[RESOLVED] Laptop has FBI virus, can only access the guest account

  • 30 Replies
  • 8132 Views
*

Offline Clikens86

  • Bronze Member
  • 42
I am working with Kevin to fix my desktop, but we have a laptop that has the fbi virus. At one time MBAM stopped the virus but it kept re executing.  I cannot access the main account as my brother in law had a spyhunter program that stopped the virus from executing but you have to pay to have it remove infections. DDS only came up with the DDS log. It did not come with an attach log.  Thank you guys for your help. 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Likens at 10:52:29 on 2013-10-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3964.1958 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\Dwm.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\rundll32.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\windows\system32\igfxext.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\System32\svchost.exe -k swprv
C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}
uProxyOverride = <local>;*.local
uWinlogon: Shell = cmd.exe
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [Best Buy pc app] C:\Users\Likens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [Temp] rundll32 "C:\Users\Likens\AppData\Local\Deployment\Temp\iacphg.dll",DllRegisterServer
uRun: [VirtualStore] rundll32 "C:\Users\Likens\AppData\Local\adawarebp\VirtualStore\bjcgbgno.dll",DllRegisterServer
uRun: [GameServer33] "C:\Users\Likens\AppData\Roaming\Identities\WIN7533.exe"
uRun: [dY5bCfYA.exe] "C:\Users\Likens\AppData\Local\RqrbLenF5I\dY5bCfYA.exe"
uRun: [8U8AZ03m.exe] "C:\Users\Likens\AppData\Local\DYkf6MUi\8U8AZ03m.exe"
uRun: [9abwQAY8Jl.exe] "C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [bncsaui.exe] C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4B2FED6D-D2D7-4B70-8A77-63DD8B4956CF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4B2FED6D-D2D7-4B70-8A77-63DD8B4956CF}\2375942554832373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4B2FED6D-D2D7-4B70-8A77-63DD8B4956CF}\2656C6B696E6E253661693 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4B2FED6D-D2D7-4B70-8A77-63DD8B4956CF}\26677657563747 : DHCPNameServer = 10.19.2.1 10.6.2.7
SSODL: WebCheck - <orphaned>
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN67864597126278267&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=54907E3045F69F886FEC9A51EF41D728
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-7-23 14456]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 BNPagent;Bradford Persistent Agent Service;C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2011-3-7 3079960]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-6-27 1025408]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-5-3 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-5-3 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 EsgScanner;EsgScanner;C:\windows\System32\drivers\EsgScanner.sys [2013-8-24 22704]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\drivers\hitmanpro37.sys [2013-5-10 32000]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-5-3 232992]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-10-30 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-5-4 1255736]
.
=============== Created Last 30 ================
.
2013-10-17 15:41:57   --------   d-----w-   C:\Program Files\McAfee Security Scan
.
==================== Find3M  ====================
.
2013-10-17 15:43:47   71048   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-17 15:43:47   692616   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37   2241024   ----a-w-   C:\windows\System32\wininet.dll
2013-07-26 05:12:08   3958784   ----a-w-   C:\windows\System32\jscript9.dll
2013-07-26 05:12:04   136704   ----a-w-   C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03   67072   ----a-w-   C:\windows\System32\iesetup.dll
2013-07-26 03:35:08   2706432   ----a-w-   C:\windows\System32\mshtml.tlb
2013-07-26 03:13:24   1767936   ----a-w-   C:\windows\SysWow64\wininet.dll
2013-07-26 03:12:04   2877440   ----a-w-   C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00   61440   ----a-w-   C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00   109056   ----a-w-   C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14   2706432   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38   89600   ----a-w-   C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38   71680   ----a-w-   C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54   1888768   ----a-w-   C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27   1620992   ----a-w-   C:\windows\SysWow64\WMVDECOD.DLL
2013-07-24 02:55:48   1224   ---ha-w-   C:\aaw7boot.cmd
2013-07-24 02:52:55   47496   ----a-w-   C:\windows\System32\sbbd.exe
2013-07-24 02:52:55   14456   ----a-w-   C:\windows\System32\drivers\gfibto.sys
.
============= FINISH: 10:52:46.15 ===============
« Last Edit: October 17, 2013, 03:09:56 PM by Bear »

*

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • 2428
Re: Laptop has FBI virus, can only access the guest account
« Reply #1 on: October 17, 2013, 11:40:28 AM »
Hi Clikens86 and Welcome to SpywareHammer!

I am currently looking though your logs and will advice you on what to do in my next reply.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

*

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • 2428
Re: Laptop has FBI virus, can only access the guest account
« Reply #2 on: October 17, 2013, 02:45:49 PM »
Hello Clikens86

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

As you seem to be having trouble with this tool, let's use another one.

Step 1

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.


  • When the tool opens click Yes to disclaimer.



  • Press Scan button.



  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

*

Offline Clikens86

  • Bronze Member
  • 42
Re: Laptop has FBI virus, can only access the guest account
« Reply #3 on: October 17, 2013, 03:03:09 PM »
I've tried 3 times to run FRST and I keeps getting the error in the attached picture.  "error in expression"

EDIT: Ran as administrator and it worked.....

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Likens (administrator) on CANTSTOPMYSHINE on 17-10-2013 16:14:56
Running from C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe
(Xysvlp) C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] -

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Best Buy pc app] - C:\Users\Likens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKCU\...\Run: [Temp] - rundll32 "C:\Users\Likens\AppData\Local\Deployment\Temp\iacphg.dll",DllRegisterServer <===== ATTENTION
HKCU\...\Run: [VirtualStore] - rundll32 "C:\Users\Likens\AppData\Local\adawarebp\VirtualStore\bjcgbgno.dll",DllRegisterServer <===== ATTENTION
HKCU\...\Run: [GameServer33] - C:\Users\Likens\AppData\Roaming\Identities\WIN7533.exe [131072 2013-08-18] ()
HKCU\...\Run: [dY5bCfYA.exe] - C:\Users\Likens\AppData\Local\RqrbLenF5I\dY5bCfYA.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Run: [8U8AZ03m.exe] - C:\Users\Likens\AppData\Local\DYkf6MUi\8U8AZ03m.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Run: [9abwQAY8Jl.exe] - C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Likens\AppData\Local\Temp\sosmbrd\sfunxtx\wow.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Command Processor: "C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe" <======= ATTENTION
MountPoints2: {1227e2d0-1fdf-11e2-98d6-00266c7d20e5} - E:\laucher.exe
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [bncsaui.exe] - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [2625304 2011-03-07] (Bradford Networks)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [943016 2013-06-13] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest.CANTSTOPMYSHINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {327ED223-25DF-4EDF-AE3F-80EEE614F2E3} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {327ED223-25DF-4EDF-AE3F-80EEE614F2E3} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN38650307112493118&UM=2
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {5FF6945D-87CE-43EF-847F-618D30FE8BC2} URL =
SearchScopes: HKCU - {E89AFAF9-9983-48C2-9914-B96516E28886} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}
BHO: Updater By SweetPacks - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default
FF NewTab: hxxp://start.sweetpacks.com/?src=97&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}&crg=3.5000006.10045
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=54907E3045F69F886FEC9A51EF41D728
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\searchplugins\mixidj-v37-customized-web-search.xml
FF SearchPlugin: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Ad-Aware Security Add-on - C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF Extension: pxyhzzjbka - C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\Extensions\pxyhzzjbka@pxyhzzjbka.org.xpi
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com

Chrome:
=======
CHR Extension: (Updater By SweetPacks) - C:\Users\Likens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.609_0
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3079960 2011-03-07] (Bradford Networks)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-06-27] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-23] (GFI Software)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32000 2013-05-10] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-17 16:14 - 2013-10-17 16:14 - 00000000 ____D C:\FRST
2013-10-17 15:55 - 2013-10-17 15:59 - 00000324 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\Addition.txt
2013-10-17 15:54 - 2013-10-17 15:54 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\FRST64.exe
2013-10-17 15:53 - 2013-10-17 15:53 - 00000326 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\Addition.txt
2013-10-17 15:49 - 2013-10-17 15:49 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\FRST64.exe
2013-10-17 10:52 - 2013-10-17 10:52 - 00688992 ____R (Swearware) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\dds.com
2013-10-17 10:47 - 2013-10-17 10:52 - 00013804 _____ C:\Users\Likens\Desktop\dds.txt
2013-10-17 10:41 - 2013-10-17 10:41 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

2013-10-17 16:14 - 2013-10-17 16:14 - 00000000 ____D C:\FRST
2013-10-17 16:14 - 2009-07-14 00:13 - 00730924 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-17 16:13 - 2011-05-03 02:02 - 01628980 _____ C:\windows\WindowsUpdate.log
2013-10-17 15:59 - 2013-10-17 15:55 - 00000324 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\Addition.txt
2013-10-17 15:54 - 2013-10-17 15:54 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\FRST64.exe
2013-10-17 15:53 - 2013-10-17 15:53 - 00000326 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\Addition.txt
2013-10-17 15:49 - 2013-10-17 15:49 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\FRST64.exe
2013-10-17 15:49 - 2012-06-11 08:25 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-17 10:52 - 2013-10-17 10:52 - 00688992 ____R (Swearware) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\dds.com
2013-10-17 10:52 - 2013-10-17 10:47 - 00013804 _____ C:\Users\Likens\Desktop\dds.txt
2013-10-17 10:47 - 2009-07-13 23:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-17 10:47 - 2009-07-13 23:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-17 10:43 - 2012-06-11 08:25 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-17 10:43 - 2012-06-11 08:25 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-17 10:43 - 2011-10-30 10:52 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-17 10:42 - 2011-10-30 10:58 - 00001942 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-17 10:41 - 2013-10-17 10:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 10:41 - 2013-07-23 21:56 - 00001879 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-10-17 10:41 - 2011-10-30 10:58 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-10-17 10:39 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-17 10:39 - 2009-07-13 23:51 - 00055054 _____ C:\windows\setupact.log

