how to remove Trojan Horse TDSS.BZ

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Tue 06 Aug 2013, 11:22 am

For a while now there have been all sorts of pop-ups and random programs on my computer. I decided to download AVG free and go into control panel and uninstall everything that looked potentially harmful. AVG free found and deleted a lot of threats it found but for some reason it found "Trojan horse TDSS.BZ" and it says that it can't remove it because "Access is denied." How do I get rid of this Trojan horse?
Edit: The scan is still running and it's finding more adware that it can't remove. I believe the source that it found was a program called "Resident shield" it's finding many things that it can't remove.

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by Superdave on Tue 06 Aug 2013, 11:46 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Tue 06 Aug 2013, 11:52 am

19:49:22.0092 0836  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:49:22.0560 0836  ============================================================
19:49:22.0560 0836  Current date / time: 2013/08/05 19:49:22.0560
19:49:22.0560 0836  SystemInfo:
19:49:22.0560 0836  
19:49:22.0560 0836  OS Version: 6.1.7601 ServicePack: 1.0
19:49:22.0560 0836  Product type: Workstation
19:49:22.0560 0836  ComputerName: MAXGAMING
19:49:22.0560 0836  UserName: Max
19:49:22.0560 0836  Windows directory: C:\Windows
19:49:22.0560 0836  System windows directory: C:\Windows
19:49:22.0560 0836  Running under WOW64
19:49:22.0560 0836  Processor architecture: Intel x64
19:49:22.0560 0836  Number of processors: 4
19:49:22.0560 0836  Page size: 0x1000
19:49:22.0560 0836  Boot type: Safe boot with network
19:49:22.0560 0836  ============================================================
19:49:22.0747 0836  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:49:22.0763 0836  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:49:22.0763 0836  ============================================================
19:49:22.0763 0836  \Device\Harddisk0\DR0:
19:49:22.0763 0836  MBR partitions:
19:49:22.0763 0836  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B000
19:49:22.0763 0836  \Device\Harddisk1\DR1:
19:49:22.0763 0836  MBR partitions:
19:49:22.0763 0836  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:49:22.0763 0836  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352800
19:49:22.0763 0836  ============================================================
19:49:22.0763 0836  C: <-> \Device\Harddisk0\DR0\Partition1
19:49:22.0778 0836  F: <-> \Device\Harddisk1\DR1\Partition1
19:49:22.0809 0836  D: <-> \Device\Harddisk1\DR1\Partition2
19:49:22.0809 0836  ============================================================
19:49:22.0809 0836  Initialize success
19:49:22.0809 0836  ============================================================
19:49:35.0007 1488  ============================================================
19:49:35.0007 1488  Scan started
19:49:35.0007 1488  Mode: Manual;
19:49:35.0007 1488  ============================================================
19:49:35.0094 1488  ================ Scan system memory ========================
19:49:35.0094 1488  System memory - ok
19:49:35.0094 1488  ================ Scan services =============================
19:49:35.0110 1488  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:49:35.0112 1488  1394ohci - ok
19:49:35.0117 1488  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:49:35.0119 1488  ACPI - ok
19:49:35.0120 1488  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:49:35.0121 1488  AcpiPmi - ok
19:49:35.0132 1488  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:49:35.0134 1488  AdobeFlashPlayerUpdateSvc - ok
19:49:35.0140 1488  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:49:35.0143 1488  adp94xx - ok
19:49:35.0147 1488  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:49:35.0150 1488  adpahci - ok
19:49:35.0153 1488  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:49:35.0155 1488  adpu320 - ok
19:49:35.0158 1488  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:49:35.0159 1488  AeLookupSvc - ok
19:49:35.0164 1488  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:49:35.0167 1488  AFD - ok
19:49:35.0170 1488  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:49:35.0170 1488  agp440 - ok
19:49:35.0173 1488  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:49:35.0173 1488  ALG - ok
19:49:35.0175 1488  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:49:35.0176 1488  aliide - ok
19:49:35.0179 1488  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:49:35.0181 1488  AMD External Events Utility - ok
19:49:35.0183 1488  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:49:35.0184 1488  amdide - ok
19:49:35.0186 1488  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:49:35.0187 1488  AmdK8 - ok
19:49:35.0254 1488  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:49:35.0316 1488  amdkmdag - ok
19:49:35.0324 1488  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:49:35.0327 1488  amdkmdap - ok
19:49:35.0330 1488  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:49:35.0330 1488  AmdPPM - ok
19:49:35.0333 1488  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:49:35.0334 1488  amdsata - ok
19:49:35.0337 1488  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:49:35.0339 1488  amdsbs - ok
19:49:35.0341 1488  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:49:35.0341 1488  amdxata - ok
19:49:35.0343 1488  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:49:35.0344 1488  AppID - ok
19:49:35.0346 1488  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:49:35.0347 1488  AppIDSvc - ok
19:49:35.0353 1488  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
19:49:35.0354 1488  Appinfo - ok
19:49:35.0358 1488  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:49:35.0359 1488  AppMgmt - ok
19:49:35.0362 1488  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:49:35.0362 1488  arc - ok
19:49:35.0365 1488  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:49:35.0366 1488  arcsas - ok
19:49:35.0368 1488  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:49:35.0368 1488  AsyncMac - ok
19:49:35.0370 1488  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:49:35.0370 1488  atapi - ok
19:49:35.0374 1488  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:49:35.0375 1488  AtiHDAudioService - ok
19:49:35.0382 1488  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:49:35.0386 1488  AudioEndpointBuilder - ok
19:49:35.0391 1488  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:49:35.0394 1488  AudioSrv - ok
19:49:35.0428 1488  [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
19:49:35.0456 1488  AVGIDSAgent - ok
19:49:35.0461 1488  [ 241C32E942869FD1351CC5864976C3AC ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:49:35.0463 1488  AVGIDSDriver - ok
19:49:35.0466 1488  [ C8D9EEACF266512C1FA52E2ECF5AD944 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
19:49:35.0466 1488  AVGIDSHA - ok
19:49:35.0470 1488  [ FACD18A89FDEBC35C85CAF762B294BE2 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
19:49:35.0472 1488  Avgldx64 - ok
19:49:35.0480 1488  [ 29FCDEAC6086FB7E55344B51E35D99CE ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
19:49:35.0483 1488  Avgloga - ok
19:49:35.0485 1488  [ 85053293DCDE19829E8691A9E9E8A6FF ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
19:49:35.0486 1488  Avgmfx64 - ok
19:49:35.0489 1488  [ 0638096A30B7081DAACB8DCC39BD16EF ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
19:49:35.0489 1488  Avgrkx64 - ok
19:49:35.0493 1488  [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
19:49:35.0495 1488  avgwd - ok
19:49:35.0498 1488  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:49:35.0499 1488  AxInstSV - ok
19:49:35.0504 1488  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:49:35.0507 1488  b06bdrv - ok
19:49:35.0511 1488  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:49:35.0513 1488  b57nd60a - ok
19:49:35.0517 1488  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:49:35.0518 1488  BDESVC - ok
19:49:35.0519 1488  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:49:35.0520 1488  Beep - ok
19:49:35.0527 1488  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:49:35.0532 1488  BFE - ok
19:49:35.0540 1488  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:49:35.0551 1488  BITS - ok
19:49:35.0553 1488  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:49:35.0554 1488  blbdrive - ok
19:49:35.0556 1488  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:49:35.0557 1488  bowser - ok
19:49:35.0559 1488  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:49:35.0559 1488  BrFiltLo - ok
19:49:35.0561 1488  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:49:35.0562 1488  BrFiltUp - ok
19:49:35.0562 1488  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:49:35.0562 1488  Browser - ok
19:49:35.0562 1488  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:49:35.0562 1488  Brserid - ok
19:49:35.0562 1488  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:49:35.0562 1488  BrSerWdm - ok
19:49:35.0562 1488  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:49:35.0562 1488  BrUsbMdm - ok
19:49:35.0577 1488  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:49:35.0577 1488  BrUsbSer - ok
