidekick (PUP.CrossRider.SSK) -> No action taken.
Files Detected: 5
C:\Users\MYERS\Downloads\Malwarebytes Anti-Malware v1.60.0.1800 Final Incl. Keygen\Keygen\Keygen.exe (RiskWare.Tool.HCK) -> No action taken.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> No action taken.
C:\Program Files (x86)\Savings Sidekick\Savings SidekickInstaller.log (PUP.CrossRider.SSK) -> No action taken.
C:\Users\MYERS\Local Settings\Application Data\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
C:\Users\MYERS\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
(end)