Alureon:
C:\Users\Likens\AppData\Local\Temp\sosmbrd\sfunxtx\wow.dll

Files to move or delete:
====================
C:\ProgramData\eqba0.pad
C:\ProgramData\lh4f.bat
C:\ProgramData\lh4f.pad
C:\ProgramData\lh4f.reg


Some content of TEMP:
====================
C:\Users\Likens\AppData\Local\Temp\5564.exe
C:\Users\Likens\AppData\Local\Temp\contentDATs.exe
C:\Users\Likens\AppData\Local\Temp\ead3260d-39f7-4f7e-89ff-3d8f22f4352a.exe
C:\Users\Likens\AppData\Local\Temp\f903d000-cb66-4e85-a57c-a7616b39a343.exe
C:\Users\Likens\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Likens\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Likens\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.dll
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.exe
C:\Users\Likens\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Likens\AppData\Local\Temp\nsj2DCC.exe
C:\Users\Likens\AppData\Local\Temp\nspA77E.exe
C:\Users\Likens\AppData\Local\Temp\nsz14DA.exe
C:\Users\Likens\AppData\Local\Temp\nsz9964.exe
C:\Users\Likens\AppData\Local\Temp\pyl87C6.tmp.exe
C:\Users\Likens\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Likens\AppData\Local\Temp\SHSetup.exe
C:\Users\Likens\AppData\Local\Temp\SPStub.exe
C:\Users\Likens\AppData\Local\Temp\tbMix0.dll
C:\Users\Likens\AppData\Local\Temp\uninstaller.exe
C:\Users\Likens\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 19:07

==================== End Of Log ============================
« Last Edit: October 17, 2013, 03:18:16 PM by Clikens86 »

*

Offline Clikens86

  • Bronze Member
  • 42
Re: [In-Progress] Laptop has FBI virus, can only access the guest account
« Reply #4 on: October 17, 2013, 03:19:05 PM »
Heres Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Likens at 2013-10-17 16:16:08
Running from C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Ad-Aware Antivirus (x32 Version: 10.5.3.4405)
Ad-Aware Security Add-on (x32 Version: 3.1.0.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader 9.3 (x32 Version: 9.3.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.27)
Atheros Driver Installation Program (x32 Version: 5.2)
Best Buy pc app (Version: 3.0.0.0)
Bonjour (Version: 3.0.0.10)
Bradford Persistent Agent (x32 Version: 2.2.2.14)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.119.0.61)
Elcomsoft Wireless Security Auditor (x32 Version: 4.0.211.448)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Update Helper (x32 Version: 1.3.21.79)
HitmanPro 3.7 (Version: 3.7.3.194)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (Version: 14.0)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2086)
Intel® Matrix Storage Manager
iTunes (Version: 11.0.4.4)
Java(TM) 6 Update 17 (x32 Version: 6.0.170)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Label@Once 1.0 (x32 Version: 1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.8)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network64 (Version: 140.0.215.000)
Oracle VM VirtualBox 4.0.6 (Version: 4.0.6)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000)
QuickTime (x32 Version: 7.74.80.86)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111)
Scan (x32 Version: 140.0.80.000)
SpyHunter (Version: 4.14.5.4268)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Toolbox (x32 Version: 140.0.428.000)
TopArcadeHits (HKCU)
TOSHIBA Application Installer (x32 Version: 9.0.1.1)
TOSHIBA Assist (x32 Version: 3.00.11)
Toshiba Book Place (x32 Version: 2.0.3977.0)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.07.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA Hardware Setup (x32 Version: 2.00.06)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6)
TOSHIBA Media Controller (x32 Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.4.9)
TOSHIBA Quality Application (x32 Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA ReelTime (x32 Version: 1.6.06.64)
TOSHIBA Service Station (x32 Version: 2.1.40)
TOSHIBA Supervisor Password (x32 Version: 2.00.03)
TOSHIBA Value Added Package (Version: 1.3.3.64)
TOSHIBA Value Added Package (x32 Version: 1.3.3.64)
ToshibaRegistration (x32 Version: 1.0.4)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Updater By SweetPacks 2.0.0.609 (Version: 2.0.0.609)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Photo Gallery (x32 Version: 14.0.8117.416)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8117.0416)

==================== Restore Points  =========================

08-07-2013 21:43:21 Installed QuickTime
11-07-2013 02:34:41 Windows Update
12-07-2013 14:19:06 Windows Update
14-07-2013 15:21:52 Windows Update
21-07-2013 03:36:19 Windows Update
24-07-2013 02:49:17 Windows Update
16-08-2013 11:50:49 Windows Update
25-08-2013 04:01:35 Installed SpyHunter

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2A382225-0D7C-4AAA-B7EC-17107A6AB4C2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-17] (Adobe Systems Incorporated)
Task: {7353A222-6E9D-428A-B26B-A9AC59FA6A32} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3727344842-4028780472-3075785767-1001
Task: {9ADF5F58-9FD1-4494-82E5-C01BF8C366EE} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {BCE46997-545A-4F04-9B42-3A64B7EBD523} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {C10107C8-C0C4-4A99-A4D0-F72EEC6CD9E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-03-03 16:15 - 2010-03-03 16:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 15:26 - 2009-11-03 15:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-07-19 16:32 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-23 21:59 - 2013-07-05 14:25 - 00190752 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-07-23 21:59 - 2013-07-05 14:25 - 00178464 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2013-02-11 05:47 - 2013-02-11 05:47 - 00087464 _____ () C:\Program Files (x86)\adawaretb\adawareDx.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2013 01:17:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0x4c0
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 01:16:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0xee4
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 01:08:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0x55c
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 00:45:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0x650
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 00:44:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0xac4
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 00:43:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0xafc
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 00:40:07 AM) (Source: Application Hang) (User: )
Description: The program Spyhunter4.exe version 4.14.5.4268 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e18

Start Time: 01cea1551f076335

Termination Time: 0

Application Path: C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

Report Id:

Error: (08/25/2013 00:36:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0x580
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/21/2013 10:31:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42526

Error: (08/21/2013 10:31:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42526


System errors:
=============
Error: (10/17/2013 03:58:23 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:57:16 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:55:35 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:54:28 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:53:16 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:50:28 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:49:26 PM) (Source: DCOM) (User: )
Description: {DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/17/2013 10:41:41 AM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 10:42:49 AM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 10:39:37 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:38:06 AM on ‎10/‎17/‎2013 was unexpected.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3963.98 MB
Available physical RAM: 2356.17 MB
Total Pagefile: 7926.14 MB
Available Pagefile: 6348.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI105952W0C) (Fixed) (Total:222.34 GB) (Free:169.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 65698AF9)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================

*

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • 2428
Re: [In-Progress] Laptop has FBI virus, can only access the guest account
« Reply #5 on: October 18, 2013, 01:25:12 AM »
Hello Clikens86

Warning Rootkit Detected


One or more of the identified infections is a Zero Access.

This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I suggest a reformat of the system, but the decision is entirely up to you. If you would like to continue, please follow the steps below.

Step 1
  • Click on Start -> Control Panel -> Add/Remove Programs
  • Uninstall the following applications if present on your machine
    • Best Buy pc app (Version: 3.0.0.0)
  • Close the Add/Remove Programs and Control Panel
  • Restart your computer


Step 2

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 3
Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



  • Click the Start Scan button.



  • If a suspicious object is detected, the default action will be Skip, click on Continue.



  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.