19:49:35.0577 1488  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:49:35.0577 1488  BTHMODEM - ok
19:49:35.0593 1488  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:49:35.0593 1488  bthserv - ok
19:49:35.0593 1488  [ F972074401A1111BD3362D755F71DD6C ] CAAMSvc         C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe
19:49:35.0593 1488  CAAMSvc - ok
19:49:35.0593 1488  [ E4333E47A1205787F65ACF4F7309F0DC ] CaCCProvSP      C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe
19:49:35.0608 1488  CaCCProvSP - ok
19:49:35.0608 1488  [ 57A549A471C9B3A83CA61E4A11DC6277 ] CAISafe         C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus Plus\isafe.exe
19:49:35.0608 1488  CAISafe - ok
19:49:35.0608 1488  [ 34998631AF25EDB1BB58F6215F729F89 ] ccSchedulerSVC  C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
19:49:35.0624 1488  ccSchedulerSVC - ok
19:49:35.0624 1488  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:49:35.0624 1488  cdfs - ok
19:49:35.0624 1488  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:49:35.0624 1488  cdrom - ok
19:49:35.0624 1488  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:49:35.0624 1488  CertPropSvc - ok
19:49:35.0624 1488  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:49:35.0624 1488  circlass - ok
19:49:35.0640 1488  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:49:35.0640 1488  CLFS - ok
19:49:35.0640 1488  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:49:35.0640 1488  clr_optimization_v2.0.50727_32 - ok
19:49:35.0640 1488  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:49:35.0655 1488  clr_optimization_v2.0.50727_64 - ok
19:49:35.0655 1488  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:49:35.0655 1488  clr_optimization_v4.0.30319_32 - ok
19:49:35.0671 1488  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:49:35.0671 1488  clr_optimization_v4.0.30319_64 - ok
19:49:35.0671 1488  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:49:35.0671 1488  CmBatt - ok
19:49:35.0671 1488  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:49:35.0671 1488  cmdide - ok
19:49:35.0686 1488  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:49:35.0686 1488  CNG - ok
19:49:35.0686 1488  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:49:35.0686 1488  Compbatt - ok
19:49:35.0686 1488  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:49:35.0686 1488  CompositeBus - ok
19:49:35.0686 1488  COMSysApp - ok
19:49:35.0702 1488  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:49:35.0702 1488  crcdisk - ok
19:49:35.0702 1488  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:49:35.0702 1488  CryptSvc - ok
19:49:35.0702 1488  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
19:49:35.0718 1488  CSC - ok
19:49:35.0718 1488  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
19:49:35.0718 1488  CscService - ok
19:49:35.0733 1488  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:49:35.0733 1488  DcomLaunch - ok
19:49:35.0733 1488  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:49:35.0733 1488  defragsvc - ok
19:49:35.0749 1488  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:49:35.0749 1488  DfsC - ok
19:49:35.0749 1488  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:49:35.0749 1488  Dhcp - ok
19:49:35.0749 1488  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:49:35.0749 1488  discache - ok
19:49:35.0749 1488  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:49:35.0749 1488  Disk - ok
19:49:35.0764 1488  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
19:49:35.0764 1488  dmvsc - ok
19:49:35.0764 1488  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:49:35.0764 1488  Dnscache - ok
19:49:35.0764 1488  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:49:35.0764 1488  dot3svc - ok
19:49:35.0764 1488  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:49:35.0780 1488  DPS - ok
19:49:35.0780 1488  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:49:35.0780 1488  drmkaud - ok
19:49:35.0780 1488  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:49:35.0796 1488  DXGKrnl - ok
19:49:35.0796 1488  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:49:35.0796 1488  EapHost - ok
19:49:35.0811 1488  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:49:35.0842 1488  ebdrv - ok
19:49:35.0842 1488  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:49:35.0842 1488  EFS - ok
19:49:35.0842 1488  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:49:35.0858 1488  ehRecvr - ok
19:49:35.0858 1488  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:49:35.0858 1488  ehSched - ok
19:49:35.0858 1488  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:49:35.0874 1488  elxstor - ok
19:49:35.0874 1488  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:49:35.0874 1488  ErrDev - ok
19:49:35.0874 1488  esgiguard - ok
19:49:35.0889 1488  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:49:35.0889 1488  EventSystem - ok
19:49:35.0889 1488  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:49:35.0889 1488  exfat - ok
19:49:35.0889 1488  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:49:35.0889 1488  fastfat - ok
19:49:35.0905 1488  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:49:35.0905 1488  Fax - ok
19:49:35.0905 1488  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:49:35.0905 1488  fdc - ok
19:49:35.0920 1488  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:49:35.0920 1488  fdPHost - ok
19:49:35.0920 1488  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:49:35.0920 1488  FDResPub - ok
19:49:35.0936 1488  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:49:35.0936 1488  FileInfo - ok
19:49:35.0936 1488  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:49:35.0936 1488  Filetrace - ok
19:49:35.0936 1488  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:49:35.0936 1488  flpydisk - ok
19:49:35.0952 1488  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:49:35.0952 1488  FltMgr - ok
19:49:35.0967 1488  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:49:35.0967 1488  FontCache - ok
19:49:35.0967 1488  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:49:35.0967 1488  FontCache3.0.0.0 - ok
19:49:35.0983 1488  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:49:35.0983 1488  FsDepends - ok
19:49:35.0983 1488  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:49:35.0983 1488  Fs_Rec - ok
19:49:35.0983 1488  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:49:35.0983 1488  fvevol - ok
19:49:35.0998 1488  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:49:35.0998 1488  gagp30kx - ok
19:49:35.0998 1488  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:49:36.0014 1488  gpsvc - ok
19:49:36.0014 1488  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:49:36.0014 1488  gupdate - ok
19:49:36.0030 1488  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:49:36.0030 1488  gupdatem - ok
19:49:36.0030 1488  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:49:36.0030 1488  hcw85cir - ok
19:49:36.0030 1488  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:49:36.0030 1488  HdAudAddService - ok
19:49:36.0030 1488  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:49:36.0030 1488  HDAudBus - ok
19:49:36.0045 1488  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:49:36.0045 1488  HidBatt - ok
19:49:36.0045 1488  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:49:36.0045 1488  HidBth - ok
19:49:36.0045 1488  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:49:36.0045 1488  HidIr - ok
19:49:36.0045 1488  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:49:36.0061 1488  hidserv - ok
19:49:36.0061 1488  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:49:36.0061 1488  HidUsb - ok
19:49:36.0061 1488  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:49:36.0061 1488  hkmsvc - ok
19:49:36.0061 1488  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:49:36.0061 1488  HomeGroupListener - ok
19:49:36.0061 1488  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:49:36.0076 1488  HomeGroupProvider - ok
19:49:36.0076 1488  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:49:36.0076 1488  HpSAMD - ok
19:49:36.0092 1488  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:49:36.0092 1488  HTTP - ok
19:49:36.0092 1488  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:49:36.0092 1488  hwpolicy - ok
19:49:36.0092 1488  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:49:36.0092 1488  i8042prt - ok
19:49:36.0108 1488  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:49:36.0108 1488  iaStorV - ok
19:49:36.0108 1488  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:49:36.0123 1488  idsvc - ok
19:49:36.0123 1488  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:49:36.0123 1488  iirsp - ok
19:49:36.0123 1488  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:49:36.0139 1488  IKEEXT - ok
19:49:36.0139 1488  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:49:36.0139 1488  intelide - ok
19:49:36.0139 1488  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:49:36.0154 1488  intelppm - ok
19:49:36.0154 1488  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:49:36.0154 1488  IPBusEnum - ok
19:49:36.0154 1488  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:49:36.0154 1488  IpFilterDriver - ok