  • Note: Do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

*

Offline Clikens86

  • Bronze Member
  • 42
Re: [In-Progress] Laptop has FBI virus, can only access the guest account
« Reply #6 on: October 18, 2013, 08:31:12 AM »
09:20:46.0539 4124  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:20:50.0236 4124  ============================================================
09:20:50.0236 4124  Current date / time: 2013/10/18 09:20:50.0236
09:20:50.0236 4124  SystemInfo:
09:20:50.0236 4124 
09:20:50.0236 4124  OS Version: 6.1.7601 ServicePack: 1.0
09:20:50.0236 4124  Product type: Workstation
09:20:50.0236 4124  ComputerName: CANTSTOPMYSHINE
09:20:50.0236 4124  UserName: Likens
09:20:50.0236 4124  Windows directory: C:\windows
09:20:50.0236 4124  System windows directory: C:\windows
09:20:50.0236 4124  Running under WOW64
09:20:50.0236 4124  Processor architecture: Intel x64
09:20:50.0236 4124  Number of processors: 1
09:20:50.0236 4124  Page size: 0x1000
09:20:50.0236 4124  Boot type: Normal boot
09:20:50.0236 4124  ============================================================
09:20:50.0798 4124  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:20:50.0798 4124  ============================================================
09:20:50.0798 4124  \Device\Harddisk0\DR0:
09:20:50.0798 4124  MBR partitions:
09:20:50.0798 4124  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCAE800
09:20:50.0798 4124  ============================================================
09:20:50.0829 4124  C: <-> \Device\Harddisk0\DR0\Partition1
09:20:50.0829 4124  ============================================================
09:20:50.0829 4124  Initialize success
09:20:50.0829 4124  ============================================================
09:21:00.0563 5084  ============================================================
09:21:00.0563 5084  Scan started
09:21:00.0563 5084  Mode: Manual; SigCheck; TDLFS;
09:21:00.0563 5084  ============================================================
09:21:01.0062 5084  ================ Scan system memory ========================
09:21:01.0062 5084  System memory - ok
09:21:01.0078 5084  ================ Scan services =============================
09:21:01.0250 5084  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
09:21:01.0406 5084  1394ohci - ok
09:21:01.0437 5084  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
09:21:01.0452 5084  ACPI - ok
09:21:01.0484 5084  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
09:21:01.0546 5084  AcpiPmi - ok
09:21:01.0796 5084  [ AE1671A3C798A3467DE5E7DD12179803 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
09:21:01.0827 5084  Ad-Aware Service - ok
09:21:01.0998 5084  [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:21:02.0014 5084  AdobeFlashPlayerUpdateSvc - ok
09:21:02.0092 5084  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
09:21:02.0108 5084  adp94xx - ok
09:21:02.0154 5084  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
09:21:02.0170 5084  adpahci - ok
09:21:02.0186 5084  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
09:21:02.0201 5084  adpu320 - ok
09:21:02.0248 5084  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
09:21:02.0326 5084  AeLookupSvc - ok
09:21:02.0420 5084  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
09:21:02.0435 5084  AFD - ok
09:21:02.0498 5084  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
09:21:02.0513 5084  agp440 - ok
09:21:02.0560 5084  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
09:21:02.0576 5084  ALG - ok
09:21:02.0622 5084  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
09:21:02.0638 5084  aliide - ok
09:21:02.0669 5084  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
09:21:02.0685 5084  amdide - ok
09:21:02.0732 5084  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
09:21:02.0763 5084  AmdK8 - ok
09:21:02.0778 5084  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
09:21:02.0825 5084  AmdPPM - ok
09:21:02.0903 5084  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\windows\system32\drivers\amdsata.sys
09:21:02.0903 5084  amdsata - ok
09:21:02.0934 5084  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
09:21:02.0966 5084  amdsbs - ok
09:21:02.0997 5084  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\windows\system32\drivers\amdxata.sys
09:21:03.0012 5084  amdxata - ok
09:21:03.0090 5084  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
09:21:03.0153 5084  AppID - ok
09:21:03.0215 5084  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
09:21:03.0262 5084  AppIDSvc - ok
09:21:03.0324 5084  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
09:21:03.0371 5084  Appinfo - ok
09:21:03.0543 5084  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:21:03.0558 5084  Apple Mobile Device - ok
09:21:03.0652 5084  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
09:21:03.0668 5084  arc - ok
09:21:03.0668 5084  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
09:21:03.0683 5084  arcsas - ok
09:21:03.0714 5084  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
09:21:03.0808 5084  AsyncMac - ok
09:21:03.0902 5084  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
09:21:03.0902 5084  atapi - ok
09:21:03.0964 5084  [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr            C:\windows\system32\DRIVERS\athrx.sys
09:21:04.0026 5084  athr - ok
09:21:04.0120 5084  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
09:21:04.0198 5084  AudioEndpointBuilder - ok
09:21:04.0229 5084  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
09:21:04.0292 5084  AudioSrv - ok
09:21:04.0354 5084  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
09:21:04.0401 5084  AxInstSV - ok
09:21:04.0432 5084  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
09:21:04.0463 5084  b06bdrv - ok
09:21:04.0526 5084  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
09:21:04.0572 5084  b57nd60a - ok
09:21:04.0619 5084  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
09:21:04.0650 5084  BDESVC - ok
09:21:04.0666 5084  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
09:21:04.0744 5084  Beep - ok
09:21:04.0822 5084  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
09:21:04.0884 5084  BFE - ok
09:21:04.0916 5084  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
09:21:04.0994 5084  BITS - ok
09:21:05.0056 5084  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
09:21:05.0087 5084  blbdrive - ok
09:21:05.0243 5084  [ 2DF7274105329AC0A27718DE705BCDAE ] BNPagent        C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
09:21:05.0306 5084  BNPagent - ok
09:21:05.0430 5084  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:21:05.0524 5084  Bonjour Service - ok
09:21:05.0555 5084  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
09:21:05.0586 5084  bowser - ok
09:21:05.0633 5084  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
09:21:05.0680 5084  BrFiltLo - ok
09:21:05.0711 5084  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
09:21:05.0758 5084  BrFiltUp - ok
09:21:05.0805 5084  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
09:21:05.0820 5084  Browser - ok
09:21:05.0836 5084  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
09:21:05.0852 5084  Brserid - ok
09:21:05.0867 5084  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
09:21:05.0883 5084  BrSerWdm - ok
09:21:05.0898 5084  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
09:21:05.0914 5084  BrUsbMdm - ok
09:21:05.0930 5084  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
09:21:05.0945 5084  BrUsbSer - ok
09:21:05.0961 5084  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
09:21:05.0976 5084  BTHMODEM - ok
09:21:06.0023 5084  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
09:21:06.0117 5084  bthserv - ok
09:21:06.0148 5084  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
09:21:06.0210 5084  cdfs - ok
09:21:06.0273 5084  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
09:21:06.0304 5084  cdrom - ok
09:21:06.0382 5084  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
09:21:06.0444 5084  CertPropSvc - ok
09:21:06.0476 5084  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
09:21:06.0507 5084  circlass - ok
09:21:06.0538 5084  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
09:21:06.0554 5084  CLFS - ok
09:21:06.0632 5084  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:21:06.0632 5084  clr_optimization_v2.0.50727_32 - ok
09:21:06.0678 5084  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:21:06.0678 5084  clr_optimization_v2.0.50727_64 - ok
09:21:06.0756 5084  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
09:21:06.0834 5084  CmBatt - ok
09:21:06.0897 5084  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
09:21:06.0912 5084  cmdide - ok
09:21:06.0959 5084  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
09:21:06.0975 5084  CNG - ok
09:21:07.0068 5084  [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
09:21:07.0131 5084  CnxtHdAudService - ok
09:21:07.0209 5084  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
09:21:07.0224 5084  Compbatt - ok
09:21:07.0271 5084  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
09:21:07.0334 5084  CompositeBus - ok
09:21:07.0349 5084  COMSysApp - ok
09:21:07.0380 5084  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
09:21:07.0396 5084  crcdisk - ok

*

Offline Clikens86

  • Bronze Member
  • 42
Re: [In-Progress] Laptop has FBI virus, can only access the guest account
« Reply #7 on: October 18, 2013, 08:32:25 AM »
09:21:07.0458 5084  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\windows\system32\cryptsvc.dll
09:21:07.0505 5084  CryptSvc - ok
09:21:07.0552 5084  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
09:21:07.0614 5084  DcomLaunch - ok
09:21:07.0661 5084  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
09:21:07.0770 5084  defragsvc - ok
09:21:07.0802 5084  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
09:21:07.0848 5084  DfsC - ok
09:21:07.0911 5084  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
09:21:07.0989 5084  Dhcp - ok
09:21:08.0020 5084  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
09:21:08.0129 5084  discache - ok
09:21:08.0160 5084  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
09:21:08.0176 5084  Disk - ok
09:21:08.0207 5084  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
09:21:08.0270 5084  Dnscache - ok
09:21:08.0301 5084  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
09:21:08.0363 5084  dot3svc - ok
09:21:08.0426 5084  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
09:21:08.0472 5084  Dot4 - ok
09:21:08.0535 5084  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\windows\system32\drivers\Dot4Prt.sys
09:21:08.0566 5084  Dot4Print - ok
09:21:08.0597 5084  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
09:21:08.0644 5084  dot4usb - ok
09:21:08.0675 5084  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
09:21:08.0738 5084  DPS - ok
09:21:08.0784 5084  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
09:21:08.0847 5084  drmkaud - ok
09:21:08.0894 5084  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
09:21:08.0925 5084  DXGKrnl - ok
09:21:09.0003 5084  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
09:21:09.0065 5084  EapHost - ok
09:21:09.0174 5084  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
09:21:09.0268 5084  ebdrv - ok
09:21:09.0299 5084  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
09:21:09.0330 5084  EFS - ok
09:21:09.0424 5084  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
09:21:09.0486 5084  ehRecvr - ok
09:21:09.0549 5084  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
09:21:09.0596 5084  ehSched - ok
09:21:09.0689 5084  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
09:21:09.0705 5084  elxstor - ok
09:21:09.0720 5084  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
09:21:09.0767 5084  ErrDev - ok
09:21:09.0923 5084  [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard       C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
09:21:09.0954 5084  esgiguard - ok
09:21:10.0017 5084  [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner      C:\windows\system32\DRIVERS\EsgScanner.sys
09:21:10.0048 5084  EsgScanner - ok
09:21:10.0095 5084  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
09:21:10.0157 5084  EventSystem - ok
09:21:10.0173 5084  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
09:21:10.0282 5084  exfat - ok
09:21:10.0313 5084  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
09:21:10.0391 5084  fastfat - ok
09:21:10.0454 5084  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
09:21:10.0500 5084  Fax - ok
09:21:10.0516 5084  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
09:21:10.0532 5084  fdc - ok
09:21:10.0610 5084  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
09:21:10.0672 5084  fdPHost - ok
09:21:10.0688 5084  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
09:21:10.0750 5084  FDResPub - ok
09:21:10.0781 5084  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
09:21:10.0797 5084  FileInfo - ok
09:21:10.0797 5084  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
09:21:10.0875 5084  Filetrace - ok
09:21:10.0890 5084  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
09:21:10.0937 5084  flpydisk - ok
09:21:11.0000 5084  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
09:21:11.0015 5084  FltMgr - ok
09:21:11.0109 5084  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
09:21:11.0156 5084  FontCache - ok
09:21:11.0218 5084  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:21:11.0234 5084  FontCache3.0.0.0 - ok
09:21:11.0249 5084  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
09:21:11.0265 5084  FsDepends - ok
09:21:11.0312 5084  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
09:21:11.0327 5084  Fs_Rec - ok
09:21:11.0374 5084  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
09:21:11.0390 5084  fvevol - ok
09:21:11.0468 5084  [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk           C:\windows\system32\DRIVERS\FwLnk.sys
09:21:11.0514 5084  FwLnk - ok
09:21:11.0546 5084  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
09:21:11.0546 5084  gagp30kx - ok
09:21:11.0592 5084  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:21:11.0608 5084  GEARAspiWDM - ok
09:21:11.0686 5084  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\windows\system32\drivers\gfibto.sys
09:21:11.0702 5084  gfibto - ok
09:21:11.0811 5084  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
09:21:11.0889 5084  gpsvc - ok
09:21:11.0920 5084  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
09:21:11.0951 5084  hcw85cir - ok
09:21:12.0029 5084  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
09:21:12.0076 5084  HdAudAddService - ok
09:21:12.0107 5084  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
09:21:12.0154 5084  HDAudBus - ok
09:21:12.0154 5084  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
09:21:12.0216 5084  HidBatt - ok
09:21:12.0248 5084  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
09:21:12.0279 5084  HidBth - ok
09:21:12.0294 5084  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
09:21:12.0341 5084  HidIr - ok
09:21:12.0372 5084  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
09:21:12.0435 5084  hidserv - ok
09:21:12.0513 5084  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\drivers\hidusb.sys
09:21:12.0544 5084  HidUsb - ok
09:21:12.0606 5084  [ 6B415E7AE774B9118360F559F627468E ] hitmanpro37     C:\windows\system32\drivers\hitmanpro37.sys
09:21:12.0653 5084  hitmanpro37 - ok
09:21:12.0700 5084  hjcwenli - ok
09:21:12.0747 5084  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
09:21:12.0809 5084  hkmsvc - ok
09:21:12.0856 5084  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
09:21:12.0887 5084  HomeGroupListener - ok
09:21:12.0934 5084  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
09:21:12.0950 5084  HomeGroupProvider - ok
09:21:12.0996 5084  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
09:21:13.0012 5084  HpSAMD - ok
09:21:13.0184 5084  [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
09:21:13.0199 5084  HPSLPSVC - ok
09:21:13.0246 5084  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
09:21:13.0340 5084  HTTP - ok
09:21:13.0371 5084  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
09:21:13.0371 5084  hwpolicy - ok
09:21:13.0449 5084  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
09:21:13.0496 5084  i8042prt - ok
09:21:13.0558 5084  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
09:21:13.0605 5084  iaStor - ok
09:21:13.0652 5084  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
09:21:13.0667 5084  iaStorV - ok
09:21:13.0745 5084  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:21:13.0761 5084  idsvc - ok
09:21:14.0010 5084  [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
09:21:14.0244 5084  igfx - ok
09:21:14.0432 5084  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
09:21:14.0447 5084  iirsp - ok
09:21:14.0494 5084  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
09:21:14.0572 5084  IKEEXT - ok
09:21:14.0588 5084  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
09:21:14.0603 5084  intelide - ok
09:21:14.0650 5084  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
09:21:14.0697 5084  intelppm - ok
09:21:14.0728 5084  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
09:21:14.0790 5084  IPBusEnum - ok
09:21:14.0822 5084  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
09:21:14.0884 5084  IpFilterDriver - ok
09:21:14.0931 5084  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
09:21:14.0978 5084  iphlpsvc - ok
09:21:15.0009 5084  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
09:21:15.0024 5084  IPMIDRV - ok
09:21:15.0071 5084  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
09:21:15.0118 5084  IPNAT - ok
09:21:15.0227 5084  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:21:15.0274 5084  iPod Service - ok
09:21:15.0321 5084  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
09:21:15.0336 5084  IRENUM - ok
09:21:15.0399 5084  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
09:21:15.0492 5084  isapnp - ok
09:21:15.0539 5084  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
09:21:15.0555 5084  iScsiPrt - ok
09:21:15.0602 5084  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
09:21:15.0617 5084  kbdclass - ok
09:21:15.0695 5084  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
09:21:15.0726 5084  kbdhid - ok
09:21:15.0742 5084  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
09:21:15.0789 5084  KeyIso - ok
09:21:15.0820 5084  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
09:21:15.0836 5084  KSecDD - ok
09:21:15.0882 5084  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
09:21:15.0898 5084  KSecPkg - ok
09:21:15.0945 5084  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
09:21:16.0023 5084  ksthunk - ok
09:21:16.0054 5084  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
09:21:16.0163 5084  KtmRm - ok
09:21:16.0210 5084  [ 48686C29856F46443952A831424F8D6F ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
09:21:16.0272 5084  L1C - ok
09:21:16.0335 5084  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
09:21:16.0413 5084  LanmanServer - ok
09:21:16.0460 5084  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
09:21:16.0569 5084  LanmanWorkstation - ok
09:21:16.0631 5084  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
09:21:16.0709 5084  lltdio - ok
09:21:16.0756 5084  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
09:21:16.0803 5084  lltdsvc - ok
09:21:16.0818 5084  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
09:21:16.0881 5084  lmhosts - ok
09:21:16.0928 5084  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
09:21:16.0943 5084  LSI_FC - ok
09:21:16.0959 5084  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
09:21:16.0974 5084  LSI_SAS - ok
09:21:16.0990 5084  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
09:21:16.0990 5084  LSI_SAS2 - ok
09:21:17.0006 5084  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
09:21:17.0021 5084  LSI_SCSI - ok
09:21:17.0052 5084  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
09:21:17.0130 5084  luafv - ok
09:21:17.0333 5084  [ 968BFF74AEB683C962960ECE0CAE4135 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
09:21:17.0364 5084  McComponentHostService - ok
09:21:17.0411 5084  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
09:21:17.0474 5084  Mcx2Svc - ok
09:21:17.0520 5084  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
09:21:17.0520 5084  megasas - ok
09:21:17.0552 5084  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
09:21:17.0567 5084  MegaSR - ok
09:21:17.0614 5084  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
09:21:17.0708 5084  MMCSS - ok
09:21:17.0708 5084  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
09:21:17.0786 5084  Modem - ok
09:21:17.0801 5084  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
09:21:17.0848 5084  monitor - ok
09:21:17.0910 5084  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\drivers\mouclass.sys
09:21:17.0926 5084  mouclass - ok
09:21:17.0988 5084  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