19:49:36.0154 1488  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:49:36.0170 1488  iphlpsvc - ok
19:49:36.0170 1488  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:49:36.0170 1488  IPMIDRV - ok
19:49:36.0170 1488  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:49:36.0170 1488  IPNAT - ok
19:49:36.0170 1488  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:49:36.0170 1488  IRENUM - ok
19:49:36.0186 1488  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:49:36.0186 1488  isapnp - ok
19:49:36.0186 1488  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:49:36.0186 1488  iScsiPrt - ok
19:49:36.0201 1488  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:49:36.0201 1488  kbdclass - ok
19:49:36.0201 1488  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:49:36.0201 1488  kbdhid - ok
19:49:36.0217 1488  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:49:36.0217 1488  KeyIso - ok
19:49:36.0217 1488  [ 77481D3753F6DCB0A499C3A01460DC00 ] KmxAgent        C:\Windows\system32\DRIVERS\kmxagent.sys
19:49:36.0217 1488  KmxAgent - ok
19:49:36.0232 1488  [ C30A499E4A05FA7C1B2B1325953F12D4 ] KmxAMRT         C:\Windows\system32\DRIVERS\KmxAMRT.sys
19:49:36.0232 1488  KmxAMRT - ok
19:49:36.0232 1488  [ 2FA4CB9DCA3ED83583659670F3B40916 ] KmxCfg          C:\Windows\system32\DRIVERS\kmxcfg.sys
19:49:36.0232 1488  KmxCfg - ok
19:49:36.0248 1488  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:49:36.0248 1488  KSecDD - ok
19:49:36.0248 1488  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:49:36.0264 1488  KSecPkg - ok
19:49:36.0264 1488  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:49:36.0264 1488  ksthunk - ok
19:49:36.0264 1488  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:49:36.0279 1488  KtmRm - ok
19:49:36.0279 1488  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:49:36.0279 1488  LanmanServer - ok
19:49:36.0279 1488  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:49:36.0279 1488  LanmanWorkstation - ok
19:49:36.0295 1488  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
19:49:36.0295 1488  LGBusEnum - ok
19:49:36.0295 1488  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
19:49:36.0295 1488  LGVirHid - ok
19:49:36.0310 1488  [ 584528BF596A54B2BF6BE5067ADDA44A ] Linksys_adapter_H C:\Windows\system32\DRIVERS\AE2500w764.sys
19:49:36.0310 1488  Linksys_adapter_H - ok
19:49:36.0326 1488  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:49:36.0326 1488  lltdio - ok
19:49:36.0326 1488  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:49:36.0326 1488  lltdsvc - ok
19:49:36.0326 1488  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:49:36.0326 1488  lmhosts - ok
19:49:36.0326 1488  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:49:36.0342 1488  LSI_FC - ok
19:49:36.0342 1488  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:49:36.0342 1488  LSI_SAS - ok
19:49:36.0342 1488  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:49:36.0342 1488  LSI_SAS2 - ok
19:49:36.0357 1488  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:49:36.0357 1488  LSI_SCSI - ok
19:49:36.0357 1488  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:49:36.0357 1488  luafv - ok
19:49:36.0357 1488  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:49:36.0357 1488  Mcx2Svc - ok
19:49:36.0373 1488  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:49:36.0373 1488  megasas - ok
19:49:36.0373 1488  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:49:36.0373 1488  MegaSR - ok
19:49:36.0373 1488  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:49:36.0373 1488  MEIx64 - ok
19:49:36.0388 1488  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:49:36.0388 1488  MMCSS - ok
19:49:36.0388 1488  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:49:36.0388 1488  Modem - ok
19:49:36.0404 1488  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:49:36.0404 1488  monitor - ok
19:49:36.0404 1488  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:49:36.0404 1488  mouclass - ok
19:49:36.0420 1488  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:49:36.0420 1488  mouhid - ok
19:49:36.0420 1488  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:49:36.0420 1488  mountmgr - ok
19:49:36.0420 1488  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:49:36.0420 1488  mpio - ok
19:49:36.0435 1488  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:49:36.0435 1488  mpsdrv - ok
19:49:36.0451 1488  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:49:36.0451 1488  MpsSvc - ok
19:49:36.0466 1488  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:49:36.0466 1488  MRxDAV - ok
19:49:36.0466 1488  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:49:36.0466 1488  mrxsmb - ok
19:49:36.0466 1488  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:49:36.0466 1488  mrxsmb10 - ok
19:49:36.0466 1488  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:49:36.0466 1488  mrxsmb20 - ok
19:49:36.0482 1488  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:49:36.0482 1488  msahci - ok
19:49:36.0482 1488  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:49:36.0482 1488  msdsm - ok
19:49:36.0482 1488  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:49:36.0482 1488  MSDTC - ok
19:49:36.0498 1488  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:49:36.0498 1488  Msfs - ok
19:49:36.0498 1488  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:49:36.0498 1488  mshidkmdf - ok
19:49:36.0513 1488  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:49:36.0513 1488  msisadrv - ok
19:49:36.0513 1488  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:49:36.0513 1488  MSiSCSI - ok
19:49:36.0529 1488  msiserver - ok
19:49:36.0529 1488  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:49:36.0529 1488  MSKSSRV - ok
19:49:36.0529 1488  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:49:36.0529 1488  MSPCLOCK - ok
19:49:36.0529 1488  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:49:36.0529 1488  MSPQM - ok
19:49:36.0544 1488  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:49:36.0544 1488  MsRPC - ok
19:49:36.0544 1488  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:49:36.0544 1488  mssmbios - ok
19:49:36.0560 1488  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:49:36.0560 1488  MSTEE - ok
19:49:36.0560 1488  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:49:36.0560 1488  MTConfig - ok
19:49:36.0576 1488  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:49:36.0576 1488  Mup - ok
19:49:36.0591 1488  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:49:36.0591 1488  napagent - ok
19:49:36.0591 1488  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:49:36.0591 1488  NativeWifiP - ok
19:49:36.0607 1488  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:49:36.0607 1488  NDIS - ok
19:49:36.0607 1488  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:49:36.0607 1488  NdisCap - ok
19:49:36.0622 1488  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:49:36.0622 1488  NdisTapi - ok
19:49:36.0622 1488  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:49:36.0622 1488  Ndisuio - ok
19:49:36.0622 1488  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:49:36.0622 1488  NdisWan - ok
19:49:36.0638 1488  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:49:36.0638 1488  NDProxy - ok
19:49:36.0638 1488  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:49:36.0638 1488  NetBIOS - ok
19:49:36.0638 1488  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:49:36.0638 1488  NetBT - ok
19:49:36.0638 1488  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:49:36.0638 1488  Netlogon - ok
19:49:36.0654 1488  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:49:36.0654 1488  Netman - ok
19:49:36.0654 1488  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:49:36.0654 1488  netprofm - ok
19:49:36.0669 1488  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:49:36.0669 1488  NetTcpPortSharing - ok
19:49:36.0669 1488  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:49:36.0669 1488  nfrd960 - ok
19:49:36.0669 1488  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:49:36.0685 1488  NlaSvc - ok
19:49:36.0685 1488  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:49:36.0685 1488  Npfs - ok
19:49:36.0685 1488  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:49:36.0685 1488  nsi - ok
19:49:36.0685 1488  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:49:36.0685 1488  nsiproxy - ok
19:49:36.0700 1488  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:49:36.0716 1488  Ntfs - ok
19:49:36.0716 1488  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:49:36.0716 1488  Null - ok
19:49:36.0716 1488  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:49:36.0716 1488  nvraid - ok
19:49:36.0716 1488  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:49:36.0716 1488  nvstor - ok
19:49:36.0716 1488  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:49:36.0732 1488  nv_agp - ok
19:49:36.0732 1488  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:49:36.0732 1488  ohci1394 - ok
19:49:36.0732 1488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:49:36.0732 1488  p2pimsvc - ok
19:49:36.0747 1488  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:49:36.0747 1488  p2psvc - ok