09:21:18.0020 5084  mouhid - ok
09:21:18.0051 5084  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
09:21:18.0066 5084  mountmgr - ok
09:21:18.0160 5084  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:21:18.0176 5084  MozillaMaintenance - ok
09:21:18.0191 5084  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
09:21:18.0207 5084  mpio - ok
09:21:18.0238 5084  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
09:21:18.0347 5084  mpsdrv - ok
09:21:18.0394 5084  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
09:21:18.0456 5084  MpsSvc - ok
09:21:18.0488 5084  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
09:21:18.0519 5084  MRxDAV - ok
09:21:18.0566 5084  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
09:21:18.0628 5084  mrxsmb - ok
09:21:18.0659 5084  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
09:21:18.0690 5084  mrxsmb10 - ok
09:21:18.0722 5084  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
09:21:18.0753 5084  mrxsmb20 - ok
09:21:18.0768 5084  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
09:21:18.0800 5084  msahci - ok
09:21:18.0846 5084  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
09:21:18.0862 5084  msdsm - ok
09:21:18.0893 5084  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
09:21:18.0924 5084  MSDTC - ok
09:21:18.0956 5084  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
09:21:19.0096 5084  Msfs - ok
09:21:19.0143 5084  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
09:21:19.0236 5084  mshidkmdf - ok
09:21:19.0252 5084  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
09:21:19.0268 5084  msisadrv - ok
09:21:19.0299 5084  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
09:21:19.0439 5084  MSiSCSI - ok
09:21:19.0439 5084  msiserver - ok
09:21:19.0517 5084  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
09:21:19.0580 5084  MSKSSRV - ok
09:21:19.0595 5084  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
09:21:19.0673 5084  MSPCLOCK - ok
09:21:19.0689 5084  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
09:21:19.0798 5084  MSPQM - ok
09:21:19.0845 5084  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
09:21:19.0860 5084  MsRPC - ok
09:21:19.0892 5084  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
09:21:19.0907 5084  mssmbios - ok
09:21:19.0923 5084  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
09:21:20.0001 5084  MSTEE - ok
09:21:20.0016 5084  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
09:21:20.0048 5084  MTConfig - ok
09:21:20.0079 5084  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
09:21:20.0079 5084  Mup - ok
09:21:20.0126 5084  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
09:21:20.0188 5084  napagent - ok
09:21:20.0235 5084  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
09:21:20.0297 5084  NativeWifiP - ok
09:21:20.0391 5084  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\windows\system32\drivers\ndis.sys
09:21:20.0406 5084  NDIS - ok
09:21:20.0453 5084  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
09:21:20.0516 5084  NdisCap - ok
09:21:20.0562 5084  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
09:21:20.0672 5084  NdisTapi - ok
09:21:20.0687 5084  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
09:21:20.0765 5084  Ndisuio - ok
09:21:20.0812 5084  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
09:21:20.0874 5084  NdisWan - ok
09:21:20.0906 5084  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
09:21:20.0999 5084  NDProxy - ok
09:21:21.0093 5084  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:21:21.0140 5084  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:21:21.0140 5084  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:21:21.0202 5084  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
09:21:21.0264 5084  NetBIOS - ok
09:21:21.0296 5084  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
09:21:21.0358 5084  NetBT - ok
09:21:21.0374 5084  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
09:21:21.0420 5084  Netlogon - ok
09:21:21.0483 5084  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
09:21:21.0561 5084  Netman - ok
09:21:21.0576 5084  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
09:21:21.0670 5084  netprofm - ok
09:21:21.0701 5084  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:21:21.0701 5084  NetTcpPortSharing - ok
09:21:21.0732 5084  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
09:21:21.0748 5084  nfrd960 - ok
09:21:21.0795 5084  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\windows\System32\nlasvc.dll
09:21:21.0873 5084  NlaSvc - ok
09:21:21.0888 5084  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
09:21:21.0966 5084  Npfs - ok
09:21:21.0982 5084  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
09:21:22.0044 5084  nsi - ok
09:21:22.0060 5084  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
09:21:22.0138 5084  nsiproxy - ok
09:21:22.0216 5084  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
09:21:22.0263 5084  Ntfs - ok
09:21:22.0310 5084  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
09:21:22.0372 5084  Null - ok
09:21:22.0403 5084  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\windows\system32\drivers\nvraid.sys
09:21:22.0419 5084  nvraid - ok
09:21:22.0466 5084  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\windows\system32\drivers\nvstor.sys
09:21:22.0481 5084  nvstor - ok
09:21:22.0528 5084  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
09:21:22.0528 5084  nv_agp - ok
09:21:22.0668 5084  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:21:22.0684 5084  odserv - ok
09:21:22.0700 5084  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
09:21:22.0731 5084  ohci1394 - ok
09:21:22.0809 5084  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:21:22.0824 5084  ose - ok
09:21:22.0871 5084  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
09:21:22.0918 5084  p2pimsvc - ok
09:21:22.0949 5084  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
09:21:23.0027 5084  p2psvc - ok
09:21:23.0074 5084  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
09:21:23.0090 5084  Parport - ok
09:21:23.0121 5084  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
09:21:23.0136 5084  partmgr - ok
09:21:23.0183 5084  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
09:21:23.0230 5084  PcaSvc - ok
09:21:23.0261 5084  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
09:21:23.0277 5084  pci - ok
09:21:23.0308 5084  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
09:21:23.0324 5084  pciide - ok
09:21:23.0355 5084  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
09:21:23.0370 5084  pcmcia - ok
09:21:23.0386 5084  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
09:21:23.0402 5084  pcw - ok
09:21:23.0417 5084  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
09:21:23.0480 5084  PEAUTH - ok
09:21:23.0558 5084  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
09:21:23.0589 5084  PerfHost - ok
09:21:23.0682 5084  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
09:21:23.0760 5084  pla - ok
09:21:23.0823 5084  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
09:21:23.0870 5084  PlugPlay - ok
09:21:23.0963 5084  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:21:24.0026 5084  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:21:24.0026 5084  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:21:24.0057 5084  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
09:21:24.0135 5084  PNRPAutoReg - ok
09:21:24.0166 5084  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
09:21:24.0213 5084  PNRPsvc - ok
09:21:24.0260 5084  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
09:21:24.0322 5084  PolicyAgent - ok
09:21:24.0353 5084  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
09:21:24.0462 5084  Power - ok
09:21:24.0525 5084  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
09:21:24.0603 5084  PptpMiniport - ok
09:21:24.0634 5084  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
09:21:24.0665 5084  Processor - ok
09:21:24.0728 5084  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\windows\system32\profsvc.dll
09:21:24.0806 5084  ProfSvc - ok
09:21:24.0837 5084  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
09:21:24.0868 5084  ProtectedStorage - ok
09:21:24.0946 5084  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
09:21:25.0008 5084  Psched - ok
09:21:25.0055 5084  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
09:21:25.0086 5084  ql2300 - ok
09:21:25.0118 5084  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
09:21:25.0133 5084  ql40xx - ok
09:21:25.0149 5084  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
09:21:25.0211 5084  QWAVE - ok
09:21:25.0227 5084  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
09:21:25.0305 5084  QWAVEdrv - ok
09:21:25.0305 5084  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
09:21:25.0352 5084  RasAcd - ok
09:21:25.0414 5084  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
09:21:25.0508 5084  RasAgileVpn - ok
09:21:25.0539 5084  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
09:21:25.0586 5084  RasAuto - ok
09:21:25.0617 5084  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
09:21:25.0742 5084  Rasl2tp - ok
09:21:25.0757 5084  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
09:21:25.0820 5084  RasMan - ok
09:21:25.0851 5084  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
09:21:25.0913 5084  RasPppoe - ok
09:21:25.0929 5084  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
09:21:25.0991 5084  RasSstp - ok
09:21:26.0038 5084  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
09:21:26.0100 5084  rdbss - ok
09:21:26.0116 5084  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
09:21:26.0163 5084  rdpbus - ok
09:21:26.0194 5084  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
09:21:26.0256 5084  RDPCDD - ok
09:21:26.0303 5084  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
09:21:26.0350 5084  RDPENCDD - ok
09:21:26.0366 5084  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
09:21:26.0444 5084  RDPREFMP - ok
09:21:26.0490 5084  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
09:21:26.0506 5084  RDPWD - ok
09:21:26.0568 5084  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
09:21:26.0584 5084  rdyboost - ok
09:21:26.0615 5084  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
09:21:26.0662 5084  RemoteAccess - ok
09:21:26.0693 5084  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
09:21:26.0802 5084  RemoteRegistry - ok
09:21:26.0834 5084  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
09:21:26.0896 5084  RpcEptMapper - ok
09:21:26.0927 5084  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
09:21:26.0958 5084  RpcLocator - ok
09:21:27.0005 5084  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
09:21:27.0114 5084  RpcSs - ok
09:21:27.0177 5084  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
09:21:27.0224 5084  rspndr - ok
09:21:27.0302 5084  [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
09:21:27.0333 5084  RSUSBSTOR - ok
09:21:27.0348 5084  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
09:21:27.0395 5084  SamSs - ok
09:21:27.0598 5084  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
09:21:27.0832 5084  SBAMSvc - ok
09:21:27.0894 5084  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
09:21:27.0910 5084  sbp2port - ok
09:21:27.0957 5084  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
09:21:28.0035 5084  SCardSvr - ok
09:21:28.0050 5084  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
09:21:28.0113 5084  scfilter - ok
09:21:28.0160 5084  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
09:21:28.0222 5084  Schedule - ok
09:21:28.0253 5084  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
09:21:28.0300 5084  SCPolicySvc - ok
09:21:28.0331 5084  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
09:21:28.0378 5084  SDRSVC - ok

*

Offline Clikens86

  • Bronze Member
  • 42
Re: [In-Progress] Laptop has FBI virus, can only access the guest account
« Reply #8 on: October 18, 2013, 08:41:12 AM »
09:21:28.0440 5084  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
09:21:28.0518 5084  secdrv - ok
09:21:28.0534 5084  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
09:21:28.0612 5084  seclogon - ok
09:21:28.0643 5084  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
09:21:28.0752 5084  SENS - ok
09:21:28.0784 5084  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
09:21:28.0815 5084  SensrSvc - ok
09:21:28.0846 5084  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
09:21:28.0877 5084  Serenum - ok
09:21:28.0924 5084  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
09:21:28.0940 5084  Serial - ok
09:21:29.0002 5084  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
09:21:29.0049 5084  sermouse - ok
09:21:29.0096 5084  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
09:21:29.0158 5084  SessionEnv - ok
09:21:29.0205 5084  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
09:21:29.0220 5084  sffdisk - ok
09:21:29.0252 5084  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
09:21:29.0283 5084  sffp_mmc - ok
09:21:29.0314 5084  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
09:21:29.0345 5084  sffp_sd - ok
09:21:29.0392 5084  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
09:21:29.0423 5084  sfloppy - ok
09:21:29.0501 5084  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
09:21:29.0564 5084  SharedAccess - ok
09:21:29.0595 5084  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:21:29.0657 5084  ShellHWDetection - ok
09:21:29.0657 5084  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
09:21:29.0673 5084  SiSRaid2 - ok
09:21:29.0688 5084  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
09:21:29.0704 5084  SiSRaid4 - ok
09:21:29.0735 5084  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
09:21:29.0782 5084  Smb - ok
09:21:29.0844 5084  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
09:21:29.0907 5084  SNMPTRAP - ok
09:21:29.0922 5084  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
09:21:29.0938 5084  spldr - ok
09:21:29.0969 5084  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\windows\System32\spoolsv.exe
09:21:30.0032 5084  Spooler - ok
09:21:30.0141 5084  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
09:21:30.0281 5084  sppsvc - ok
09:21:30.0297 5084  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
09:21:30.0359 5084  sppuinotify - ok
09:21:30.0484 5084  [ 83999925618FC1F09C70799A511A99E2 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
09:21:30.0500 5084  SpyHunter 4 Service - ok
09:21:30.0546 5084  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
09:21:30.0578 5084  srv - ok
09:21:30.0624 5084  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
09:21:30.0656 5084  srv2 - ok
09:21:30.0671 5084  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
09:21:30.0718 5084  srvnet - ok
09:21:30.0796 5084  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
09:21:30.0843 5084  SSDPSRV - ok
09:21:30.0858 5084  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
09:21:30.0936 5084  SstpSvc - ok
09:21:30.0968 5084  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
09:21:30.0983 5084  stexstor - ok
09:21:31.0030 5084  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
09:21:31.0061 5084  StillCam - ok
09:21:31.0139 5084  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
09:21:31.0170 5084  stisvc - ok
09:21:31.0202 5084  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
09:21:31.0217 5084  swenum - ok
09:21:31.0264 5084  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
09:21:31.0342 5084  swprv - ok
09:21:31.0420 5084  [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
09:21:31.0451 5084  SynTP - ok
09:21:31.0514 5084  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
09:21:31.0638 5084  SysMain - ok
09:21:31.0670 5084  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
09:21:31.0701 5084  TabletInputService - ok
09:21:31.0748 5084  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
09:21:31.0810 5084  TapiSrv - ok
09:21:31.0841 5084  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
09:21:31.0888 5084  TBS - ok
09:21:31.0982 5084  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
09:21:32.0013 5084  Tcpip - ok
09:21:32.0091 5084  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
09:21:32.0138 5084  TCPIP6 - ok
09:21:32.0184 5084  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
09:21:32.0247 5084  tcpipreg - ok
09:21:32.0309 5084  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
09:21:32.0403 5084  tdcmdpst - ok
09:21:32.0418 5084  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
09:21:32.0465 5084  TDPIPE - ok
09:21:32.0481 5084  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
09:21:32.0528 5084  TDTCP - ok
09:21:32.0590 5084  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
09:21:32.0684 5084  tdx - ok
09:21:32.0715 5084  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
09:21:32.0730 5084  TermDD - ok
09:21:32.0762 5084  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
09:21:32.0824 5084  TermService - ok
09:21:32.0840 5084  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
09:21:32.0886 5084  Themes - ok
09:21:32.0902 5084  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
09:21:32.0980 5084  THREADORDER - ok
09:21:33.0074 5084  [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
09:21:33.0089 5084  TMachInfo - ok
09:21:33.0136 5084  [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
09:21:33.0136 5084  TODDSrv - ok
09:21:33.0261 5084  [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
09:21:33.0276 5084  TosCoSrv - ok
09:21:33.0339 5084  [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
09:21:33.0354 5084  TOSHIBA HDD SSD Alert Service - ok
09:21:33.0417 5084  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
09:21:33.0495 5084  TrkWks - ok
09:21:33.0557 5084  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
09:21:33.0620 5084  TrustedInstaller - ok
09:21:33.0651 5084  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
09:21:33.0682 5084  tssecsrv - ok
09:21:33.0760 5084  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
09:21:33.0822 5084  TsUsbFlt - ok
09:21:33.0900 5084  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
09:21:33.0963 5084  tunnel - ok
09:21:34.0025 5084  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
09:21:34.0072 5084  TVALZ - ok
09:21:34.0103 5084  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
09:21:34.0119 5084  uagp35 - ok
09:21:34.0150 5084  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
09:21:34.0275 5084  udfs - ok
09:21:34.0306 5084  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
09:21:34.0337 5084  UI0Detect - ok
09:21:34.0400 5084  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
09:21:34.0415 5084  uliagpkx - ok
09:21:34.0478 5084  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\drivers\umbus.sys
09:21:34.0509 5084  umbus - ok
09:21:34.0556 5084  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
09:21:34.0602 5084  UmPass - ok
09:21:34.0649 5084  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
09:21:34.0758 5084  upnphost - ok
09:21:34.0836 5084  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
09:21:34.0868 5084  usbaudio - ok
09:21:34.0899 5084  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\windows\system32\drivers\usbccgp.sys
09:21:34.0930 5084  usbccgp - ok
09:21:34.0977 5084  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
09:21:34.0992 5084  usbcir - ok
09:21:35.0024 5084  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\windows\system32\drivers\usbehci.sys
09:21:35.0070 5084  usbehci - ok
09:21:35.0133 5084  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\windows\system32\drivers\usbhub.sys
09:21:35.0180 5084  usbhub - ok
09:21:35.0211 5084  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\windows\system32\drivers\usbohci.sys
09:21:35.0242 5084  usbohci - ok
09:21:35.0289 5084  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
09:21:35.0336 5084  usbprint - ok
09:21:35.0367 5084  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
09:21:35.0414 5084  usbscan - ok
09:21:35.0460 5084  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
09:21:35.0492 5084  USBSTOR - ok
09:21:35.0523 5084  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
09:21:35.0554 5084  usbuhci - ok
09:21:35.0616 5084  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
09:21:35.0663 5084  usbvideo - ok
09:21:35.0694 5084  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
09:21:35.0804 5084  UxSms - ok
09:21:35.0819 5084  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
09:21:35.0866 5084  VaultSvc - ok
09:21:35.0944 5084  [ E5AF6997B59429BC44DE616B5A963788 ] VBoxDrv         C:\windows\system32\DRIVERS\VBoxDrv.sys
09:21:36.0100 5084  VBoxDrv - ok
09:21:36.0178 5084  [ B4FFC1739B9BD3B0177B16B46CAF8420 ] VBoxNetAdp      C:\windows\system32\DRIVERS\VBoxNetAdp.sys
09:21:36.0194 5084  VBoxNetAdp - ok
09:21:36.0209 5084  [ 5EB23066803668B29D403BC76C63CC70 ] VBoxNetFlt      C:\windows\system32\DRIVERS\VBoxNetFlt.sys
09:21:36.0272 5084  VBoxNetFlt - ok
09:21:36.0318 5084  [ E6A42E54D4F7D7756E988F9135796572 ] VBoxUSBMon      C:\windows\system32\DRIVERS\VBoxUSBMon.sys
09:21:36.0381 5084  VBoxUSBMon - ok
09:21:36.0443 5084  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
09:21:36.0459 5084  vdrvroot - ok
09:21:36.0506 5084  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
09:21:36.0537 5084  vds - ok