19:49:36.0747 1488  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:49:36.0747 1488  Parport - ok
19:49:36.0747 1488  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:49:36.0747 1488  partmgr - ok
19:49:36.0763 1488  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:49:36.0763 1488  PcaSvc - ok
19:49:36.0763 1488  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:49:36.0763 1488  pci - ok
19:49:36.0763 1488  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:49:36.0763 1488  pciide - ok
19:49:36.0763 1488  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:49:36.0763 1488  pcmcia - ok
19:49:36.0778 1488  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:49:36.0778 1488  pcw - ok
19:49:36.0778 1488  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:49:36.0778 1488  PEAUTH - ok
19:49:36.0794 1488  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:49:36.0810 1488  PeerDistSvc - ok
19:49:36.0810 1488  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:49:36.0825 1488  PerfHost - ok
19:49:36.0856 1488  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:49:36.0856 1488  pla - ok
19:49:36.0872 1488  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:49:36.0872 1488  PlugPlay - ok
19:49:36.0872 1488  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:49:36.0872 1488  PNRPAutoReg - ok
19:49:36.0872 1488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:49:36.0872 1488  PNRPsvc - ok
19:49:36.0888 1488  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:49:36.0888 1488  PolicyAgent - ok
19:49:36.0888 1488  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:49:36.0888 1488  Power - ok
19:49:36.0903 1488  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:49:36.0903 1488  PptpMiniport - ok
19:49:36.0903 1488  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:49:36.0903 1488  Processor - ok
19:49:36.0903 1488  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:49:36.0903 1488  ProfSvc - ok
19:49:36.0919 1488  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:49:36.0919 1488  ProtectedStorage - ok
19:49:36.0919 1488  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:49:36.0919 1488  Psched - ok
19:49:36.0934 1488  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:49:36.0950 1488  ql2300 - ok
19:49:36.0950 1488  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:49:36.0950 1488  ql40xx - ok
19:49:36.0950 1488  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:49:36.0950 1488  QWAVE - ok
19:49:36.0950 1488  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:49:36.0950 1488  QWAVEdrv - ok
19:49:36.0966 1488  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:49:36.0966 1488  RasAcd - ok
19:49:36.0966 1488  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:49:36.0966 1488  RasAgileVpn - ok
19:49:36.0966 1488  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:49:36.0966 1488  RasAuto - ok
19:49:36.0981 1488  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:49:36.0981 1488  Rasl2tp - ok
19:49:36.0981 1488  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:49:36.0997 1488  RasMan - ok
19:49:36.0997 1488  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:49:36.0997 1488  RasPppoe - ok
19:49:36.0997 1488  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:49:36.0997 1488  RasSstp - ok
19:49:36.0997 1488  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:49:37.0012 1488  rdbss - ok
19:49:37.0012 1488  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:49:37.0012 1488  rdpbus - ok
19:49:37.0012 1488  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:49:37.0012 1488  RDPCDD - ok
19:49:37.0012 1488  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:49:37.0012 1488  RDPDR - ok
19:49:37.0012 1488  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:49:37.0028 1488  RDPENCDD - ok
19:49:37.0028 1488  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:49:37.0028 1488  RDPREFMP - ok
19:49:37.0028 1488  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:49:37.0028 1488  RDPWD - ok
19:49:37.0044 1488  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:49:37.0044 1488  rdyboost - ok
19:49:37.0044 1488  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:49:37.0044 1488  RemoteAccess - ok
19:49:37.0044 1488  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:49:37.0044 1488  RemoteRegistry - ok
19:49:37.0059 1488  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:49:37.0059 1488  RpcEptMapper - ok
19:49:37.0059 1488  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:49:37.0059 1488  RpcLocator - ok
19:49:37.0059 1488  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:49:37.0059 1488  RpcSs - ok
19:49:37.0075 1488  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:49:37.0075 1488  rspndr - ok
19:49:37.0075 1488  [ 39A719875F572241C585A629EE62EB14 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:49:37.0075 1488  RTL8167 - ok
19:49:37.0090 1488  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:49:37.0090 1488  s3cap - ok
19:49:37.0090 1488  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:49:37.0090 1488  SamSs - ok
19:49:37.0090 1488  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:49:37.0090 1488  sbp2port - ok
19:49:37.0090 1488  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:49:37.0090 1488  SCardSvr - ok
19:49:37.0090 1488  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:49:37.0090 1488  scfilter - ok
19:49:37.0106 1488  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:49:37.0122 1488  Schedule - ok
19:49:37.0122 1488  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:49:37.0122 1488  SCPolicySvc - ok
19:49:37.0122 1488  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:49:37.0122 1488  SDRSVC - ok
19:49:37.0122 1488  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:49:37.0122 1488  secdrv - ok
19:49:37.0122 1488  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:49:37.0122 1488  seclogon - ok
19:49:37.0137 1488  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:49:37.0137 1488  SENS - ok
19:49:37.0137 1488  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:49:37.0137 1488  SensrSvc - ok
19:49:37.0137 1488  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:49:37.0137 1488  Serenum - ok
19:49:37.0137 1488  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:49:37.0137 1488  Serial - ok
19:49:37.0137 1488  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:49:37.0153 1488  sermouse - ok
19:49:37.0153 1488  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:49:37.0153 1488  SessionEnv - ok
19:49:37.0153 1488  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:49:37.0153 1488  sffdisk - ok
19:49:37.0153 1488  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:49:37.0153 1488  sffp_mmc - ok
19:49:37.0168 1488  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:49:37.0168 1488  sffp_sd - ok
19:49:37.0168 1488  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:49:37.0168 1488  sfloppy - ok
19:49:37.0184 1488  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:49:37.0184 1488  SharedAccess - ok
19:49:37.0184 1488  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:49:37.0184 1488  ShellHWDetection - ok
19:49:37.0184 1488  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:49:37.0184 1488  SiSRaid2 - ok
19:49:37.0200 1488  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:49:37.0200 1488  SiSRaid4 - ok
19:49:37.0231 1488  [ AE40D1BC6FB02A5625516AD74CA9A309 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:49:37.0246 1488  Skype C2C Service - ok
19:49:37.0246 1488  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:49:37.0246 1488  SkypeUpdate - ok
19:49:37.0246 1488  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:49:37.0246 1488  Smb - ok
19:49:37.0262 1488  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:49:37.0262 1488  SNMPTRAP - ok
19:49:37.0262 1488  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:49:37.0262 1488  spldr - ok
19:49:37.0262 1488  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:49:37.0262 1488  Spooler - ok
19:49:37.0293 1488  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:49:37.0309 1488  sppsvc - ok
19:49:37.0309 1488  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:49:37.0324 1488  sppuinotify - ok
19:49:37.0324 1488  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:49:37.0324 1488  srv - ok
19:49:37.0324 1488  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:49:37.0340 1488  srv2 - ok
19:49:37.0340 1488  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:49:37.0340 1488  srvnet - ok
19:49:37.0340 1488  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:49:37.0340 1488  SSDPSRV - ok
19:49:37.0340 1488  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:49:37.0340 1488  SstpSvc - ok
19:49:37.0356 1488  Steam Client Service - ok
19:49:37.0371 1488  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:49:37.0371 1488  stexstor - ok
19:49:37.0371 1488  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:49:37.0371 1488  stisvc - ok
19:49:37.0371 1488  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:49:37.0371 1488  storflt - ok
19:49:37.0387 1488  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
19:49:37.0387 1488  StorSvc - ok
19:49:37.0387 1488  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:49:37.0387 1488  storvsc - ok