*

Offline Clikens86

  • Bronze Member
  • 42
Re: [In-Progress] Laptop has FBI virus, can only access the guest account
« Reply #9 on: October 18, 2013, 08:42:04 AM »
09:21:36.0568 5084  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
09:21:36.0584 5084  vga - ok
09:21:36.0615 5084  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
09:21:36.0646 5084  VgaSave - ok
09:21:36.0677 5084  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
09:21:36.0693 5084  vhdmp - ok
09:21:36.0740 5084  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
09:21:36.0755 5084  viaide - ok
09:21:36.0771 5084  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
09:21:36.0786 5084  volmgr - ok
09:21:36.0818 5084  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
09:21:36.0833 5084  volmgrx - ok
09:21:36.0864 5084  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
09:21:36.0880 5084  volsnap - ok
09:21:36.0911 5084  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
09:21:36.0927 5084  vsmraid - ok
09:21:36.0989 5084  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
09:21:37.0083 5084  VSS - ok
09:21:37.0098 5084  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
09:21:37.0145 5084  vwifibus - ok
09:21:37.0192 5084  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
09:21:37.0223 5084  vwififlt - ok
09:21:37.0239 5084  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
09:21:37.0286 5084  vwifimp - ok
09:21:37.0332 5084  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
09:21:37.0410 5084  W32Time - ok
09:21:37.0457 5084  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
09:21:37.0488 5084  WacomPen - ok
09:21:37.0582 5084  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
09:21:37.0660 5084  WANARP - ok
09:21:37.0676 5084  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
09:21:37.0738 5084  Wanarpv6 - ok
09:21:37.0847 5084  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
09:21:37.0878 5084  WatAdminSvc - ok
09:21:37.0941 5084  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
09:21:38.0003 5084  wbengine - ok
09:21:38.0066 5084  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
09:21:38.0112 5084  WbioSrvc - ok
09:21:38.0159 5084  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
09:21:38.0190 5084  wcncsvc - ok
09:21:38.0206 5084  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
09:21:38.0268 5084  WcsPlugInService - ok
09:21:38.0300 5084  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
09:21:38.0315 5084  Wd - ok
09:21:38.0346 5084  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
09:21:38.0378 5084  Wdf01000 - ok
09:21:38.0409 5084  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
09:21:38.0502 5084  WdiServiceHost - ok
09:21:38.0549 5084  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
09:21:38.0612 5084  WdiSystemHost - ok
09:21:38.0658 5084  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
09:21:38.0690 5084  WebClient - ok
09:21:38.0705 5084  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
09:21:38.0846 5084  Wecsvc - ok
09:21:38.0877 5084  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
09:21:38.0939 5084  wercplsupport - ok
09:21:38.0970 5084  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
09:21:39.0033 5084  WerSvc - ok
09:21:39.0064 5084  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
09:21:39.0173 5084  WfpLwf - ok
09:21:39.0189 5084  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
09:21:39.0204 5084  WIMMount - ok
09:21:39.0236 5084  WinDefend - ok
09:21:39.0251 5084  WinHttpAutoProxySvc - ok
09:21:39.0329 5084  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
09:21:39.0392 5084  Winmgmt - ok
09:21:39.0470 5084  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
09:21:39.0594 5084  WinRM - ok
09:21:39.0672 5084  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
09:21:39.0719 5084  Wlansvc - ok
09:21:39.0750 5084  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
09:21:39.0813 5084  WmiAcpi - ok
09:21:39.0860 5084  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
09:21:39.0906 5084  wmiApSrv - ok
09:21:39.0969 5084  WMPNetworkSvc - ok
09:21:40.0000 5084  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
09:21:40.0031 5084  WPCSvc - ok
09:21:40.0062 5084  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
09:21:40.0094 5084  WPDBusEnum - ok
09:21:40.0125 5084  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
09:21:40.0187 5084  ws2ifsl - ok
09:21:40.0218 5084  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
09:21:40.0281 5084  wscsvc - ok
09:21:40.0296 5084  WSearch - ok
09:21:40.0390 5084  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
09:21:40.0437 5084  wuauserv - ok
09:21:40.0468 5084  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
09:21:40.0608 5084  WudfPf - ok
09:21:40.0624 5084  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
09:21:40.0702 5084  WUDFRd - ok
09:21:40.0749 5084  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
09:21:40.0811 5084  wudfsvc - ok
09:21:40.0889 5084  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
09:21:40.0920 5084  WwanSvc - ok
09:21:40.0983 5084  ================ Scan global ===============================
09:21:41.0045 5084  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
09:21:41.0076 5084  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
09:21:41.0092 5084  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
09:21:41.0139 5084  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
09:21:41.0170 5084  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
09:21:41.0186 5084  [Global] - ok
09:21:41.0186 5084  ================ Scan MBR ==================================
09:21:41.0201 5084  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
09:21:41.0607 5084  \Device\Harddisk0\DR0 - ok
09:21:41.0622 5084  ================ Scan VBR ==================================
09:21:41.0654 5084  [ 67E894CFD0B80033D9092EC703FAD3BF ] \Device\Harddisk0\DR0\Partition1
09:21:41.0654 5084  \Device\Harddisk0\DR0\Partition1 - ok
09:21:41.0654 5084  ============================================================
09:21:41.0654 5084  Scan finished
09:21:41.0654 5084  ============================================================
09:21:41.0669 2692  Detected object count: 2
09:21:41.0669 2692  Actual detected object count: 2
09:21:49.0890 2692  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:21:49.0890 2692  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:21:49.0890 2692  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:21:49.0890 2692  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:28:05.0134 2480  Deinitialize success

*

Offline Clikens86

  • Bronze Member
  • 42
Re: [In-Progress] Laptop has FBI virus, can only access the guest account
« Reply #10 on: October 18, 2013, 08:43:00 AM »
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Likens at 2013-10-18 09:10:16 Run:1
Running from C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe
HKLM\...\Run: [] -
HKCU\...\Run: [Best Buy pc app] - C:\Users\Likens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKCU\...\Run: [Temp] - rundll32 "C:\Users\Likens\AppData\Local\Deployment\Temp\iacphg.dll",DllRegisterServer <===== ATTENTION
HKCU\...\Run: [VirtualStore] - rundll32 "C:\Users\Likens\AppData\Local\adawarebp\VirtualStore\bjcgbgno.dll",DllRegisterServer <===== ATTENTION
HKCU\...\Run: [GameServer33] - C:\Users\Likens\AppData\Roaming\Identities\WIN7533.exe [131072 2013-08-18] ()
HKCU\...\Run: [dY5bCfYA.exe] - C:\Users\Likens\AppData\Local\RqrbLenF5I\dY5bCfYA.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Run: [8U8AZ03m.exe] - C:\Users\Likens\AppData\Local\DYkf6MUi\8U8AZ03m.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Run: [9abwQAY8Jl.exe] - C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Likens\AppData\Local\Temp\sosmbrd\sfunxtx\wow.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Command Processor: "C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe" <======= ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest.CANTSTOPMYSHINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {327ED223-25DF-4EDF-AE3F-80EEE614F2E3} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {327ED223-25DF-4EDF-AE3F-80EEE614F2E3} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN38650307112493118&UM=2
SearchScopes: HKCU - {5FF6945D-87CE-43EF-847F-618D30FE8BC2} URL =
SearchScopes: HKCU - {E89AFAF9-9983-48C2-9914-B96516E28886} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}
BHO: Updater By SweetPacks - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll No File
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
CHR Extension: (Updater By SweetPacks) - C:\Users\Likens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.609_0
C:\Users\Likens\AppData\Local\Temp\sosmbrd\sfunxtx\wow.dll
C:\ProgramData\eqba0.pad
C:\ProgramData\lh4f.bat
C:\ProgramData\lh4f.pad
C:\ProgramData\lh4f.reg
C:\Users\Likens\AppData\Local\Temp\5564.exe
C:\Users\Likens\AppData\Local\Temp\contentDATs.exe
C:\Users\Likens\AppData\Local\Temp\ead3260d-39f7-4f7e-89ff-3d8f22f4352a.exe
C:\Users\Likens\AppData\Local\Temp\f903d000-cb66-4e85-a57c-a7616b39a343.exe
C:\Users\Likens\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Likens\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Likens\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.dll
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.exe
C:\Users\Likens\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Likens\AppData\Local\Temp\nsj2DCC.exe
C:\Users\Likens\AppData\Local\Temp\nspA77E.exe
C:\Users\Likens\AppData\Local\Temp\nsz14DA.exe
C:\Users\Likens\AppData\Local\Temp\nsz9964.exe
C:\Users\Likens\AppData\Local\Temp\pyl87C6.tmp.exe
C:\Users\Likens\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Likens\AppData\Local\Temp\SHSetup.exe
C:\Users\Likens\AppData\Local\Temp\SPStub.exe
C:\Users\Likens\AppData\Local\Temp\tbMix0.dll
C:\Users\Likens\AppData\Local\Temp\uninstaller.exe
C:\Users\Likens\AppData\Local\Temp\WSSetup.exe
*****************

C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM\...\Run: [] - => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Best Buy pc app => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Temp => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\VirtualStore => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GameServer33 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\dY5bCfYA.exe => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\8U8AZ03m.exe => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\9abwQAY8Jl.exe => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKCU\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => Moved successfully.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Users\Guest.CANTSTOPMYSHINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{327ED223-25DF-4EDF-AE3F-80EEE614F2E3} => Key deleted successfully.
HKCR\CLSID\{327ED223-25DF-4EDF-AE3F-80EEE614F2E3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5FF6945D-87CE-43EF-847F-618D30FE8BC2} => Key deleted successfully.
HKCR\CLSID\{5FF6945D-87CE-43EF-847F-618D30FE8BC2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E89AFAF9-9983-48C2-9914-B96516E28886} => Key deleted successfully.
HKCR\CLSID\{E89AFAF9-9983-48C2-9914-B96516E28886} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key deleted successfully.
HKCR\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value deleted successfully.
C:\Users\Likens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\sosmbrd\sfunxtx\wow.dll => Moved successfully.
C:\ProgramData\eqba0.pad => Moved successfully.
C:\ProgramData\lh4f.bat => Moved successfully.
C:\ProgramData\lh4f.pad => Moved successfully.
C:\ProgramData\lh4f.reg => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\5564.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\ead3260d-39f7-4f7e-89ff-3d8f22f4352a.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\f903d000-cb66-4e85-a57c-a7616b39a343.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\GenericUninstall.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\hsbing_717_active.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.dll => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\mconduitinstaller.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\nsj2DCC.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\nspA77E.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\nsz14DA.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\nsz9964.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\pyl87C6.tmp.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\SPStub.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\tbMix0.dll => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\uninstaller.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\WSSetup.exe => Moved successfully.

==== End of Fixlog ====

*

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • 2428
Re: [In-Progress] Laptop has FBI virus, can only access the guest account
« Reply #11 on: October 18, 2013, 01:15:13 PM »
Hello Clikens86

Step 1

Please re-run FRST and click on Scan.

Please copy the contents of this in your next reply.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

*

Offline Clikens86

  • Bronze Member
  • 42
Re: [In-Progress] Laptop has FBI virus, can only access the guest account
« Reply #12 on: October 18, 2013, 02:00:27 PM »
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Likens (administrator) on CANTSTOPMYSHINE on 18-10-2013 14:56:29
Running from C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] -

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {1227e2d0-1fdf-11e2-98d6-00266c7d20e5} - E:\laucher.exe
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [bncsaui.exe] - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [2625304 2011-03-07] (Bradford Networks)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [943016 2013-06-13] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default
FF NewTab: hxxp://start.sweetpacks.com/?src=97&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}&crg=3.5000006.10045
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=54907E3045F69F886FEC9A51EF41D728
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\searchplugins\mixidj-v37-customized-web-search.xml
FF SearchPlugin: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Ad-Aware Security Add-on - C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF Extension: pxyhzzjbka - C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\Extensions\pxyhzzjbka@pxyhzzjbka.org.xpi
FF HKLM-x32\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3079960 2011-03-07] (Bradford Networks)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-06-27] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-23] (GFI Software)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32000 2013-05-10] ()
S1 hjcwenli; \??\C:\windows\system32\drivers\hjcwenli.sys


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-18 09:25 - 2013-10-18 09:26 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Roaming\Mozilla
2013-10-18 09:25 - 2013-10-18 09:25 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Local\Mozilla
2013-10-18 09:14 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-18 09:14 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-18 09:14 - 2013-09-22 17:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-18 09:14 - 2013-09-22 17:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-18 09:14 - 2013-09-22 17:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-18 09:14 - 2013-09-22 17:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-18 09:14 - 2013-09-20 22:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-18 09:14 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-18 09:14 - 2013-09-20 21:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-18 09:14 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-18 09:13 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-18 09:12 - 2013-10-18 09:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\tdsskiller.exe
2013-10-18 09:00 - 2013-10-18 09:01 - 00005601 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\fixlist.txt
2013-10-18 08:53 - 2013-10-18 08:53 - 00000000 ____D C:\c1e364d46130d117946c
2013-10-18 08:50 - 2013-10-18 08:50 - 00000000 ____D C:\Users\fuckdadiazbroz
2013-10-17 16:14 - 2013-10-17 16:14 - 00000000 ____D C:\FRST
2013-10-17 15:55 - 2013-10-17 16:16 - 00021135 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\Addition.txt
2013-10-17 15:54 - 2013-10-17 15:54 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\FRST64.exe
2013-10-17 15:53 - 2013-10-17 15:53 - 00000326 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\Addition.txt
2013-10-17 15:49 - 2013-10-17 15:49 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\FRST64.exe
2013-10-17 10:55 - 2013-08-27 20:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-17 10:55 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-17 10:55 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-17 10:55 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-10-17 10:55 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-17 10:55 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-10-17 10:55 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-10-17 10:55 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-10-17 10:55 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-10-17 10:55 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-17 10:55 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-17 10:55 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-17 10:55 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-10-17 10:55 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2013-10-17 10:55 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-10-17 10:55 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2013-10-17 10:55 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-17 10:55 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-17 10:55 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-17 10:55 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-17 10:55 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-17 10:55 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-10-17 10:55 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-10-17 10:55 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-10-17 10:55 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-10-17 10:55 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-17 10:55 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-17 10:55 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-17 10:55 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-17 10:55 - 2013-07-12 05:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2013-10-17 10:55 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-17 10:55 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-17 10:55 - 2013-07-02 23:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-17 10:55 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-17 10:55 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-17 10:55 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-17 10:55 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-17 10:55 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-17 10:55 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-17 10:55 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-17 10:55 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-17 10:55 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-17 10:55 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-17 10:55 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-17 10:55 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-17 10:55 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-17 10:55 - 2012-11-28 17:56 - 00054376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2013-10-17 10:55 - 2012-11-28 17:56 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll
2013-10-17 10:55 - 2012-11-28 17:56 - 00000003 _____ C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-17 10:52 - 2013-10-17 10:52 - 00688992 ____R (Swearware) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\dds.com
2013-10-17 10:47 - 2013-10-17 10:52 - 00013804 _____ C:\Users\Likens\Desktop\dds.txt
2013-10-17 10:41 - 2013-10-17 10:41 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

2013-10-18 14:56 - 2012-06-11 08:25 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-18 09:43 - 2011-05-03 02:02 - 01788151 _____ C:\windows\WindowsUpdate.log
2013-10-18 09:43 - 2009-07-14 00:13 - 00730924 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-18 09:39 - 2009-07-13 23:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-18 09:39 - 2009-07-13 23:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-18 09:36 - 2013-08-24 17:17 - 00000000 ___RD C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-18 09:36 - 2013-08-24 12:56 - 00000000 ___RD C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 09:36 - 2013-07-23 21:56 - 00001879 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-10-18 09:35 - 2013-03-20 20:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-18 09:35 - 2013-03-20 20:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-18 09:35 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-18 09:35 - 2009-07-13 23:51 - 00055166 _____ C:\windows\setupact.log
2013-10-18 09:35 - 2009-07-13 23:45 - 00413312 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-18 09:26 - 2013-10-18 09:25 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Roaming\Mozilla
2013-10-18 09:25 - 2013-10-18 09:25 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Local\Mozilla
2013-10-18 09:17 - 2011-05-03 05:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-18 09:12 - 2013-10-18 09:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\tdsskiller.exe
2013-10-18 09:10 - 2013-08-24 17:01 - 00000000 ____D C:\Users\Likens\AppData\Local\w5w6DvEYlX
2013-10-18 09:10 - 2013-08-24 11:49 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 09:10 - 2013-08-24 11:43 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 09:10 - 2011-05-03 02:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 09:10 - 2011-05-03 02:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 09:10 - 2011-05-03 02:16 - 00000000 ____D C:\ProgramData\Best Buy pc app
2013-10-18 09:01 - 2013-10-18 09:00 - 00005601 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\fixlist.txt
2013-10-18 08:53 - 2013-10-18 08:53 - 00000000 ____D C:\c1e364d46130d117946c
2013-10-18 08:53 - 2013-08-16 06:53 - 00000000 ____D C:\windows\system32\MRT
2013-10-18 08:52 - 2013-08-24 17:17 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Local\Deployment
2013-10-18 08:50 - 2013-10-18 08:50 - 00000000 ____D C:\Users\fuckdadiazbroz
2013-10-17 16:16 - 2013-10-17 15:55 - 00021135 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\Addition.txt
2013-10-17 16:14 - 2013-10-17 16:14 - 00000000 ____D C:\FRST
2013-10-17 15:54 - 2013-10-17 15:54 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\FRST64.exe
2013-10-17 15:53 - 2013-10-17 15:53 - 00000326 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\Addition.txt
2013-10-17 15:49 - 2013-10-17 15:49 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\FRST64.exe
2013-10-17 10:52 - 2013-10-17 10:52 - 00688992 ____R (Swearware) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\dds.com
2013-10-17 10:52 - 2013-10-17 10:47 - 00013804 _____ C:\Users\Likens\Desktop\dds.txt
2013-10-17 10:43 - 2012-06-11 08:25 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-17 10:43 - 2012-06-11 08:25 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-17 10:43 - 2011-10-30 10:52 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-17 10:42 - 2011-10-30 10:58 - 00001942 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-17 10:41 - 2013-10-17 10:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-09-26 01:46 - 2012-02-23 14:13 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-22 18:28 - 2013-10-18 09:14 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-22 18:28 - 2013-10-18 09:14 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-22 18:27 - 2013-10-18 09:13 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-22 17:55 - 2013-10-18 09:14 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-22 17:55 - 2013-10-18 09:14 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-22 17:55 - 2013-10-18 09:14 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-22 17:54 - 2013-10-18 09:14 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-20 22:38 - 2013-10-18 09:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-20 22:30 - 2013-10-18 09:14 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-20 21:48 - 2013-10-18 09:14 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-20 21:39 - 2013-10-18 09:14 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 19:07

==================== End Of Log ============================

*

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • 2428
Re: [In-Progress] Laptop has FBI virus, can only access the guest account
« Reply #13 on: October 18, 2013, 03:50:52 PM »

Hello Clikens86

Step 1

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the Update completes, select Next



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:



11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:



12. Select "Yes" to close down the program. If NO infections were found you will see the following image:



13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown




Post those two logs in your reply.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

*

Offline Clikens86

  • Bronze Member
  • 42
Re: [In-Progress] Laptop has FBI virus, can only access the guest account
« Reply #14 on: October 18, 2013, 06:06:00 PM »
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
http://www.malwarebytes.org

Database version: v2013.10.18.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Likens :: CANTSTOPMYSHINE [administrator]

10/18/2013 5:33:51 PM
mbar-log-2013-10-18 (17-33-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 320581
Time elapsed: 1 hour(s), 1 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Likens\AppData\Local\DYkf6MUi\8U8AZ03m.dll (Trojan.Agent.ED) -> No action taken.
C:\Users\Likens\AppData\Local\DYkf6MUi\8U8AZ03m.exe (Trojan.Agent.ED) -> No action taken.
C:\Users\Likens\AppData\Local\RqrbLenF5I\dY5bCfYA.dll (Trojan.Agent.ED) -> No action taken.
C:\Users\Likens\AppData\Local\RqrbLenF5I\dY5bCfYA.exe (Trojan.Agent.ED) -> No action taken.
C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.dll (Trojan.Agent.ED) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)