19:49:37.0387 1488  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:49:37.0387 1488  swenum - ok
19:49:37.0387 1488  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:49:37.0387 1488  swprv - ok
19:49:37.0402 1488  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:49:37.0418 1488  SysMain - ok
19:49:37.0418 1488  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:49:37.0418 1488  TabletInputService - ok
19:49:37.0434 1488  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:49:37.0434 1488  TapiSrv - ok
19:49:37.0434 1488  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:49:37.0434 1488  TBS - ok
19:49:37.0449 1488  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:49:37.0465 1488  Tcpip - ok
19:49:37.0480 1488  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:49:37.0480 1488  TCPIP6 - ok
19:49:37.0480 1488  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:49:37.0480 1488  tcpipreg - ok
19:49:37.0480 1488  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:49:37.0480 1488  TDPIPE - ok
19:49:37.0496 1488  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:49:37.0496 1488  TDTCP - ok
19:49:37.0496 1488  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:49:37.0496 1488  tdx - ok
19:49:37.0496 1488  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:49:37.0496 1488  TermDD - ok
19:49:37.0512 1488  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:49:37.0512 1488  TermService - ok
19:49:37.0512 1488  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:49:37.0512 1488  Themes - ok
19:49:37.0512 1488  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:49:37.0512 1488  THREADORDER - ok
19:49:37.0512 1488  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:49:37.0512 1488  TrkWks - ok
19:49:37.0527 1488  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:49:37.0527 1488  TrustedInstaller - ok
19:49:37.0527 1488  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:49:37.0527 1488  tssecsrv - ok
19:49:37.0527 1488  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:49:37.0527 1488  TsUsbFlt - ok
19:49:37.0527 1488  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:49:37.0527 1488  TsUsbGD - ok
19:49:37.0558 1488  [ A7BE368BB7C03F8B546196D621B12FCF ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
19:49:37.0574 1488  TuneUp.UtilitiesSvc - ok
19:49:37.0574 1488  [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
19:49:37.0574 1488  TuneUpUtilitiesDrv - ok
19:49:37.0574 1488  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:49:37.0574 1488  tunnel - ok
19:49:37.0574 1488  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:49:37.0574 1488  uagp35 - ok
19:49:37.0574 1488  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:49:37.0590 1488  udfs - ok
19:49:37.0590 1488  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:49:37.0590 1488  UI0Detect - ok
19:49:37.0590 1488  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:49:37.0605 1488  uliagpkx - ok
19:49:37.0605 1488  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:49:37.0605 1488  umbus - ok
19:49:37.0605 1488  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:49:37.0605 1488  UmPass - ok
19:49:37.0605 1488  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
19:49:37.0605 1488  UmRdpService - ok
19:49:37.0621 1488  [ AF950F62E5FC72FFDB7363F72600B21C ] UmxEngine       C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
19:49:37.0621 1488  UmxEngine - ok
19:49:37.0636 1488  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:49:37.0636 1488  upnphost - ok
19:49:37.0636 1488  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:49:37.0636 1488  usbaudio - ok
19:49:37.0636 1488  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:49:37.0636 1488  usbccgp - ok
19:49:37.0652 1488  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:49:37.0652 1488  usbcir - ok
19:49:37.0652 1488  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:49:37.0652 1488  usbehci - ok
19:49:37.0652 1488  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:49:37.0652 1488  usbhub - ok
19:49:37.0652 1488  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:49:37.0652 1488  usbohci - ok
19:49:37.0668 1488  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:49:37.0668 1488  usbprint - ok
19:49:37.0668 1488  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
19:49:37.0668 1488  USBSTOR - ok
19:49:37.0668 1488  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:49:37.0668 1488  usbuhci - ok
19:49:37.0668 1488  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:49:37.0683 1488  UxSms - ok
19:49:37.0683 1488  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:49:37.0683 1488  VaultSvc - ok
19:49:37.0683 1488  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:49:37.0683 1488  vdrvroot - ok
19:49:37.0683 1488  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:49:37.0683 1488  vds - ok
19:49:37.0699 1488  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:49:37.0699 1488  vga - ok
19:49:37.0699 1488  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:49:37.0714 1488  VgaSave - ok
19:49:37.0714 1488  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:49:37.0714 1488  vhdmp - ok
19:49:37.0714 1488  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:49:37.0714 1488  viaide - ok
19:49:37.0714 1488  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:49:37.0730 1488  vmbus - ok
19:49:37.0730 1488  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:49:37.0730 1488  VMBusHID - ok
19:49:37.0730 1488  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:49:37.0730 1488  volmgr - ok
19:49:37.0730 1488  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:49:37.0746 1488  volmgrx - ok
19:49:37.0746 1488  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:49:37.0746 1488  volsnap - ok
19:49:37.0746 1488  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:49:37.0746 1488  vsmraid - ok
19:49:37.0761 1488  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:49:37.0777 1488  VSS - ok
19:49:37.0777 1488  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:49:37.0777 1488  vwifibus - ok
19:49:37.0777 1488  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:49:37.0777 1488  vwififlt - ok
19:49:37.0777 1488  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:49:37.0792 1488  W32Time - ok
19:49:37.0792 1488  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:49:37.0792 1488  WacomPen - ok
19:49:37.0792 1488  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:49:37.0792 1488  WANARP - ok
19:49:37.0792 1488  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:49:37.0792 1488  Wanarpv6 - ok
19:49:37.0808 1488  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:49:37.0824 1488  WatAdminSvc - ok
19:49:37.0839 1488  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:49:37.0839 1488  wbengine - ok
19:49:37.0839 1488  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:49:37.0855 1488  WbioSrvc - ok
19:49:37.0855 1488  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:49:37.0855 1488  wcncsvc - ok
19:49:37.0855 1488  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:49:37.0855 1488  WcsPlugInService - ok
19:49:37.0870 1488  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:49:37.0870 1488  Wd - ok
19:49:37.0870 1488  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:49:37.0870 1488  Wdf01000 - ok
19:49:37.0886 1488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:49:37.0886 1488  WdiServiceHost - ok
19:49:37.0886 1488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:49:37.0886 1488  WdiSystemHost - ok
19:49:37.0886 1488  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:49:37.0886 1488  WebClient - ok
19:49:37.0886 1488  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:49:37.0902 1488  Wecsvc - ok
19:49:37.0902 1488  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:49:37.0902 1488  wercplsupport - ok
19:49:37.0902 1488  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:49:37.0902 1488  WerSvc - ok
19:49:37.0902 1488  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:49:37.0902 1488  WfpLwf - ok
19:49:37.0902 1488  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:49:37.0902 1488  WIMMount - ok
19:49:37.0917 1488  WinDefend - ok
19:49:37.0917 1488  WinHttpAutoProxySvc - ok
19:49:37.0917 1488  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:49:37.0917 1488  Winmgmt - ok
19:49:37.0933 1488  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:49:37.0948 1488  WinRM - ok
19:49:37.0948 1488  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:49:37.0948 1488  WinUsb - ok
19:49:37.0964 1488  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:49:37.0980 1488  Wlansvc - ok
19:49:37.0980 1488  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:49:37.0980 1488  WmiAcpi - ok
19:49:37.0980 1488  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:49:37.0980 1488  wmiApSrv - ok
19:49:37.0980 1488  WMPNetworkSvc - ok
19:49:37.0980 1488  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:49:37.0995 1488  WPCSvc - ok
19:49:37.0995 1488  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:49:37.0995 1488  WPDBusEnum - ok
19:49:37.0995 1488  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:49:37.0995 1488  ws2ifsl - ok
19:49:37.0995 1488  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:49:37.0995 1488  wscsvc - ok
19:49:37.0995 1488  WSearch - ok
19:49:38.0026 1488  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:49:38.0026 1488  wuauserv - ok
19:49:38.0042 1488  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:49:38.0042 1488  WudfPf - ok
19:49:38.0042 1488  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:49:38.0042 1488  WUDFRd - ok
19:49:38.0042 1488  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:49:38.0058 1488  wudfsvc - ok
19:49:38.0058 1488  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:49:38.0058 1488  WwanSvc - ok
19:49:38.0058 1488  XFDriver64 - ok
19:49:38.0058 1488  ================ Scan global ===============================
19:49:38.0073 1488  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:49:38.0073 1488  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:49:38.0089 1488  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:49:38.0089 1488  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:49:38.0089 1488  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:49:38.0089 1488  [Global] - ok
19:49:38.0089 1488  ================ Scan MBR ==================================
19:49:38.0089 1488  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:49:38.0089 1488  \Device\Harddisk0\DR0 - ok
19:49:38.0104 1488  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:49:38.0260 1488  \Device\Harddisk1\DR1 - ok
19:49:38.0260 1488  ================ Scan VBR ==================================
19:49:38.0260 1488  [ E51828603DB6FA8ADAC046803B425DB7 ] \Device\Harddisk0\DR0\Partition1
19:49:38.0260 1488  \Device\Harddisk0\DR0\Partition1 - ok
19:49:38.0260 1488  [ F3C7CD593F32D50F0EE1CC8A237067B6 ] \Device\Harddisk1\DR1\Partition1
19:49:38.0260 1488  \Device\Harddisk1\DR1\Partition1 - ok
19:49:38.0260 1488  [ 72832BD22A5F77FB29874B17FFAA6FC8 ] \Device\Harddisk1\DR1\Partition2
19:49:38.0260 1488  \Device\Harddisk1\DR1\Partition2 - ok
19:49:38.0260 1488  ============================================================
19:49:38.0260 1488  Scan finished
19:49:38.0260 1488  ============================================================
19:49:38.0276 0528  Detected object count: 0
19:49:38.0276 0528  Actual detected object count: 0

I ran it in safe mode because when i try to run chrome when not in safe mode, my computer crashes. Should i attempt to run the program in regular windows mode? Edit: ran in normal windows mode and got the same results it seems. I'm on chrome in normal windows mode now, computer didn't crash

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by Superdave on Tue 06 Aug 2013, 11:59 am

Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
***********************************************
Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

********************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Tue 06 Aug 2013, 12:12 pm

JRT logs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.3 (08.04.2013:1)
OS: Windows 7 Professional x64
Ran by Max on Mon 08/05/2013 at 20:09:57.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\pricepeep.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funmoods
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricscontainer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\funmoods
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricepeep.pricepeepbho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricepeep.pricepeepbho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\ilividsrtb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287823
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3294791
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{43682B77-B546-4606-A6AD-D81710E1AB36}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{86E2A52F-CC7E-4A0D-A421-777C6CACD855}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8C60F2E1-DF56-4BBE-A14B-DD9361D22759}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CDE65D0B-D2C4-4091-B011-1C04DF125EFA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}



~~~ Files

Successfully deleted: [File] "C:\end"
Successfully deleted: [File] "C:\Windows\syswow64\authuitu.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Max\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Max\AppData\Roaming\funmoods"
Successfully deleted: [Folder] "C:\Users\Max\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Max\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Max\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Max\appdata\local\ilivid"
Successfully deleted: [Folder] "C:\Users\Max\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Max\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Max\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\Max\appdata\locallow\funmoods"
Successfully deleted: [Folder] "C:\Users\Max\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Max\appdata\locallow\searchresultstb"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"
Successfully deleted: [Folder] "C:\Program Files (x86)\singalong"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dealply"
Successfully deleted: [Folder] "C:\Users\Max\AppData\Roaming\microsoft\windows\start menu\programs\free ride games"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Max\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/05/2013 at 20:10:54.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Tue 06 Aug 2013, 12:19 pm

I don't know how to access the file made by adw cleaner because when it said it had to restart, it opened up with the text file in notepad but then said that my doccuments file is no longer working and can now safely be deleted from my computer?

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Tue 06 Aug 2013, 12:21 pm

[You must be registered and logged in to see this link.] this is a picture of what it says when i try to go to the doccument

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by Superdave on Tue 06 Aug 2013, 12:22 pm

Ok, please run MBAM and the Security Check and post the logs.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by Superdave on Tue 06 Aug 2013, 12:24 pm

Here's how to fix that problem.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Tue 06 Aug 2013, 12:33 pm

Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2013.08.05.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16635
Max :: MAXGAMING [administrator]

8/5/2013 8:23:35 PM
mbam-log-2013-08-05 (20-23-35).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 336572
Time elapsed: 8 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{15467C9F-3784-4109-89C9-6ED7100B96B8} (PUP.LyricsAd) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 43
C:\$Recycle.Bin\S-1-5-21-2116246977-3243757660-4008953049-1000\$RLGDFNJ.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BGDO5VQ\pack[1].7z (PUP.Browser.Defender.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BGDO5VQ\pack[2].7z (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AI9F9G77\LyricsContainer_1060-8001_v122[1] (PUP.Optional.LyricsAd) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUGF17W0\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUGF17W0\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFT3FADQ\Vafmusic2_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPOSZPHL\LyricsContainer_1060-8001_v122[1] (PUP.Optional.LyricsAd) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPOSZPHL\LyricsSpeaker_1060-1052_v122[1] (PUP.Optional.LyricsAd) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P4X2WU2R\Vafmusic2[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\5E1A.tmp (PUP.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\LyrcStmp.exe (PUP.Optional.LyricsAd) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\LyricsContainertmp.exe (PUP.Optional.LyricsAd) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\SmartbarExeInstaller.exe (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\Updater.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\UpdUninstall.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\CT3282134\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3287823\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3287823\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3287823\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3287823\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3287823\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3289847\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3289847\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3289847\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3289847\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3289847\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3294791\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3294791\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3294791\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3294791\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\ct3294791\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ10.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\DIQM\FlashPlayer_151\exes.zip (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\DIQM\FlashPlayer_151\software\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
D:\Setup (1).exe (PUP.IBryte) -> Quarantined and deleted successfully.
D:\Setup (2).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
D:\Setup.exe (PUP.IBryte) -> Quarantined and deleted successfully.
D:\SoftonicDownloader_for_wegame.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.

(end)

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Tue 06 Aug 2013, 12:42 pm

i saved the adw files to my desktop

# AdwCleaner v2.306 - Logfile created 08/05/2013 at 20:14:10
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Max - MAXGAMING
# Boot Mode : Safe mode with networking
# Running from : D:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Deleted on reboot : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeikhckcedpnofpmfaakfhppidegbcp
Deleted on reboot : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Deleted on reboot : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjddgeceaihfihcecdgfdiepikfbflpn
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeikhckcedpnofpmfaakfhppidegbcp
Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjddgeceaihfihcecdgfdiepikfbflpn
Folder Deleted : C:\Users\Max\AppData\Local\Zoom_Downloader

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pjddgeceaihfihcecdgfdiepikfbflpn
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\5355d98de16de417
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5355d98de16de417
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pjddgeceaihfihcecdgfdiepikfbflpn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8071 octets] - [05/08/2013 20:14:10]

########## EOF - C:\AdwCleaner[S1].txt - [8131 octets] ##########

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by Superdave on Tue 06 Aug 2013, 12:47 pm

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Tue 06 Aug 2013, 1:06 pm

I'm unable to disable AVG free 2013 for some reason. I'm currently running in safe mode because for some reason, the options that the website you linked gives, aren't available. There is no AVG icon on the system tray, and when i open up AVG there is nothing that says "tools". I don't know what to do

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Tue 06 Aug 2013, 1:18 pm

ok, so I ran windows in normal mode to disable it from the system tray there, and when i did and ran combo fix, it still alerted me that avg was still running. I don't know what to do, but regardless, here's the log from combo fix.

ComboFix 13-08-05.03 - Max 08/05/2013 21:10:16.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.6279 [GMT -5:00]
Running from: c:\users\Max\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Max\AppData\Roaming\technic-launcher.jar
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
D:\install.exe
D:\update.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-07-06 to 2013-08-06 )))))))))))))))))))))))))))))))
.
.
2013-08-06 02:13 . 2013-08-06 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-06 02:09 . 2013-08-06 02:09 16712 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2013-08-06 02:02 . 2013-08-06 02:02 -------- d-----w- c:\users\Max\AppData\Roaming\AVG2013
2013-08-06 02:01 . 2013-08-06 02:02 -------- d-----w- c:\programdata\AVG2013
2013-08-06 02:01 . 2013-08-06 02:01 -------- d-----w- C:\$AVG
2013-08-06 02:01 . 2013-08-06 02:03 -------- d-----w- c:\users\Max\AppData\Local\Avg2013
2013-08-06 01:22 . 2013-08-06 01:22 -------- d-----w- c:\users\Max\AppData\Roaming\Malwarebytes
2013-08-06 01:22 . 2013-08-06 01:22 -------- d-----w- c:\programdata\Malwarebytes
2013-08-06 01:22 . 2013-08-06 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-06 01:22 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-06 01:14 . 2013-08-06 01:14 524 ----a-w- c:\windows\DeleteOnReboot.bat
2013-08-06 01:09 . 2013-08-06 01:09 -------- d-----w- c:\windows\ERUNT
2013-08-05 23:51 . 2013-08-05 23:51 -------- d-----w- c:\program files (x86)\AVG
2013-08-05 23:46 . 2013-08-06 02:03 -------- d-----w- c:\programdata\MFAData
2013-08-05 23:46 . 2013-08-05 23:46 -------- d-----w- c:\users\Max\AppData\Local\MFAData
2013-07-20 06:51 . 2013-07-20 06:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 06:50 . 2013-07-20 06:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 06:50 . 2013-07-20 06:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 06:50 . 2013-07-20 06:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-17 13:47 . 2013-07-17 13:47 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-07-17 13:47 . 2013-07-17 13:47 -------- d-----w- c:\windows\SysWow64\Extensions
2013-07-10 14:55 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 06:32 . 2013-07-10 06:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-01 06:45 . 2013-07-01 06:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-14 16:51 . 2013-03-13 22:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-14 16:51 . 2013-03-13 22:38 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-14 16:51 . 2013-05-14 23:50 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-20 22:57 . 2013-05-20 22:57 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-20 22:57 . 2013-05-20 22:57 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-20 22:57 . 2013-05-20 22:57 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-20 22:57 . 2013-05-20 22:57 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-20 22:57 . 2013-05-20 22:57 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-20 22:57 . 2013-05-20 22:57 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-20 22:57 . 2013-05-20 22:57 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-20 22:57 . 2013-05-20 22:57 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-20 22:57 . 2013-05-20 22:57 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-20 22:57 . 2013-05-20 22:57 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-20 22:57 . 2013-05-20 22:57 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-20 22:57 . 2013-05-20 22:57 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-20 22:57 . 2013-05-20 22:57 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-20 22:57 . 2013-05-20 22:57 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-20 22:57 . 2013-05-20 22:57 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-20 22:57 . 2013-05-20 22:57 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-20 22:57 . 2013-05-20 22:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-20 22:57 . 2013-05-20 22:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-20 22:57 . 2013-05-20 22:57 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-20 22:57 . 2013-05-20 22:57 441856 ----a-w- c:\windows\system32\html.iec
2013-05-20 22:57 . 2013-05-20 22:57 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-20 22:57 . 2013-05-20 22:57 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-20 22:57 . 2013-05-20 22:57 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-20 22:57 . 2013-05-20 22:57 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-20 22:57 . 2013-05-20 22:57 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-20 22:57 . 2013-05-20 22:57 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-20 22:57 . 2013-05-20 22:57 235008 ----a-w- c:\windows\system32\url.dll
2013-05-20 22:57 . 2013-05-20 22:57 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-20 22:57 . 2013-05-20 22:57 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-20 22:57 . 2013-05-20 22:57 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-20 22:57 . 2013-05-20 22:57 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-20 22:57 . 2013-05-20 22:57 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-20 22:57 . 2013-05-20 22:57 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-20 22:57 . 2013-05-20 22:57 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-20 22:57 . 2013-05-20 22:57 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-20 22:57 . 2013-05-20 22:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-20 22:57 . 2013-05-20 22:57 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-20 22:57 . 2013-05-20 22:57 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-20 22:57 . 2013-05-20 22:57 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-20 22:57 . 2013-05-20 22:57 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-20 22:57 . 2013-05-20 22:57 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-20 22:57 . 2013-05-20 22:57 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-20 22:57 . 2013-05-20 22:57 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-20 22:57 . 2013-05-20 22:57 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-20 22:57 . 2013-05-20 22:57 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-20 22:57 . 2013-05-20 22:57 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-20 22:57 . 2013-05-20 22:57 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-20 22:57 . 2013-05-20 22:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-20 22:57 . 2013-05-20 22:57 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-20 22:56 . 2013-05-20 22:56 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-20 22:56 . 2013-05-20 22:56 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-20 22:56 . 2013-05-20 22:56 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-20 22:56 . 2013-05-20 22:56 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-20 22:56 . 2013-05-20 22:56 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-20 22:56 . 2013-05-20 22:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-20 22:56 . 2013-05-20 22:56 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-20 22:56 . 2013-05-20 22:56 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-20 22:56 . 2013-05-20 22:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-20 22:56 . 2013-05-20 22:56 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-20 22:56 . 2013-05-20 22:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-20 22:56 . 2013-05-20 22:56 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-20 22:56 . 2013-05-20 22:56 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-20 22:56 . 2013-05-20 22:56 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-20 22:56 . 2013-05-20 22:56 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-20 22:56 . 2013-05-20 22:56 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-20 22:56 . 2013-05-20 22:56 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-20 22:56 . 2013-05-20 22:56 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-20 22:56 . 2013-05-20 22:56 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-20 22:56 . 2013-05-20 22:56 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-20 22:56 . 2013-05-20 22:56 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-05-20 22:56 . 2013-05-20 22:56 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-20 22:56 . 2013-05-20 22:56 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-05-20 22:56 . 2013-05-20 22:56 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-20 22:56 . 2013-05-20 22:56 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-05-20 22:56 . 2013-05-20 22:56 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-05-20 22:56 . 2013-05-20 22:56 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-05-20 22:56 . 2013-05-20 22:56 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-05-20 22:56 . 2013-05-20 22:56 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-05-20 22:56 . 2013-05-20 22:56 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="d:\programs\Origin\Origin.exe" [2013-08-06 3549528]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-03-29 1631144]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2013-7-17 526336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 20:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 59330186;59330186; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XFDriver64;XFDriver64;c:\program files\Xfire2\XFDriver64.sys;c:\program files\Xfire2\XFDriver64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys;c:\windows\SYSNATIVE\DRIVERS\KmxAMRT.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys;c:\windows\SYSNATIVE\DRIVERS\kmxagent.sys [x]
S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys;c:\windows\SYSNATIVE\DRIVERS\kmxcfg.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 CAAMSvc;CAAMSvc;c:\program files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe;c:\program files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe [x]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\Total Defense\Internet Security Suite\ccschedulersvc.exe;c:\program files\Total Defense\Internet Security Suite\ccschedulersvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSDRIVER
*NewlyCreated* - AVGIDSHA
*NewlyCreated* - AVGLDX64
*NewlyCreated* - AVGLOGA
*NewlyCreated* - AVGMFX64
*NewlyCreated* - AVGRKX64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-15 00:41 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 16:51]
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16 18:51]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16 18:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"cctray"="c:\program files\Total Defense\Internet Security Suite\casc.exe" [2013-01-15 2711120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.1.1 68.238.96.12
TCP: Interfaces\{F856075B-94D1-4C86-B106-DFC0039701B0}: NameServer = 192.168.1.1,68.238.96.12
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-05 21:15:27
ComboFix-quarantined-files.txt 2013-08-06 02:15
.
Pre-Run: 21,274,050,560 bytes free
Post-Run: 23,515,033,600 bytes free
.
- - End Of File - - 7C840965A7F1EED2E743B34F7CAFA979
A36C5E4F47E84449FF07ED3517B43A31

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by Superdave on Wed 07 Aug 2013, 6:18 am


  • Download RogueKiller on the desktop


  • Close all the running programs


  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator


  • Otherwise just double-click on RogueKiller.exe


  • Pre-scan will start. Let it finish.


  • Click on SCAN button.


  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)


  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again



Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Wed 07 Aug 2013, 10:14 am

It's ok that I'm doing all of this in safe-mode with networking, right?

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Wed 07 Aug 2013, 10:19 am

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Max [Admin rights]
Mode : Scan -- Date : 08/06/2013 18:15:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{F856075B-94D1-4C86-B106-DFC0039701B0} : NameServer (192.168.1.1,68.238.96.12) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{F856075B-94D1-4C86-B106-DFC0039701B0} : NameServer (192.168.1.1,68.238.96.12) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{F856075B-94D1-4C86-B106-DFC0039701B0} : NameServer (192.168.1.1,68.238.96.12) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] aa0c419abef263b3bc7a6166d1d2c199
[BSP] 73effaae82a2c8976fc576362239f84d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] 01956ae54042fe5e39928904d787d299
[BSP] 05d1d65258ebdd25fe0d7b64d83e3820 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08062013_181500.txt >>


Sorry it took me so long, i was a bit busy. Reports from "Rouge Killer". Also, should i delete the things that it found?

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by Superdave on Wed 07 Aug 2013, 11:12 am

It's ok that I'm doing all of this in safe-mode with networking, right?.
Why can't you run them in Normal Mode?
Please run RogueKiller again and delete those items.


I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Wed 07 Aug 2013, 11:23 am

When I run my computer in normal mode, everything stops responding and I have to reboot.

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by Superdave on Wed 07 Aug 2013, 11:37 am

To Run the SFC /SCANNOW Command in Windows 7
1. Open an elevated command prompt.

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.



B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



5. When done, close the elevated command prompt.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Wed 07 Aug 2013, 12:02 pm

Is this to make it so I can run these things in normal mode without crashing? ^

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by Superdave on Wed 07 Aug 2013, 12:10 pm

D3cimating Taco wrote:Is this to make it so I can run these things in normal mode without crashing? ^
This is to check if there are any corrupted files in your OS.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Fri 16 Aug 2013, 9:02 am

here's the second scan of rogue killer, nothing opened, so I clicked report to get the report.

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Max [Admin rights]
Mode : Remove -- Date : 08/15/2013 17:00:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] aa0c419abef263b3bc7a6166d1d2c199
[BSP] 73effaae82a2c8976fc576362239f84d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] 01956ae54042fe5e39928904d787d299
[BSP] 05d1d65258ebdd25fe0d7b64d83e3820 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08152013_170039.txt >>
RKreport[0]_D_08062013_182938.txt;RKreport[0]_S_08062013_181500.txt;RKreport[0]_S_08152013_170024.txt

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by D3cimating Taco on Fri 16 Aug 2013, 9:30 am

Here's the eset scan, I had to retrieve it manually from the c drive. This is the only thing titled "log" in the eset folder.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a5bf78d43dbe574cb93344f8be7e586a
# engine=14788
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-15 10:11:35
# local_time=2013-08-15 05:11:35 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777214 100 76 0 34475195 0 0
# compatibility_mode=5893 16776574 100 94 2210926 128148145 0 0
# scanned=38226
# found=0
# cleaned=0
# scan_time=348
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a5bf78d43dbe574cb93344f8be7e586a
# engine=14788
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-15 10:26:49
# local_time=2013-08-15 05:26:49 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777214 100 76 0 34476109 0 0
# compatibility_mode=5893 16776574 100 94 2211840 128149059 0 0
# scanned=125116
# found=0
# cleaned=0
# scan_time=857

D3cimating Taco

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-08-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by Superdave on Fri 16 Aug 2013, 11:22 am

How's your computer running now? Any other issues before we clean up?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: how to remove Trojan Horse TDSS.BZ

Post by Sponsored content Today at 6:16 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum