Jump to content

Entregan

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. >>> Deleted. >>> Computer operates at sub-par speeds. >>> Possible Defrag?
  2. Alright. Here's the logs from ComboFix. As it stands, I'm still not optimal. However, everything does seem to be in good working order. < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > ComboFix 12-12-02.01 - Entregan 12/02/2012 22:13:03.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4228 [GMT -6:00] Running from: c:\users\Entregan\Desktop\ComboFix.exe Command switches used :: c:\users\Entregan\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\program files (x86)\1ClickDownload\uninstall.exe" "c:\programdata\wxDownload\50b3e6f662612.ocx" "c:\users\All Users\wxDownload\50b3e6f662612.ocx" "c:\users\Entregan\AppData\Local\Temp\fhNZ4irv.exe.part" "c:\users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\36152302-733eefef" "c:\users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6eba7426-493cb52f" "c:\users\Entregan\Downloads\boarding_school_babes_teachers_pet.exe" "c:\users\Entregan\Downloads\cnet2_ComicViewer_exe.exe" "c:\users\Entregan\Downloads\cnet2_flash_movie_player_exe.exe" "c:\users\Entregan\Downloads\DTLite4451-0236.exe" "c:\users\Entregan\Downloads\PC_Tools_Performance_Toolkit__.exe" "c:\users\Entregan\Downloads\SoftonicDownloader_for_flash-movie-player.exe" "c:\users\Entregan\Downloads\SoftonicDownloader_for_startup-doctor.exe" "c:\users\Entregan\Downloads\SoftonicDownloader_for_steam.exe" "c:\users\Entregan\Downloads\The_Avengers_[2012]_CAM_H264_elite-pirates.exe" "c:\users\Entregan\Downloads\vlcmediaplayer-setup.exe" "c:\users\Entregan\Music\Collective_Soul_-_Collective_Soul_[blue]_(1995).exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\1ClickDownload\uninstall.exe c:\programdata\wxDownload\50b3e6f662612.ocx c:\users\All Users\wxDownload\50b3e6f662612.ocx c:\users\Entregan\Downloads\boarding_school_babes_teachers_pet.exe c:\users\Entregan\Downloads\cnet2_ComicViewer_exe.exe c:\users\Entregan\Downloads\cnet2_flash_movie_player_exe.exe c:\users\Entregan\Downloads\DTLite4451-0236.exe c:\users\Entregan\Downloads\PC_Tools_Performance_Toolkit__.exe c:\users\Entregan\Downloads\SoftonicDownloader_for_flash-movie-player.exe c:\users\Entregan\Downloads\SoftonicDownloader_for_startup-doctor.exe c:\users\Entregan\Downloads\SoftonicDownloader_for_steam.exe c:\users\Entregan\Downloads\The_Avengers_[2012]_CAM_H264_elite-pirates.exe c:\users\Entregan\Downloads\vlcmediaplayer-setup.exe c:\users\Entregan\Music\Collective_Soul_-_Collective_Soul_[blue]_(1995).exe . . ((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 ))))))))))))))))))))))))))))))) . . 2012-12-03 04:24 . 2012-12-03 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-02 23:20 . 2012-12-02 23:20 -------- d-----w- c:\program files (x86)\ESET 2012-12-02 22:14 . 2012-12-02 22:14 -------- d-----w- c:\windows\ERUNT 2012-12-02 22:14 . 2012-12-02 22:14 -------- d-----w- C:\JRT 2012-12-01 07:41 . 2010-04-29 21:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2012-12-01 07:41 . 2010-04-29 21:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-01 01:01 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C799154-D873-460D-B987-398221FAE0A1}\mpengine.dll 2012-11-30 15:25 . 2012-11-30 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-28 18:20 . 2012-11-28 18:21 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcD2D3.tmp 2012-11-28 18:18 . 2012-12-02 16:14 -------- d-----w- c:\users\Entregan\Tracing 2012-11-26 22:01 . 2012-11-26 22:01 -------- d-----w- c:\program files (x86)\wxDownload Fast 2012-11-26 22:00 . 2012-11-26 22:00 -------- d-----w- c:\program files (x86)\WxDownload 2012-11-26 22:00 . 2012-12-03 04:23 -------- d-----w- c:\programdata\wxDownload 2012-11-21 21:55 . 2012-11-21 21:55 -------- d-----w- C:\gOYNuoGr9r1xSBK 2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files\Microsoft Silverlight 2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-11-16 09:13 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 09:13 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 09:13 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 09:13 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 09:04 . 2012-10-08 11:26 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-11-16 09:04 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-16 09:04 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-16 09:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 09:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 09:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 09:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 09:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 09:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 09:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-16 09:01 . 2011-12-07 23:51 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-16 08:38 . 2012-11-28 13:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 13:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 13:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-08 20:57 . 2012-09-01 20:22 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 20:57 . 2011-12-13 21:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-14 19:19 . 2012-10-09 20:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-09 20:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-14 04:45 . 2012-09-14 04:45 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-14 04:45 . 2012-09-14 04:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-14 04:45 . 2012-02-20 06:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976] "Spotify"="c:\users\Entregan\AppData\Roaming\Spotify\Spotify.exe" [2012-11-12 7880664] "Spotify Web Helper"="c:\users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-12 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103904] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216] . c:\users\Entregan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-10-25 0] Dropbox.lnk - c:\users\Entregan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-12-12 1038304] R3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-12-12 1030112] R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-12-07 716800] R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-12-12 163440] R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-12-12 191104] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736] R3 X6va006;X6va006;c:\users\Entregan\AppData\Local\Temp\00644A2.tmp [x] R3 X6va008;X6va008;c:\users\Entregan\AppData\Local\Temp\008F928.tmp [x] R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-20 279616] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793056] S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 45201805 *Deregistered* - 45201805 . Contents of the 'Scheduled Tasks' folder . 2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 20:57] . 2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58] . 2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58] . 2012-12-02 c:\windows\Tasks\PTSchedule.job - c:\program files (x86)\PC Tools\PC Tools Utilities\pt.exe [2012-03-31 17:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088] . ------- Supplementary Scan ------- . uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - netflix.com FF - prefs.js: network.proxy.type - 4 FF - ExtSQL: !HIDDEN! 2012-03-31 02:19; fbphotozoom@installdaddy.com; c:\program files (x86)\fbphotozoom\fbphotozoom15.xpi . - - - - ORPHANS REMOVED - - - - . BHO-{058F3854-AE44-8D10-5FBA-9FA9BD92DB29} - c:\programdata\wxDownload\50b3e6f662612.ocx Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006] "ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\00644A2.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008] "ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\008F928.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va010] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d, 36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61, f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:70,7b,e5,0b,15,c6,cd,01 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-02 22:26:43 ComboFix-quarantined-files.txt 2012-12-03 04:26 ComboFix2.txt 2012-12-02 17:51 . Pre-Run: 520,530,472,960 bytes free Post-Run: 520,485,888,000 bytes free . - - End Of File - - FD818AAAFF845AD05A994543D1D8BE95
  3. 17:16:26.0790 2888 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:16:27.0850 2888 ============================================================ 17:16:27.0850 2888 Current date / time: 2012/12/02 17:16:27.0850 17:16:27.0850 2888 SystemInfo: 17:16:27.0850 2888 17:16:27.0850 2888 OS Version: 6.1.7601 ServicePack: 1.0 17:16:27.0850 2888 Product type: Workstation 17:16:27.0850 2888 ComputerName: LOS-ENTERPRISES 17:16:27.0850 2888 UserName: Entregan 17:16:27.0850 2888 Windows directory: C:\Windows 17:16:27.0850 2888 System windows directory: C:\Windows 17:16:27.0850 2888 Running under WOW64 17:16:27.0850 2888 Processor architecture: Intel x64 17:16:27.0850 2888 Number of processors: 2 17:16:27.0850 2888 Page size: 0x1000 17:16:27.0850 2888 Boot type: Normal boot 17:16:27.0850 2888 ============================================================ 17:16:28.0989 2888 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:16:29.0020 2888 Drive \Device\Harddisk6\DR6 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:16:29.0020 2888 ============================================================ 17:16:29.0020 2888 \Device\Harddisk0\DR0: 17:16:29.0020 2888 MBR partitions: 17:16:29.0020 2888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000 17:16:29.0020 2888 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x55B13000 17:16:29.0020 2888 \Device\Harddisk6\DR6: 17:16:29.0020 2888 MBR partitions: 17:16:29.0020 2888 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x77DFC0 17:16:29.0020 2888 ============================================================ 17:16:29.0036 2888 C: <-> \Device\Harddisk0\DR0\Partition2 17:16:29.0036 2888 ============================================================ 17:16:29.0036 2888 Initialize success 17:16:29.0036 2888 ============================================================ 17:17:35.0687 1924 ============================================================ 17:17:35.0687 1924 Scan started 17:17:35.0687 1924 Mode: Manual; TDLFS; 17:17:35.0687 1924 ============================================================ 17:17:35.0843 1924 ================ Scan system memory ======================== 17:17:35.0843 1924 System memory - ok 17:17:35.0843 1924 ================ Scan services ============================= 17:17:35.0999 1924 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 17:17:35.0999 1924 1394ohci - ok 17:17:36.0030 1924 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:17:36.0030 1924 ACPI - ok 17:17:36.0046 1924 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:17:36.0046 1924 AcpiPmi - ok 17:17:36.0155 1924 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:17:36.0155 1924 AdobeFlashPlayerUpdateSvc - ok 17:17:36.0202 1924 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 17:17:36.0202 1924 adp94xx - ok 17:17:36.0233 1924 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 17:17:36.0233 1924 adpahci - ok 17:17:36.0249 1924 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 17:17:36.0249 1924 adpu320 - ok 17:17:36.0280 1924 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:17:36.0280 1924 AeLookupSvc - ok 17:17:36.0296 1924 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 17:17:36.0311 1924 AFD - ok 17:17:36.0311 1924 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:17:36.0311 1924 agp440 - ok 17:17:36.0342 1924 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:17:36.0342 1924 ALG - ok 17:17:36.0342 1924 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 17:17:36.0358 1924 aliide - ok 17:17:36.0405 1924 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 17:17:36.0405 1924 AMD External Events Utility - ok 17:17:36.0467 1924 AMD FUEL Service - ok 17:17:36.0467 1924 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 17:17:36.0467 1924 amdide - ok 17:17:36.0498 1924 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 17:17:36.0498 1924 amdiox64 - ok 17:17:36.0514 1924 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 17:17:36.0514 1924 AmdK8 - ok 17:17:36.0732 1924 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 17:17:36.0920 1924 amdkmdag - ok 17:17:36.0951 1924 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 17:17:36.0966 1924 amdkmdap - ok 17:17:36.0966 1924 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 17:17:36.0966 1924 AmdPPM - ok 17:17:36.0982 1924 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:17:36.0982 1924 amdsata - ok 17:17:36.0998 1924 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 17:17:37.0013 1924 amdsbs - ok 17:17:37.0013 1924 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:17:37.0013 1924 amdxata - ok 17:17:37.0060 1924 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 17:17:37.0060 1924 AODDriver4.1 - ok 17:17:37.0076 1924 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 17:17:37.0076 1924 AppID - ok 17:17:37.0107 1924 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:17:37.0107 1924 AppIDSvc - ok 17:17:37.0138 1924 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 17:17:37.0138 1924 Appinfo - ok 17:17:37.0216 1924 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:17:37.0216 1924 Apple Mobile Device - ok 17:17:37.0247 1924 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 17:17:37.0247 1924 arc - ok 17:17:37.0263 1924 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 17:17:37.0263 1924 arcsas - ok 17:17:37.0310 1924 aspnet_state - ok 17:17:37.0341 1924 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:17:37.0341 1924 AsyncMac - ok 17:17:37.0341 1924 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 17:17:37.0341 1924 atapi - ok 17:17:37.0388 1924 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 17:17:37.0388 1924 AtiHDAudioService - ok 17:17:37.0419 1924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:17:37.0434 1924 AudioEndpointBuilder - ok 17:17:37.0450 1924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:17:37.0450 1924 AudioSrv - ok 17:17:37.0497 1924 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:17:37.0497 1924 AxInstSV - ok 17:17:37.0528 1924 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 17:17:37.0544 1924 b06bdrv - ok 17:17:37.0559 1924 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:17:37.0559 1924 b57nd60a - ok 17:17:37.0637 1924 [ 6FA3557EA5FA09BA705298CC6B0E9F5A ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys 17:17:37.0637 1924 BCMH43XX - ok 17:17:37.0668 1924 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 17:17:37.0668 1924 BDESVC - ok 17:17:37.0684 1924 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 17:17:37.0684 1924 Beep - ok 17:17:37.0793 1924 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 17:17:37.0824 1924 BFE - ok 17:17:37.0934 1924 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 17:17:37.0965 1924 BITS - ok 17:17:37.0980 1924 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:17:37.0996 1924 blbdrive - ok 17:17:38.0043 1924 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 17:17:38.0043 1924 Bonjour Service - ok 17:17:38.0074 1924 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:17:38.0074 1924 bowser - ok 17:17:38.0090 1924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:17:38.0105 1924 BrFiltLo - ok 17:17:38.0121 1924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:17:38.0121 1924 BrFiltUp - ok 17:17:38.0136 1924 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 17:17:38.0136 1924 BridgeMP - ok 17:17:38.0152 1924 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 17:17:38.0168 1924 Browser - ok 17:17:38.0183 1924 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:17:38.0183 1924 Brserid - ok 17:17:38.0199 1924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:17:38.0199 1924 BrSerWdm - ok 17:17:38.0214 1924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:17:38.0214 1924 BrUsbMdm - ok 17:17:38.0214 1924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:17:38.0214 1924 BrUsbSer - ok 17:17:38.0230 1924 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 17:17:38.0246 1924 BTHMODEM - ok 17:17:38.0261 1924 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 17:17:38.0261 1924 bthserv - ok 17:17:38.0292 1924 catchme - ok 17:17:38.0308 1924 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:17:38.0308 1924 cdfs - ok 17:17:38.0355 1924 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:17:38.0355 1924 cdrom - ok 17:17:38.0370 1924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 17:17:38.0370 1924 CertPropSvc - ok 17:17:38.0386 1924 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 17:17:38.0386 1924 circlass - ok 17:17:38.0417 1924 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 17:17:38.0417 1924 CLFS - ok 17:17:38.0433 1924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:17:38.0448 1924 clr_optimization_v2.0.50727_32 - ok 17:17:38.0495 1924 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:17:38.0495 1924 clr_optimization_v2.0.50727_64 - ok 17:17:38.0542 1924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:17:38.0542 1924 clr_optimization_v4.0.30319_32 - ok 17:17:38.0573 1924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:17:38.0573 1924 clr_optimization_v4.0.30319_64 - ok 17:17:38.0589 1924 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:17:38.0604 1924 CmBatt - ok 17:17:38.0636 1924 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:17:38.0636 1924 cmdide - ok 17:17:38.0667 1924 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 17:17:38.0667 1924 CNG - ok 17:17:38.0682 1924 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:17:38.0682 1924 Compbatt - ok 17:17:38.0714 1924 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 17:17:38.0714 1924 CompositeBus - ok 17:17:38.0729 1924 COMSysApp - ok 17:17:38.0745 1924 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 17:17:38.0745 1924 crcdisk - ok 17:17:38.0760 1924 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:17:38.0776 1924 CryptSvc - ok 17:17:38.0792 1924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:17:38.0807 1924 DcomLaunch - ok 17:17:38.0838 1924 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 17:17:38.0838 1924 defragsvc - ok 17:17:38.0870 1924 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:17:38.0870 1924 DfsC - ok 17:17:38.0885 1924 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 17:17:38.0901 1924 Dhcp - ok 17:17:38.0901 1924 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 17:17:38.0916 1924 discache - ok 17:17:38.0932 1924 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 17:17:38.0932 1924 Disk - ok 17:17:39.0026 1924 [ 2CAAD3E488998887861C46B3027D0DC8 ] DMDefragService C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe 17:17:39.0041 1924 DMDefragService - ok 17:17:39.0088 1924 [ E4BFEBC56896951001F1297BF47D5341 ] DMRepairService C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe 17:17:39.0104 1924 DMRepairService - ok 17:17:39.0135 1924 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:17:39.0135 1924 Dnscache - ok 17:17:39.0166 1924 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:17:39.0182 1924 dot3svc - ok 17:17:39.0213 1924 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 17:17:39.0213 1924 DPS - ok 17:17:39.0228 1924 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:17:39.0228 1924 drmkaud - ok 17:17:39.0275 1924 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 17:17:39.0275 1924 dtsoftbus01 - ok 17:17:39.0322 1924 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:17:39.0338 1924 DXGKrnl - ok 17:17:39.0369 1924 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 17:17:39.0369 1924 EapHost - ok 17:17:39.0431 1924 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 17:17:39.0509 1924 ebdrv - ok 17:17:39.0525 1924 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 17:17:39.0525 1924 EFS - ok 17:17:39.0587 1924 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:17:39.0603 1924 ehRecvr - ok 17:17:39.0634 1924 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 17:17:39.0634 1924 ehSched - ok 17:17:39.0681 1924 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 17:17:39.0681 1924 elxstor - ok 17:17:39.0712 1924 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:17:39.0712 1924 ErrDev - ok 17:17:39.0759 1924 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 17:17:39.0759 1924 EventSystem - ok 17:17:39.0774 1924 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 17:17:39.0774 1924 exfat - ok 17:17:39.0790 1924 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:17:39.0806 1924 fastfat - ok 17:17:39.0821 1924 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 17:17:39.0837 1924 Fax - ok 17:17:39.0852 1924 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:17:39.0852 1924 fdc - ok 17:17:39.0884 1924 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 17:17:39.0884 1924 fdPHost - ok 17:17:39.0899 1924 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 17:17:39.0899 1924 FDResPub - ok 17:17:39.0915 1924 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:17:39.0915 1924 FileInfo - ok 17:17:39.0930 1924 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:17:39.0930 1924 Filetrace - ok 17:17:39.0993 1924 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 17:17:40.0008 1924 FLEXnet Licensing Service - ok 17:17:40.0024 1924 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:17:40.0024 1924 flpydisk - ok 17:17:40.0055 1924 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:17:40.0071 1924 FltMgr - ok 17:17:40.0102 1924 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 17:17:40.0133 1924 FontCache - ok 17:17:40.0164 1924 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:17:40.0164 1924 FontCache3.0.0.0 - ok 17:17:40.0242 1924 [ A9FF65EA14E4CABFCC1BB8ECE111A249 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 17:17:40.0258 1924 ForceWare Intelligent Application Manager (IAM) - ok 17:17:40.0274 1924 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:17:40.0274 1924 FsDepends - ok 17:17:40.0305 1924 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:17:40.0305 1924 Fs_Rec - ok 17:17:40.0320 1924 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:17:40.0336 1924 fvevol - ok 17:17:40.0367 1924 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 17:17:40.0367 1924 gagp30kx - ok 17:17:40.0430 1924 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe 17:17:40.0430 1924 GameConsoleService - ok 17:17:40.0476 1924 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 17:17:40.0492 1924 gpsvc - ok 17:17:40.0554 1924 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe 17:17:40.0586 1924 Greg_Service - ok 17:17:40.0632 1924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:17:40.0632 1924 gupdate - ok 17:17:40.0648 1924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:17:40.0648 1924 gupdatem - ok 17:17:40.0679 1924 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 17:17:40.0679 1924 gusvc - ok 17:17:40.0695 1924 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:17:40.0695 1924 hcw85cir - ok 17:17:40.0726 1924 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:17:40.0742 1924 HdAudAddService - ok 17:17:40.0757 1924 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:17:40.0757 1924 HDAudBus - ok 17:17:40.0757 1924 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 17:17:40.0757 1924 HidBatt - ok 17:17:40.0788 1924 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 17:17:40.0804 1924 HidBth - ok 17:17:40.0804 1924 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 17:17:40.0804 1924 HidIr - ok 17:17:40.0835 1924 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 17:17:40.0835 1924 hidserv - ok 17:17:40.0866 1924 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:17:40.0866 1924 HidUsb - ok 17:17:40.0898 1924 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:17:40.0898 1924 hkmsvc - ok 17:17:40.0929 1924 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:17:40.0929 1924 HomeGroupListener - ok 17:17:40.0960 1924 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:17:40.0960 1924 HomeGroupProvider - ok 17:17:40.0991 1924 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:17:40.0991 1924 HpSAMD - ok 17:17:41.0038 1924 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:17:41.0038 1924 HTTP - ok 17:17:41.0054 1924 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:17:41.0054 1924 hwpolicy - ok 17:17:41.0085 1924 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 17:17:41.0085 1924 i8042prt - ok 17:17:41.0116 1924 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:17:41.0116 1924 iaStorV - ok 17:17:41.0147 1924 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:17:41.0163 1924 idsvc - ok 17:17:41.0178 1924 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 17:17:41.0194 1924 iirsp - ok 17:17:41.0225 1924 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 17:17:41.0241 1924 IKEEXT - ok 17:17:41.0303 1924 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 17:17:41.0319 1924 IntcAzAudAddService - ok 17:17:41.0319 1924 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 17:17:41.0319 1924 intelide - ok 17:17:41.0334 1924 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:17:41.0334 1924 intelppm - ok 17:17:41.0366 1924 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:17:41.0366 1924 IPBusEnum - ok 17:17:41.0397 1924 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:17:41.0397 1924 IpFilterDriver - ok 17:17:41.0428 1924 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:17:41.0444 1924 iphlpsvc - ok 17:17:41.0459 1924 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:17:41.0459 1924 IPMIDRV - ok 17:17:41.0475 1924 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:17:41.0475 1924 IPNAT - ok 17:17:41.0490 1924 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:17:41.0490 1924 IRENUM - ok 17:17:41.0490 1924 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:17:41.0490 1924 isapnp - ok 17:17:41.0506 1924 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:17:41.0506 1924 iScsiPrt - ok 17:17:41.0537 1924 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:17:41.0537 1924 kbdclass - ok 17:17:41.0553 1924 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:17:41.0553 1924 kbdhid - ok 17:17:41.0568 1924 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 17:17:41.0568 1924 KeyIso - ok 17:17:41.0600 1924 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:17:41.0600 1924 KSecDD - ok 17:17:41.0631 1924 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:17:41.0631 1924 KSecPkg - ok 17:17:41.0646 1924 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:17:41.0646 1924 ksthunk - ok 17:17:41.0678 1924 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 17:17:41.0678 1924 KtmRm - ok 17:17:41.0693 1924 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 17:17:41.0709 1924 LanmanServer - ok 17:17:41.0724 1924 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:17:41.0724 1924 LanmanWorkstation - ok 17:17:41.0756 1924 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:17:41.0756 1924 lltdio - ok 17:17:41.0787 1924 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:17:41.0787 1924 lltdsvc - ok 17:17:41.0818 1924 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:17:41.0818 1924 lmhosts - ok 17:17:41.0818 1924 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 17:17:41.0834 1924 LSI_FC - ok 17:17:41.0834 1924 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 17:17:41.0849 1924 LSI_SAS - ok 17:17:41.0849 1924 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:17:41.0865 1924 LSI_SAS2 - ok 17:17:41.0865 1924 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:17:41.0865 1924 LSI_SCSI - ok 17:17:41.0880 1924 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 17:17:41.0880 1924 luafv - ok 17:17:41.0912 1924 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:17:41.0912 1924 Mcx2Svc - ok 17:17:41.0943 1924 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 17:17:41.0943 1924 megasas - ok 17:17:41.0958 1924 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 17:17:41.0958 1924 MegaSR - ok 17:17:42.0036 1924 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 17:17:42.0036 1924 Microsoft Office Groove Audit Service - ok 17:17:42.0052 1924 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 17:17:42.0068 1924 MMCSS - ok 17:17:42.0083 1924 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 17:17:42.0083 1924 Modem - ok 17:17:42.0099 1924 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:17:42.0099 1924 monitor - ok 17:17:42.0114 1924 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:17:42.0114 1924 mouclass - ok 17:17:42.0130 1924 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:17:42.0130 1924 mouhid - ok 17:17:42.0146 1924 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:17:42.0146 1924 mountmgr - ok 17:17:42.0208 1924 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:17:42.0208 1924 MozillaMaintenance - ok 17:17:42.0255 1924 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 17:17:42.0255 1924 mpio - ok 17:17:42.0270 1924 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:17:42.0270 1924 mpsdrv - ok 17:17:42.0317 1924 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 17:17:42.0333 1924 MpsSvc - ok 17:17:42.0364 1924 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:17:42.0380 1924 MRxDAV - ok 17:17:42.0395 1924 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:17:42.0395 1924 mrxsmb - ok 17:17:42.0426 1924 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:17:42.0442 1924 mrxsmb10 - ok 17:17:42.0458 1924 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:17:42.0458 1924 mrxsmb20 - ok 17:17:42.0473 1924 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 17:17:42.0473 1924 msahci - ok 17:17:42.0473 1924 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:17:42.0489 1924 msdsm - ok 17:17:42.0504 1924 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 17:17:42.0504 1924 MSDTC - ok 17:17:42.0520 1924 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:17:42.0520 1924 Msfs - ok 17:17:42.0536 1924 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:17:42.0536 1924 mshidkmdf - ok 17:17:42.0551 1924 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:17:42.0567 1924 msisadrv - ok 17:17:42.0582 1924 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:17:42.0582 1924 MSiSCSI - ok 17:17:42.0598 1924 msiserver - ok 17:17:42.0614 1924 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:17:42.0614 1924 MSKSSRV - ok 17:17:42.0614 1924 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:17:42.0614 1924 MSPCLOCK - ok 17:17:42.0629 1924 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:17:42.0629 1924 MSPQM - ok 17:17:42.0660 1924 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:17:42.0660 1924 MsRPC - ok 17:17:42.0676 1924 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 17:17:42.0676 1924 mssmbios - ok 17:17:42.0676 1924 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:17:42.0676 1924 MSTEE - ok 17:17:42.0692 1924 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 17:17:42.0692 1924 MTConfig - ok 17:17:42.0707 1924 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 17:17:42.0707 1924 Mup - ok 17:17:42.0723 1924 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 17:17:42.0723 1924 napagent - ok 17:17:42.0770 1924 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:17:42.0770 1924 NativeWifiP - ok 17:17:42.0816 1924 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:17:42.0832 1924 NDIS - ok 17:17:42.0848 1924 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:17:42.0848 1924 NdisCap - ok 17:17:42.0848 1924 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:17:42.0863 1924 NdisTapi - ok 17:17:42.0879 1924 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:17:42.0879 1924 Ndisuio - ok 17:17:42.0894 1924 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:17:42.0894 1924 NdisWan - ok 17:17:42.0926 1924 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:17:42.0926 1924 NDProxy - ok 17:17:43.0004 1924 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 17:17:43.0035 1924 Nero BackItUp Scheduler 4.0 - ok 17:17:43.0066 1924 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:17:43.0066 1924 NetBIOS - ok 17:17:43.0082 1924 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:17:43.0082 1924 NetBT - ok 17:17:43.0097 1924 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 17:17:43.0097 1924 Netlogon - ok 17:17:43.0128 1924 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 17:17:43.0144 1924 Netman - ok 17:17:43.0160 1924 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 17:17:43.0160 1924 netprofm - ok 17:17:43.0191 1924 [ 93A240FD4C133D1ED7CCF829159C4B78 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys 17:17:43.0191 1924 netr7364 - ok 17:17:43.0238 1924 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:17:43.0238 1924 NetTcpPortSharing - ok 17:17:43.0269 1924 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 17:17:43.0269 1924 nfrd960 - ok 17:17:43.0316 1924 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:17:43.0316 1924 NlaSvc - ok 17:17:43.0331 1924 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:17:43.0331 1924 Npfs - ok 17:17:43.0331 1924 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 17:17:43.0347 1924 nsi - ok 17:17:43.0347 1924 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:17:43.0347 1924 nsiproxy - ok 17:17:43.0394 1924 [ C04F5DEF37E55F6A34428B050F44D3D6 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 17:17:43.0394 1924 nSvcIp - ok 17:17:43.0440 1924 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:17:43.0472 1924 Ntfs - ok 17:17:43.0487 1924 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 17:17:43.0487 1924 Null - ok 17:17:43.0534 1924 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 17:17:43.0534 1924 NVENETFD - ok 17:17:43.0784 1924 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 17:17:44.0033 1924 nvlddmkm - ok 17:17:44.0049 1924 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys 17:17:44.0049 1924 NVNET - ok 17:17:44.0080 1924 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:17:44.0096 1924 nvraid - ok 17:17:44.0096 1924 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:17:44.0096 1924 nvstor - ok 17:17:44.0127 1924 [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys 17:17:44.0127 1924 nvstor64 - ok 17:17:44.0142 1924 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe 17:17:44.0158 1924 nvsvc - ok 17:17:44.0189 1924 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:17:44.0189 1924 nv_agp - ok 17:17:44.0236 1924 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:17:44.0252 1924 odserv - ok 17:17:44.0267 1924 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:17:44.0267 1924 ohci1394 - ok 17:17:44.0314 1924 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:17:44.0330 1924 ose - ok 17:17:44.0361 1924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:17:44.0376 1924 p2pimsvc - ok 17:17:44.0392 1924 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 17:17:44.0408 1924 p2psvc - ok 17:17:44.0423 1924 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 17:17:44.0423 1924 Parport - ok 17:17:44.0454 1924 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:17:44.0454 1924 partmgr - ok 17:17:44.0470 1924 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:17:44.0470 1924 PcaSvc - ok 17:17:44.0501 1924 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 17:17:44.0501 1924 pci - ok 17:17:44.0501 1924 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 17:17:44.0501 1924 pciide - ok 17:17:44.0517 1924 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 17:17:44.0532 1924 pcmcia - ok 17:17:44.0548 1924 [ F807B82D4A743270C881F635055B1F7F ] PCTDMDefrag C:\Windows\system32\drivers\PCTDMDefrag.sys 17:17:44.0548 1924 PCTDMDefrag - ok 17:17:44.0564 1924 [ AC61DD47194DF8241527B4291E5BB536 ] PCTDSMon C:\Windows\system32\drivers\PCTDSMon.sys 17:17:44.0564 1924 PCTDSMon - ok 17:17:44.0610 1924 [ 97571EF24B653DDC0538C59BCD989AE1 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe 17:17:44.0610 1924 PCToolsSSDMonitorSvc - ok 17:17:44.0642 1924 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 17:17:44.0642 1924 pcw - ok 17:17:44.0657 1924 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:17:44.0673 1924 PEAUTH - ok 17:17:44.0751 1924 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:17:44.0751 1924 PerfHost - ok 17:17:44.0829 1924 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 17:17:44.0860 1924 pla - ok 17:17:44.0907 1924 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:17:44.0922 1924 PlugPlay - ok 17:17:44.0954 1924 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:17:44.0954 1924 PNRPAutoReg - ok 17:17:44.0969 1924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:17:44.0985 1924 PNRPsvc - ok 17:17:45.0016 1924 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:17:45.0016 1924 PolicyAgent - ok 17:17:45.0063 1924 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 17:17:45.0063 1924 Power - ok 17:17:45.0094 1924 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:17:45.0094 1924 PptpMiniport - ok 17:17:45.0110 1924 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 17:17:45.0110 1924 Processor - ok 17:17:45.0141 1924 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 17:17:45.0156 1924 ProfSvc - ok 17:17:45.0156 1924 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:17:45.0156 1924 ProtectedStorage - ok 17:17:45.0203 1924 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:17:45.0203 1924 Psched - ok 17:17:45.0234 1924 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 17:17:45.0266 1924 ql2300 - ok 17:17:45.0297 1924 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 17:17:45.0297 1924 ql40xx - ok 17:17:45.0312 1924 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 17:17:45.0312 1924 QWAVE - ok 17:17:45.0344 1924 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:17:45.0344 1924 QWAVEdrv - ok 17:17:45.0344 1924 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:17:45.0359 1924 RasAcd - ok 17:17:45.0390 1924 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:17:45.0390 1924 RasAgileVpn - ok 17:17:45.0406 1924 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 17:17:45.0406 1924 RasAuto - ok 17:17:45.0437 1924 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:17:45.0453 1924 Rasl2tp - ok 17:17:45.0468 1924 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 17:17:45.0468 1924 RasMan - ok 17:17:45.0500 1924 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:17:45.0500 1924 RasPppoe - ok 17:17:45.0531 1924 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:17:45.0531 1924 RasSstp - ok 17:17:45.0546 1924 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:17:45.0546 1924 rdbss - ok 17:17:45.0562 1924 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 17:17:45.0562 1924 rdpbus - ok 17:17:45.0578 1924 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:17:45.0578 1924 RDPCDD - ok 17:17:45.0578 1924 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:17:45.0578 1924 RDPENCDD - ok 17:17:45.0593 1924 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:17:45.0593 1924 RDPREFMP - ok 17:17:45.0609 1924 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:17:45.0624 1924 RDPWD - ok 17:17:45.0640 1924 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:17:45.0640 1924 rdyboost - ok 17:17:45.0656 1924 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:17:45.0671 1924 RemoteAccess - ok 17:17:45.0702 1924 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:17:45.0702 1924 RemoteRegistry - ok 17:17:45.0734 1924 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:17:45.0734 1924 RpcEptMapper - ok 17:17:45.0749 1924 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 17:17:45.0749 1924 RpcLocator - ok 17:17:45.0780 1924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 17:17:45.0780 1924 RpcSs - ok 17:17:45.0796 1924 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:17:45.0796 1924 rspndr - ok 17:17:45.0796 1924 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 17:17:45.0812 1924 SamSs - ok 17:17:45.0843 1924 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:17:45.0843 1924 sbp2port - ok 17:17:45.0858 1924 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:17:45.0858 1924 SCardSvr - ok 17:17:45.0890 1924 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:17:45.0890 1924 scfilter - ok 17:17:45.0936 1924 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 17:17:45.0968 1924 Schedule - ok 17:17:45.0983 1924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 17:17:45.0999 1924 SCPolicySvc - ok 17:17:46.0030 1924 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:17:46.0030 1924 SDRSVC - ok 17:17:46.0046 1924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:17:46.0046 1924 secdrv - ok 17:17:46.0077 1924 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 17:17:46.0077 1924 seclogon - ok 17:17:46.0092 1924 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 17:17:46.0092 1924 SENS - ok 17:17:46.0124 1924 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:17:46.0124 1924 SensrSvc - ok 17:17:46.0139 1924 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 17:17:46.0139 1924 Serenum - ok 17:17:46.0186 1924 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 17:17:46.0186 1924 Serial - ok 17:17:46.0202 1924 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 17:17:46.0217 1924 sermouse - ok 17:17:46.0248 1924 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 17:17:46.0248 1924 SessionEnv - ok 17:17:46.0264 1924 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:17:46.0280 1924 sffdisk - ok 17:17:46.0280 1924 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:17:46.0280 1924 sffp_mmc - ok 17:17:46.0280 1924 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:17:46.0280 1924 sffp_sd - ok 17:17:46.0295 1924 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 17:17:46.0295 1924 sfloppy - ok 17:17:46.0358 1924 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:17:46.0358 1924 SharedAccess - ok 17:17:46.0389 1924 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:17:46.0389 1924 ShellHWDetection - ok 17:17:46.0420 1924 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:17:46.0420 1924 SiSRaid2 - ok 17:17:46.0436 1924 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 17:17:46.0436 1924 SiSRaid4 - ok 17:17:46.0498 1924 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 17:17:46.0498 1924 SkypeUpdate - ok 17:17:46.0529 1924 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:17:46.0529 1924 Smb - ok 17:17:46.0560 1924 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:17:46.0560 1924 SNMPTRAP - ok 17:17:46.0592 1924 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 17:17:46.0592 1924 spldr - ok 17:17:46.0623 1924 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 17:17:46.0638 1924 Spooler - ok 17:17:46.0732 1924 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 17:17:46.0794 1924 sppsvc - ok 17:17:46.0826 1924 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:17:46.0826 1924 sppuinotify - ok 17:17:46.0857 1924 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 17:17:46.0872 1924 srv - ok 17:17:46.0888 1924 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:17:46.0888 1924 srv2 - ok 17:17:46.0919 1924 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:17:46.0919 1924 srvnet - ok 17:17:46.0950 1924 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:17:46.0950 1924 SSDPSRV - ok 17:17:46.0966 1924 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:17:46.0966 1924 SstpSvc - ok 17:17:46.0997 1924 Steam Client Service - ok 17:17:47.0013 1924 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 17:17:47.0013 1924 stexstor - ok 17:17:47.0060 1924 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 17:17:47.0060 1924 stisvc - ok 17:17:47.0091 1924 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 17:17:47.0091 1924 swenum - ok 17:17:47.0122 1924 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 17:17:47.0138 1924 swprv - ok 17:17:47.0200 1924 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 17:17:47.0231 1924 SysMain - ok 17:17:47.0262 1924 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:17:47.0262 1924 TabletInputService - ok 17:17:47.0278 1924 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:17:47.0294 1924 TapiSrv - ok 17:17:47.0309 1924 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 17:17:47.0309 1924 TBS - ok 17:17:47.0372 1924 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:17:47.0403 1924 Tcpip - ok 17:17:47.0450 1924 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:17:47.0465 1924 TCPIP6 - ok 17:17:47.0481 1924 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:17:47.0481 1924 tcpipreg - ok 17:17:47.0496 1924 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:17:47.0512 1924 TDPIPE - ok 17:17:47.0528 1924 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:17:47.0528 1924 TDTCP - ok 17:17:47.0559 1924 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:17:47.0559 1924 tdx - ok 17:17:47.0574 1924 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 17:17:47.0574 1924 TermDD - ok 17:17:47.0606 1924 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 17:17:47.0606 1924 TermService - ok 17:17:47.0621 1924 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 17:17:47.0637 1924 Themes - ok 17:17:47.0652 1924 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 17:17:47.0652 1924 THREADORDER - ok 17:17:47.0668 1924 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 17:17:47.0668 1924 TrkWks - ok 17:17:47.0715 1924 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:17:47.0715 1924 TrustedInstaller - ok 17:17:47.0746 1924 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:17:47.0746 1924 tssecsrv - ok 17:17:47.0777 1924 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 17:17:47.0777 1924 TsUsbFlt - ok 17:17:47.0808 1924 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:17:47.0824 1924 tunnel - ok 17:17:47.0840 1924 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 17:17:47.0840 1924 uagp35 - ok 17:17:47.0855 1924 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:17:47.0855 1924 udfs - ok 17:17:47.0886 1924 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:17:47.0886 1924 UI0Detect - ok 17:17:47.0902 1924 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:17:47.0902 1924 uliagpkx - ok 17:17:47.0933 1924 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 17:17:47.0933 1924 umbus - ok 17:17:47.0949 1924 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 17:17:47.0949 1924 UmPass - ok 17:17:47.0980 1924 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe 17:17:47.0980 1924 Updater Service - ok 17:17:47.0996 1924 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 17:17:48.0011 1924 upnphost - ok 17:17:48.0042 1924 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 17:17:48.0042 1924 USBAAPL64 - ok 17:17:48.0074 1924 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 17:17:48.0089 1924 usbaudio - ok 17:17:48.0120 1924 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys 17:17:48.0120 1924 usbbus - ok 17:17:48.0136 1924 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:17:48.0136 1924 usbccgp - ok 17:17:48.0136 1924 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:17:48.0152 1924 usbcir - ok 17:17:48.0167 1924 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys 17:17:48.0167 1924 UsbDiag - ok 17:17:48.0183 1924 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:17:48.0183 1924 usbehci - ok 17:17:48.0198 1924 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:17:48.0214 1924 usbhub - ok 17:17:48.0214 1924 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys 17:17:48.0214 1924 USBModem - ok 17:17:48.0230 1924 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 17:17:48.0230 1924 usbohci - ok 17:17:48.0230 1924 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:17:48.0230 1924 usbprint - ok 17:17:48.0245 1924 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:17:48.0261 1924 USBSTOR - ok 17:17:48.0261 1924 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 17:17:48.0276 1924 usbuhci - ok 17:17:48.0308 1924 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 17:17:48.0308 1924 usbvideo - ok 17:17:48.0323 1924 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 17:17:48.0323 1924 UxSms - ok 17:17:48.0339 1924 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 17:17:48.0339 1924 VaultSvc - ok 17:17:48.0370 1924 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 17:17:48.0370 1924 vdrvroot - ok 17:17:48.0401 1924 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 17:17:48.0417 1924 vds - ok 17:17:48.0417 1924 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:17:48.0417 1924 vga - ok 17:17:48.0432 1924 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 17:17:48.0432 1924 VgaSave - ok 17:17:48.0464 1924 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 17:17:48.0464 1924 vhdmp - ok 17:17:48.0479 1924 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 17:17:48.0479 1924 viaide - ok 17:17:48.0495 1924 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:17:48.0495 1924 volmgr - ok 17:17:48.0526 1924 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:17:48.0526 1924 volmgrx - ok 17:17:48.0542 1924 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:17:48.0542 1924 volsnap - ok 17:17:48.0573 1924 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 17:17:48.0573 1924 vsmraid - ok 17:17:48.0620 1924 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 17:17:48.0666 1924 VSS - ok 17:17:48.0682 1924 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 17:17:48.0682 1924 vwifibus - ok 17:17:48.0698 1924 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 17:17:48.0698 1924 vwififlt - ok 17:17:48.0698 1924 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 17:17:48.0713 1924 vwifimp - ok 17:17:48.0729 1924 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 17:17:48.0744 1924 W32Time - ok 17:17:48.0760 1924 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 17:17:48.0760 1924 WacomPen - ok 17:17:48.0776 1924 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:17:48.0776 1924 WANARP - ok 17:17:48.0776 1924 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:17:48.0776 1924 Wanarpv6 - ok 17:17:48.0854 1924 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 17:17:48.0916 1924 WatAdminSvc - ok 17:17:48.0978 1924 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 17:17:49.0025 1924 wbengine - ok 17:17:49.0056 1924 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:17:49.0056 1924 WbioSrvc - ok 17:17:49.0088 1924 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:17:49.0103 1924 wcncsvc - ok 17:17:49.0119 1924 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:17:49.0119 1924 WcsPlugInService - ok 17:17:49.0134 1924 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 17:17:49.0134 1924 Wd - ok 17:17:49.0181 1924 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:17:49.0181 1924 Wdf01000 - ok 17:17:49.0197 1924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:17:49.0197 1924 WdiServiceHost - ok 17:17:49.0197 1924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:17:49.0212 1924 WdiSystemHost - ok 17:17:49.0228 1924 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 17:17:49.0244 1924 WebClient - ok 17:17:49.0259 1924 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:17:49.0259 1924 Wecsvc - ok 17:17:49.0275 1924 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:17:49.0290 1924 wercplsupport - ok 17:17:49.0306 1924 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 17:17:49.0322 1924 WerSvc - ok 17:17:49.0322 1924 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:17:49.0322 1924 WfpLwf - ok 17:17:49.0337 1924 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:17:49.0337 1924 WIMMount - ok 17:17:49.0337 1924 WinDefend - ok 17:17:49.0353 1924 WinHttpAutoProxySvc - ok 17:17:49.0400 1924 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:17:49.0400 1924 Winmgmt - ok 17:17:49.0462 1924 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 17:17:49.0493 1924 WinRM - ok 17:17:49.0556 1924 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 17:17:49.0556 1924 WinUsb - ok 17:17:49.0587 1924 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 17:17:49.0602 1924 Wlansvc - ok 17:17:49.0649 1924 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 17:17:49.0649 1924 WmiAcpi - ok 17:17:49.0665 1924 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:17:49.0680 1924 wmiApSrv - ok 17:17:49.0696 1924 WMPNetworkSvc - ok 17:17:49.0712 1924 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:17:49.0712 1924 WPCSvc - ok 17:17:49.0727 1924 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:17:49.0743 1924 WPDBusEnum - ok 17:17:49.0758 1924 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:17:49.0758 1924 ws2ifsl - ok 17:17:49.0774 1924 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 17:17:49.0774 1924 wscsvc - ok 17:17:49.0774 1924 WSearch - ok 17:17:49.0883 1924 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 17:17:49.0930 1924 wuauserv - ok 17:17:49.0946 1924 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:17:49.0946 1924 WudfPf - ok 17:17:49.0961 1924 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:17:49.0977 1924 WUDFRd - ok 17:17:49.0992 1924 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:17:50.0008 1924 wudfsvc - ok 17:17:50.0024 1924 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 17:17:50.0039 1924 WwanSvc - ok 17:17:50.0086 1924 X6va006 - ok 17:17:50.0117 1924 X6va008 - ok 17:17:50.0180 1924 X6va010 - ok 17:17:50.0242 1924 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 17:17:50.0258 1924 YahooAUService - ok 17:17:50.0320 1924 ================ Scan global =============================== 17:17:50.0351 1924 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 17:17:50.0382 1924 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 17:17:50.0398 1924 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 17:17:50.0414 1924 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 17:17:50.0445 1924 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 17:17:50.0445 1924 [Global] - ok 17:17:50.0445 1924 ================ Scan MBR ================================== 17:17:50.0460 1924 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0 17:17:54.0033 1924 \Device\Harddisk0\DR0 - ok 17:17:54.0048 1924 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk6\DR6 17:18:06.0497 1924 \Device\Harddisk6\DR6 - ok 17:18:06.0497 1924 ================ Scan VBR ================================== 17:18:06.0513 1924 [ 8C6572A2430ADBB6A5E9BC9E89AF6A12 ] \Device\Harddisk0\DR0\Partition1 17:18:06.0513 1924 \Device\Harddisk0\DR0\Partition1 - ok 17:18:06.0544 1924 [ 8CE128768D6B9BE5085B6ED954584AFD ] \Device\Harddisk0\DR0\Partition2 17:18:06.0544 1924 \Device\Harddisk0\DR0\Partition2 - ok 17:18:06.0544 1924 [ C7A49919AA0F94CC709CA26219B01D5C ] \Device\Harddisk6\DR6\Partition1 17:18:06.0544 1924 \Device\Harddisk6\DR6\Partition1 - ok 17:18:06.0544 1924 ============================================================ 17:18:06.0544 1924 Scan finished 17:18:06.0544 1924 ============================================================ 17:18:06.0560 2340 Detected object count: 0 17:18:06.0560 2340 Actual detected object count: 0 17:18:27.0947 4032 Deinitialize success < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > C:\Program Files (x86)\1ClickDownload\uninstall.exe Win32/Adware.1ClickDownload application C:\ProgramData\wxDownload\50b3e6f662612.ocx Win32/Adware.MultiPlug.D application C:\Qoobox\Quarantine\C\torrent.exe.vir Win32/BundleInstaller.A application C:\Qoobox\Quarantine\C\Users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll.vir a variant of Win32/Kryptik.AOWX trojan C:\Qoobox\Quarantine\C\Users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}\n.vir Win64/Sirefef.W trojan C:\Users\All Users\wxDownload\50b3e6f662612.ocx Win32/Adware.MultiPlug.D application C:\Users\Entregan\AppData\Local\Temp\fhNZ4irv.exe.part a variant of Win32/SoftonicDownloader.E application C:\Users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\36152302-733eefef a variant of Win32/Kryptik.AJFC trojan C:\Users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6eba7426-493cb52f multiple threats C:\Users\Entregan\Downloads\boarding_school_babes_teachers_pet.exe Win32/BundleInstaller.A application C:\Users\Entregan\Downloads\cnet2_ComicViewer_exe.exe a variant of Win32/InstallCore.D application C:\Users\Entregan\Downloads\cnet2_flash_movie_player_exe.exe a variant of Win32/InstallCore.D application C:\Users\Entregan\Downloads\DTLite4451-0236.exe Win32/OpenCandy application C:\Users\Entregan\Downloads\PC_Tools_Performance_Toolkit__.exe multiple threats C:\Users\Entregan\Downloads\SoftonicDownloader_for_flash-movie-player.exe Win32/SoftonicDownloader application C:\Users\Entregan\Downloads\SoftonicDownloader_for_startup-doctor.exe Win32/SoftonicDownloader.D application C:\Users\Entregan\Downloads\SoftonicDownloader_for_steam.exe Win32/SoftonicDownloader application C:\Users\Entregan\Downloads\The_Avengers_[2012]_CAM_H264_elite-pirates.exe Win32/Adware.1ClickDownload.C application C:\Users\Entregan\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application C:\Users\Entregan\Music\Collective_Soul_-_Collective_Soul_[blue]_(1995).exe multiple threats
  4. <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8006bfe060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006f\ Lower Device Object: 0xfffffa8006bfa060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800643d460 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000005f\ Lower Device Object: 0xfffffa8005ec4110 Lower Device Driver Name: \Driver\nvstor64\ Driver name found: nvstor64 DriverEntry returned 0x0 Function returned 0x0 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800643d460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800643e040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800643d460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005edae40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8005ec4110, DeviceName: \Device\0000005f\, DriverName: \Driver\nvstor64\ ------------ End ---------- Upper DeviceData: 0xfffff8a00b6945b0, 0xfffffa800643d460, 0xfffffa80058c9790 Lower DeviceData: 0xfffff8a00b576a10, 0xfffffa8005ec4110, 0xfffffa8005ce6e40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 470BF6B0 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 27262976 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 27265024 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 27469824 Numsec = 1437675520 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8006bfe060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006bff910, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006bfe060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006bfa060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8006c01060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006bfeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006c01060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006bf3710, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006c01b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006bf6060, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8006c03060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006c02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006c03060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006bf7060, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8006c09060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006c03b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006c09060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006bf6990, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 6, DevicePointer: 0xfffffa8007911060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800790d910, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007911060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007916490, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0xfffff8a00b1a66b0, 0xfffffa8007911060, 0xfffffa8005cdc090 Lower DeviceData: 0xfffff8a00b150150, 0xfffffa8007916490, 0xfffffa8005cdde40 Drive 6 Scanning MBR on drive 6... Inspecting partition table: MBR Signature: 55AA Disk Signature: 18CC46C1 Partition information: Partition 0 type is Other (0xc) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 7856064 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4022337024 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Scan Interrupted Done! ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 6441787392, free: 5516976128 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 6441787392, free: 5113593856 ------------ Kernel report ------------ 12/02/2012 16:03:41 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\DRIVERS\nvstor64.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\nvmf6264.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\bcmwlhigh664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_nvstor64.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa800780a060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000076\ Lower Device Object: 0xfffffa80079a7b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8006bfa060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000073\ Lower Device Object: 0xfffffa8006c03750 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8006bfb060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000072\ Lower Device Object: 0xfffffa80079a8060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8006c00060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xfffffa8006bf0a50 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8006c02060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xfffffa8006bf1b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8006c04060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006f\ Lower Device Object: 0xfffffa8006c01060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80063ed060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000005f\ Lower Device Object: 0xfffffa80060c39c0 Lower Device Driver Name: \Driver\nvstor64\ Driver name found: nvstor64 DriverEntry returned 0x0 Function returned 0x0 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80063ed060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80063edb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80063ed060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80060bf7a0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80060c39c0, DeviceName: \Device\0000005f\, DriverName: \Driver\nvstor64\ ------------ End ---------- Upper DeviceData: 0xfffff8a00bce2010, 0xfffffa80063ed060, 0xfffffa8005f7b090 Lower DeviceData: 0xfffff8a00bc6d120, 0xfffffa80060c39c0, 0xfffffa8005e9f090 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 470BF6B0 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 27262976 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 27265024 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 27469824 Numsec = 1437675520 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8006c04060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006c03040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006c04060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006c01060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006c04b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006bf1b60, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8006c00060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006c02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006c00060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006bf0a50, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8006bfb060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006c00b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006bfb060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80079a8060, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8006bfa060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006bfbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006bfa060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006c03750, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 6, DevicePointer: 0xfffffa800780a060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800791f040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800780a060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80079a7b60, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0xfffff8a00bd01b80, 0xfffffa800780a060, 0xfffffa8005d9b790 Lower DeviceData: 0xfffff8a00bc54070, 0xfffffa80079a7b60, 0xfffffa8005ce8940 Drive 6 Scanning MBR on drive 6... Inspecting partition table: MBR Signature: 55AA Disk Signature: 18CC46C1 Partition information: Partition 0 type is Other (0xc) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 7856064 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4022337024 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from AhaShare.com.txt" is sparse (flags = 32768) Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from Demonoid.me.txt" is sparse (flags = 32768) Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from elite-pirates.com.txt" is sparse (flags = 32768) Done! Scan finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 6441787392, free: 5518618624 < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.7.4 (12.02.2012:1) OS: Windows 7 Home Premium x64 Ran by Entregan on Sun 12/02/2012 at 16:14:47.93 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\crossrider" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\smartbar" Successfully deleted: [Registry Key] "hkey_current_user\software\conduit" Successfully deleted: [Registry Key] "hkey_current_user\software\softonic" Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim" Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit" Successfully deleted: [Registry Key] "hkey_local_machine\software\iminent" Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\installmate" Successfully deleted: [Folder] "C:\ProgramData\premium" Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\Users\Entregan\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo" ~~~ FireFox Successfully deleted: [File] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\user.js Successfully deleted: [File] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\extensions\fnktxwelcd@fnktxwelcd.org.xpi [Tracur] Successfully deleted: [Folder] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\smartbar Successfully deleted: [Folder] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\extensions\50b3e6d3346e5@50b3e6d33471e.com Successfully deleted the following from C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\prefs.js user_pref("CT3244149.1000082.isDisplayHidden", "true"); user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"http://feedlive.net/california.asx\"}"); user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3244149.FirstTime", "true"); user_pref("CT3244149.FirstTimeFF3", "true"); user_pref("CT3244149.LoginRevertSettingsEnabled", false); user_pref("CT3244149.RevertSettingsEnabled", true); user_pref("CT3244149.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q="); user_pref("CT3244149.UserID", "UN80476396242825083"); user_pref("CT3244149.UserId.enc", "MTNjZDRkNjgtNjZmZS1lYjI2LTBkZmItMjY5YjdjMjYwYmU3"); user_pref("CT3244149.addressBarTakeOverEnabledInHidden", "true"); user_pref("CT3244149.autoDisableScopes", 14); user_pref("CT3244149.browser.search.defaultthis.engineName", true); user_pref("CT3244149.cbfirsttime.enc", "TW9uIE5vdiAyNiAyMDEyIDE2OjAxOjM4IEdNVC0wNjAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp"); user_pref("CT3244149.defaultSearch", "true"); user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta user_pref("CT3244149.enableAlerts", "always"); user_pref("CT3244149.enableSearchFromAddressBar", "true"); user_pref("CT3244149.firstTimeDialogOpened", "true"); user_pref("CT3244149.fixPageNotFoundError", "true"); user_pref("CT3244149.fixPageNotFoundErrorInHidden", "true"); user_pref("CT3244149.fixUrls", true); user_pref("CT3244149.http___api30_starwebnet_com.pid2.enc", "YWE2ODYzNDAyYzk1NTEyNA=="); user_pref("CT3244149.http___toolbar_jollywallet_com_tlb_2.Affiliate_cache.enc", "WyJjODIyYzFiNjM4NTNlZDI3M2I4OTY4N2FjNTA1ZjlmYSIsIjczOGFhOGQzYmMwMmViODcxMmFjZDBlYjJjZjZkZmQ1IiwiMjM1MWY2MDBiZjYyMTAyYzU user_pref("CT3244149.http___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOlt7InR5cGUiOiJtZW51IiwiY2FwdGlvbiI6IiIsImltYWdlIjoiaW1hZ2VzL215d2FsbGV0X21pbi5wbmciLCJpbWFnZWhvdmVyIjoiaW user_pref("CT3244149.http___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiaHR0cDovL2FwaS5qb2xseXdhbGxldC5jb20vYWZmaWxpYXRlL2luaXQiLCJxdWVyeVVybCI6Imh0dHA6Ly9hcGkuam9sbHl3YWxs user_pref("CT3244149.installId", "166"); user_pref("CT3244149.installType", "conduitnsisintegration"); user_pref("CT3244149.isCheckedStartAsHidden", true); user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3244149.isFirstTimeToolbarLoading", "false"); user_pref("CT3244149.isNewTabEnabled", true); user_pref("CT3244149.isPerformedSmartBarTransition", "true"); user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT3244149.keyword", true); user_pref("CT3244149.migrateAppsAndComponents", true); user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"http://WhiteSmokeUSNew.OurToolbar.com/\",\"EB user_pref("CT3244149.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT3244149.openThankYouPage", "false"); user_pref("CT3244149.openUninstallPage", "true"); user_pref("CT3244149.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"11\\\\/27\\\\/2012 01\\\"}\"}"); user_pref("CT3244149.revertSettingsEnabled", "true"); user_pref("CT3244149.search.searchAppId", "129895725399351616"); user_pref("CT3244149.search.searchCount", "0"); user_pref("CT3244149.searchInNewTabEnabledInHidden", "true"); user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3244149\"}"); user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://WhiteSmokeUSNew.OurToolbar.com//xpi\"}"); user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke US New\"}"); user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3244149.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353967291293"); user_pref("CT3244149.serviceLayer_services_appsMetadata_lastUpdate", "1353967291116"); user_pref("CT3244149.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353967292405"); user_pref("CT3244149.serviceLayer_services_login_10.13.40.15_lastUpdate", "1354245458202"); user_pref("CT3244149.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353967292362"); user_pref("CT3244149.serviceLayer_services_searchAPI_lastUpdate", "1353967288130"); user_pref("CT3244149.serviceLayer_services_serviceMap_lastUpdate", "1354245457791"); user_pref("CT3244149.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353967292450"); user_pref("CT3244149.serviceLayer_services_toolbarSettings_lastUpdate", "1354245457827"); user_pref("CT3244149.serviceLayer_services_translation_lastUpdate", "1354245457903"); user_pref("CT3244149.serviceLayer_services_userApps_lastUpdate", "1353967295540"); user_pref("CT3244149.settingsINI", true); user_pref("CT3244149.shouldFirstTimeDialog", "false"); user_pref("CT3244149.smartbar.CTID", "CT3244149"); user_pref("CT3244149.smartbar.Uninstall", "0"); user_pref("CT3244149.smartbar.homepage", true); user_pref("CT3244149.smartbar.isHidden", true); user_pref("CT3244149.smartbar.toolbarName", "WhiteSmoke US New "); user_pref("CT3244149.startPage", "userChanged"); user_pref("CT3244149.toolbarBornServerTime", "27-11-2012"); user_pref("CT3244149.toolbarCurrentServerTime", "30-11-2012"); user_pref("CT3244149.toolbarDisabled", "true"); user_pref("CT3244149_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1354245334276,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3244149&SearchSource=13&CUI=SB_CUI"); user_pref("Smartbar.ConduitSearchEngineList", ""); user_pref("Smartbar.ConduitSearchUrlList", ""); user_pref("Smartbar.keywordURLSelectedCTID", "CT3244149"); user_pref("aol_toolbar.default.homepage.check", false); user_pref("aol_toolbar.default.search.check", false); user_pref("browser.search.selectedEngine", "WhiteSmoke US New Customized Web Search"); user_pref("extensions.50b3e6d334792.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe user_pref("extensions.BabylonToolbar.prtkDS", 0); user_pref("extensions.BabylonToolbar.prtkHmpg", 0); user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics"); user_pref("extentions.y2layers.installId", "29a92b03-ec2d-4a1f-b430-fd485c7c9f8b"); user_pref("extentions.y2layers.lastDnsTest", 371896); user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q="); user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3244149&SearchSource=13&CUI=SB_CUI"); user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q="); user_pref("smartbar.originalHomepage", "netflix.com"); user_pref("smartbar.originalSearchAddressUrl", ""); user_pref("smartbar.originalSearchEngine", false); user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); user_pref("sweetim.toolbar.previous.keyword.URL", ""); user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); user_pref("sweetim.toolbar.searchguard.enable", ""); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 12/02/2012 at 16:21:59.66 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > # AdwCleaner v2.011 - Logfile created 12/02/2012 at 16:24:03 # Updated 02/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Entregan - LOS-ENTERPRISES # Boot Mode : Normal # Running from : C:\Users\Entregan\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Public\Desktop\eBay.lnk Folder Deleted : C:\ProgramData\Partner ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Mozilla Firefox v12.0 (en-US) Profile name : default File : C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\prefs.js Deleted : user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...] Deleted : user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Deleted : user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"cross[...] Deleted : user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...] Deleted : user_pref("CT3244149.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Deleted : user_pref("CT3244149.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...] Deleted : user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT3244149_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] ************************* AdwCleaner[s2].txt - [4871 octets] - [02/12/2012 16:24:03] ########## EOF - C:\AdwCleaner[s2].txt - [4931 octets] ##########
  5. Process has been completed. So far things are looking good! < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Mozilla Firefox v12.0 (en-US) Profile name : default File : C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\prefs.js Deleted : user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...] Deleted : user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Deleted : user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"cross[...] Deleted : user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...] Deleted : user_pref("CT3244149.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Deleted : user_pref("CT3244149.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...] Deleted : user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT3244149_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] ************************* AdwCleaner[s2].txt - [4871 octets] - [02/12/2012 16:24:03] ########## EOF - C:\AdwCleaner[s2].txt - [4931 octets] ########## <- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 6441787392, free: 2579046400 ------------ Kernel report ------------ 12/02/2012 15:25:01 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\DRIVERS\nvstor64.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\nvmf6264.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\bcmwlhigh664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_nvstor64.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Windows\system32\Drivers\PROCEXP113.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8007c34790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000077\ Lower Device Object: 0xfffffa8007c29610 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8007c1a790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000074\ Lower Device Object: 0xfffffa8007bdf660 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8007ac6790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000073\ Lower Device Object: 0xfffffa8007bbf060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8007ac5060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000072\ Lower Device Object: 0xfffffa8007bdfb60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8007c19790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xfffffa8007bd1450 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8007c1b790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xfffffa8007bbc380 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800642e410 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000060\ Lower Device Object: 0xfffffa800609e060 Lower Device Driver Name: \00000519\ Driver name found: nvstor64 DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.12.02.03 Downloaded database version: v2012.11.30.01 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 4 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800642e410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800642f040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800642e410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800550fa80, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800609e060, DeviceName: \Device\00000060\, DriverName: \00000519\ ------------ End ---------- Upper DeviceData: 0xfffff8a0100bda60, 0xfffffa800642e410, 0xfffffa80099721e0 Lower DeviceData: 0xfffff8a01018e420, 0xfffffa800609e060, 0xfffffa8008b4a8e0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... MBR is forged! Inspecting partition table: MBR Signature: 55AA Disk Signature: 470BF6B0 Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 6 Numsec = 0 Partition file system is UNKNOWN Partition is not bootable Infected: VBR on Active partition --> [Rootkit.Pihar.c.MBR] Changing partition to empty and not active. New active partition is 1 on drive 0 ... Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 27262976 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 27265024 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 27469824 Numsec = 1437675520 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 MBR infection found on drive 0 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-5-1465129168-1465149168)... Sector 1465148926 --> [Forged physical sector] Sector 1465148927 --> [Forged physical sector] Sector 1465148928 --> [Forged physical sector] Sector 1465148929 --> [Forged physical sector] Sector 1465148930 --> [Forged physical sector] Sector 1465148931 --> [Forged physical sector] Sector 1465148932 --> [Forged physical sector] Sector 1465148933 --> [Forged physical sector] Sector 1465148934 --> [Forged physical sector] Sector 1465148935 --> [Forged physical sector] Sector 1465148936 --> [Forged physical sector] Sector 1465148937 --> [Forged physical sector] Sector 1465148938 --> [Forged physical sector] Sector 1465148939 --> [Forged physical sector] Sector 1465148940 --> [Forged physical sector] Sector 1465148941 --> [Forged physical sector] Sector 1465148942 --> [Forged physical sector] Sector 1465148943 --> [Forged physical sector] Sector 1465148944 --> [Forged physical sector] Sector 1465148945 --> [Forged physical sector] Sector 1465148946 --> [Forged physical sector] Sector 1465148947 --> [Forged physical sector] Sector 1465148948 --> [Forged physical sector] Sector 1465148949 --> [Forged physical sector] Sector 1465148950 --> [Forged physical sector] Sector 1465148951 --> [Forged physical sector] Sector 1465148952 --> [Forged physical sector] Sector 1465148953 --> [Forged physical sector] Sector 1465148954 --> [Forged physical sector] Sector 1465148955 --> [Forged physical sector] Sector 1465148956 --> [Forged physical sector] Sector 1465148957 --> [Forged physical sector] Sector 1465148958 --> [Forged physical sector] Sector 1465148959 --> [Forged physical sector] Sector 1465148960 --> [Forged physical sector] Sector 1465148961 --> [Forged physical sector] Sector 1465148962 --> [Forged physical sector] Sector 1465148963 --> [Forged physical sector] Sector 1465148964 --> [Forged physical sector] Sector 1465148965 --> [Forged physical sector] Sector 1465148966 --> [Forged physical sector] Sector 1465148967 --> [Forged physical sector] Sector 1465148968 --> [Forged physical sector] Sector 1465148969 --> [Forged physical sector] Sector 1465148970 --> [Forged physical sector] Sector 1465148971 --> [Forged physical sector] Sector 1465148972 --> [Forged physical sector] Sector 1465148973 --> [Forged physical sector] Sector 1465148974 --> [Forged physical sector] Sector 1465148975 --> [Forged physical sector] Sector 1465148976 --> [Forged physical sector] Sector 1465148977 --> [Forged physical sector] Sector 1465148978 --> [Forged physical sector] Sector 1465148979 --> [Forged physical sector] Sector 1465148980 --> [Forged physical sector] Sector 1465148981 --> [Forged physical sector] Sector 1465148982 --> [Forged physical sector] Sector 1465148983 --> [Forged physical sector] Sector 1465148984 --> [Forged physical sector] Sector 1465148985 --> [Forged physical sector] Sector 1465148986 --> [Forged physical sector] Sector 1465148987 --> [Forged physical sector] Sector 1465148988 --> [Forged physical sector] Sector 1465148989 --> [Forged physical sector] Sector 1465148990 --> [Forged physical sector] Sector 1465148991 --> [Forged physical sector] Sector 1465148992 --> [Forged physical sector] Sector 1465148993 --> [Forged physical sector] Sector 1465148994 --> [Forged physical sector] Sector 1465148995 --> [Forged physical sector] Sector 1465148996 --> [Forged physical sector] Sector 1465148997 --> [Forged physical sector] Sector 1465148998 --> [Forged physical sector] Sector 1465148999 --> [Forged physical sector] Sector 1465149000 --> [Forged physical sector] Sector 1465149001 --> [Forged physical sector] Sector 1465149002 --> [Forged physical sector] Sector 1465149003 --> [Forged physical sector] Sector 1465149004 --> [Forged physical sector] Sector 1465149005 --> [Forged physical sector] Sector 1465149006 --> [Forged physical sector] Sector 1465149007 --> [Forged physical sector] Sector 1465149008 --> [Forged physical sector] Sector 1465149009 --> [Forged physical sector] Sector 1465149010 --> [Forged physical sector] Sector 1465149011 --> [Forged physical sector] Sector 1465149012 --> [Forged physical sector] Sector 1465149013 --> [Forged physical sector] Sector 1465149014 --> [Forged physical sector] Sector 1465149015 --> [Forged physical sector] Sector 1465149016 --> [Forged physical sector] Sector 1465149017 --> [Forged physical sector] Sector 1465149018 --> [Forged physical sector] Sector 1465149019 --> [Forged physical sector] Sector 1465149020 --> [Forged physical sector] Sector 1465149021 --> [Forged physical sector] Sector 1465149022 --> [Forged physical sector] Sector 1465149023 --> [Forged physical sector] Sector 1465149024 --> [Forged physical sector] Sector 1465149025 --> [Forged physical sector] Sector 1465149026 --> [Forged physical sector] Sector 1465149027 --> [Forged physical sector] Sector 1465149028 --> [Forged physical sector] Sector 1465149029 --> [Forged physical sector] Sector 1465149030 --> [Forged physical sector] Sector 1465149031 --> [Forged physical sector] Sector 1465149032 --> [Forged physical sector] Sector 1465149033 --> [Forged physical sector] Sector 1465149034 --> [Forged physical sector] Sector 1465149035 --> [Forged physical sector] Sector 1465149036 --> [Forged physical sector] Sector 1465149037 --> [Forged physical sector] Sector 1465149038 --> [Forged physical sector] Sector 1465149039 --> [Forged physical sector] Sector 1465149040 --> [Forged physical sector] Sector 1465149041 --> [Forged physical sector] Sector 1465149042 --> [Forged physical sector] Sector 1465149043 --> [Forged physical sector] Sector 1465149044 --> [Forged physical sector] Sector 1465149045 --> [Forged physical sector] Sector 1465149046 --> [Forged physical sector] Sector 1465149047 --> [Forged physical sector] Sector 1465149048 --> [Forged physical sector] Sector 1465149049 --> [Forged physical sector] Sector 1465149050 --> [Forged physical sector] Sector 1465149051 --> [Forged physical sector] Sector 1465149052 --> [Forged physical sector] Sector 1465149053 --> [Forged physical sector] Sector 1465149054 --> [Forged physical sector] Sector 1465149055 --> [Forged physical sector] Sector 1465149056 --> [Forged physical sector] Sector 1465149057 --> [Forged physical sector] Sector 1465149058 --> [Forged physical sector] Sector 1465149059 --> [Forged physical sector] Sector 1465149060 --> [Forged physical sector] Sector 1465149061 --> [Forged physical sector] Sector 1465149062 --> [Forged physical sector] Sector 1465149063 --> [Forged physical sector] Sector 1465149064 --> [Forged physical sector] Sector 1465149065 --> [Forged physical sector] Sector 1465149066 --> [Forged physical sector] Sector 1465149067 --> [Forged physical sector] Sector 1465149068 --> [Forged physical sector] Sector 1465149069 --> [Forged physical sector] Sector 1465149070 --> [Forged physical sector] Sector 1465149071 --> [Forged physical sector] Sector 1465149072 --> [Forged physical sector] Sector 1465149073 --> [Forged physical sector] Sector 1465149074 --> [Forged physical sector] Sector 1465149075 --> [Forged physical sector] Sector 1465149076 --> [Forged physical sector] Sector 1465149077 --> [Forged physical sector] Sector 1465149078 --> [Forged physical sector] Sector 1465149079 --> [Forged physical sector] Sector 1465149080 --> [Forged physical sector] Sector 1465149081 --> [Forged physical sector] Sector 1465149082 --> [Forged physical sector] Sector 1465149083 --> [Forged physical sector] Sector 1465149084 --> [Forged physical sector] Sector 1465149085 --> [Forged physical sector] Sector 1465149086 --> [Forged physical sector] Sector 1465149087 --> [Forged physical sector] Sector 1465149088 --> [Forged physical sector] Sector 1465149089 --> [Forged physical sector] Sector 1465149090 --> [Forged physical sector] Sector 1465149091 --> [Forged physical sector] Sector 1465149092 --> [Forged physical sector] Sector 1465149093 --> [Forged physical sector] Sector 1465149094 --> [Forged physical sector] Sector 1465149095 --> [Forged physical sector] Sector 1465149096 --> [Forged physical sector] Sector 1465149097 --> [Forged physical sector] Sector 1465149098 --> [Forged physical sector] Sector 1465149099 --> [Forged physical sector] Sector 1465149100 --> [Forged physical sector] Sector 1465149101 --> [Forged physical sector] Sector 1465149102 --> [Forged physical sector] Sector 1465149103 --> [Forged physical sector] Sector 1465149104 --> [Forged physical sector] Sector 1465149105 --> [Forged physical sector] Sector 1465149106 --> [Forged physical sector] Sector 1465149107 --> [Forged physical sector] Sector 1465149108 --> [Forged physical sector] Sector 1465149109 --> [Forged physical sector] Sector 1465149110 --> [Forged physical sector] Sector 1465149111 --> [Forged physical sector] Sector 1465149112 --> [Forged physical sector] Sector 1465149113 --> [Forged physical sector] Sector 1465149114 --> [Forged physical sector] Sector 1465149115 --> [Forged physical sector] Sector 1465149116 --> [Forged physical sector] Sector 1465149117 --> [Forged physical sector] Sector 1465149118 --> [Forged physical sector] Sector 1465149119 --> [Forged physical sector] Sector 1465149120 --> [Forged physical sector] Sector 1465149121 --> [Forged physical sector] Sector 1465149122 --> [Forged physical sector] Sector 1465149123 --> [Forged physical sector] Sector 1465149124 --> [Forged physical sector] Sector 1465149125 --> [Forged physical sector] Sector 1465149126 --> [Forged physical sector] Sector 1465149127 --> [Forged physical sector] Sector 1465149128 --> [Forged physical sector] Sector 1465149129 --> [Forged physical sector] Sector 1465149130 --> [Forged physical sector] Sector 1465149131 --> [Forged physical sector] Sector 1465149132 --> [Forged physical sector] Sector 1465149133 --> [Forged physical sector] Sector 1465149134 --> [Forged physical sector] Sector 1465149135 --> [Forged physical sector] Sector 1465149136 --> [Forged physical sector] Sector 1465149137 --> [Forged physical sector] Sector 1465149138 --> [Forged physical sector] Sector 1465149139 --> [Forged physical sector] Sector 1465149140 --> [Forged physical sector] Sector 1465149141 --> [Forged physical sector] Sector 1465149142 --> [Forged physical sector] Sector 1465149143 --> [Forged physical sector] Sector 1465149144 --> [Forged physical sector] Sector 1465149145 --> [Forged physical sector] Sector 1465149146 --> [Forged physical sector] Sector 1465149147 --> [Forged physical sector] Sector 1465149148 --> [Forged physical sector] Sector 1465149149 --> [Forged physical sector] Sector 1465149150 --> [Forged physical sector] Sector 1465149151 --> [Forged physical sector] Sector 1465149152 --> [Forged physical sector] Sector 1465149153 --> [Forged physical sector] Sector 1465149154 --> [Forged physical sector] Sector 1465149155 --> [Forged physical sector] Sector 1465149156 --> [Forged physical sector] Sector 1465149157 --> [Forged physical sector] Sector 1465149158 --> [Forged physical sector] Sector 1465149159 --> [Forged physical sector] Sector 1465149160 --> [Forged physical sector] Sector 1465149161 --> [Forged physical sector] Sector 1465149162 --> [Forged physical sector] Sector 1465149163 --> [Forged physical sector] Sector 1465149164 --> [Forged physical sector] Sector 1465149165 --> [Forged physical sector] Sector 1465149166 --> [Forged physical sector] Sector 1465149167 --> [Forged physical sector] Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8007c1b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007c19040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007c1b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007bbc380, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8007c19790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006b8a3a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007c19790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007bd1450, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8007ac5060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007c1b040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007ac5060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007bdfb60, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8007ac6790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007c1a040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007ac6790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007bbf060, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8007c1a790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007ac5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007c1a790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007bdf660, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 6, DevicePointer: 0xfffffa8007c34790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007b2b580, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007c34790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007c29610, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0xfffff8a01113da80, 0xfffffa8007c34790, 0xfffffa80097800e0 Lower DeviceData: 0xfffff8a011850ac0, 0xfffffa8007c29610, 0xfffffa80095589d0 Drive 6 Scanning MBR on drive 6... Inspecting partition table: MBR Signature: 55AA Disk Signature: 18CC46C1 Partition information: Partition 0 type is Other (0xc) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 7856064 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4022337024 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Infected: C:\Users\Entregan\Desktop\installer_winrar.exe --> [PUP.BundleInstaller.PHP] Infected: C:\Users\Entregan\Downloads\FastDownload.exe --> [Affiliate.Downloader] Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from AhaShare.com.txt" is sparse (flags = 32768) Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from Demonoid.me.txt" is sparse (flags = 32768) Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from elite-pirates.com.txt" is sparse (flags = 32768) Infected: C:\Windows\svchost.exe --> [Trojan.Agent] Infected: C:\Windows\svchost.exe --> [Trojan.Agent] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 4 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occured ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 6441787392, free: 5390708736 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 6441787392, free: 4913487872 ------------ Kernel report ------------ 12/02/2012 15:49:18 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\DRIVERS\nvstor64.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\nvmf6264.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\bcmwlhigh664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_nvstor64.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8007911060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000076\ Lower Device Object: 0xfffffa8007916490 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8006c09060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000073\ Lower Device Object: 0xfffffa8006bf6990 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8006c03060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000072\ Lower Device Object: 0xfffffa8006bf7060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8006c02060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xfffffa8006bf6060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8006c01060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xfffffa8006bf3710 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR
  6. Upon continuing my efforts the program appears to have completed. <- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > ComboFix 12-12-01.02 - Entregan 12/02/2012 10:40:26.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4955 [GMT -6:00] Running from: c:\users\Entregan\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Autorun.inf c:\program files (x86)\smartdl c:\program files (x86)\smartdl\dler.exe c:\program files (x86)\smartdl\gunzip.exe c:\program files (x86)\smartdl\header.bmp c:\program files (x86)\smartdl\header2.bmp c:\program files (x86)\smartdl\header3.bmp c:\program files (x86)\smartdl\next.bmp c:\program files (x86)\smartdl\skip.bmp c:\program files (x86)\smartdl\status-o C:\torrent.exe c:\users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36} c:\users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}\@ c:\users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}\n c:\users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll c:\users\Entregan\AppData\Roaming\MicroST c:\users\Entregan\Desktop\Setup.exe c:\windows\Installer\{f4d6444e-f1ad-a31d-d6dd-392bece63f36} c:\windows\svchost.exe c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 ))))))))))))))))))))))))))))))) . . 2012-12-01 07:41 . 2010-04-29 21:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2012-12-01 07:41 . 2010-04-29 21:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-01 01:01 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C799154-D873-460D-B987-398221FAE0A1}\mpengine.dll 2012-11-30 15:25 . 2012-11-30 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-28 18:20 . 2012-11-28 18:21 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcD2D3.tmp 2012-11-28 18:18 . 2012-12-02 16:14 -------- d-----w- c:\users\Entregan\Tracing 2012-11-26 22:01 . 2012-11-26 22:01 -------- d-----w- c:\programdata\Premium 2012-11-26 22:01 . 2012-11-26 22:01 -------- d-----w- c:\program files (x86)\wxDownload Fast 2012-11-26 22:00 . 2012-11-26 22:00 -------- d-----w- c:\program files (x86)\WxDownload 2012-11-26 22:00 . 2012-11-26 22:01 -------- d-----w- c:\programdata\wxDownload 2012-11-26 21:59 . 2012-11-26 22:01 -------- d-----w- c:\programdata\InstallMate 2012-11-21 21:55 . 2012-11-21 21:55 -------- d-----w- C:\gOYNuoGr9r1xSBK 2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files\Microsoft Silverlight 2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-11-16 09:13 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 09:13 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 09:13 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 09:13 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 09:04 . 2012-10-08 11:26 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-11-16 09:04 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-16 09:04 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-16 09:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 09:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 09:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 09:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 09:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 09:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 09:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-16 09:01 . 2011-12-07 23:51 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-16 08:38 . 2012-11-28 13:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 13:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 13:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-08 20:57 . 2012-09-01 20:22 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 20:57 . 2011-12-13 21:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-14 19:19 . 2012-10-09 20:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-09 20:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-14 04:45 . 2012-09-14 04:45 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-14 04:45 . 2012-09-14 04:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-14 04:45 . 2012-02-20 06:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{058F3854-AE44-8D10-5FBA-9FA9BD92DB29}] 2012-11-26 22:02 129024 ----a-w- c:\programdata\wxDownload\50b3e6f662612.ocx . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2012-03-27 00:40 792864 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976] "Spotify"="c:\users\Entregan\AppData\Roaming\Spotify\Spotify.exe" [2012-11-12 7880664] "Spotify Web Helper"="c:\users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-12 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103904] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216] . c:\users\Entregan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-10-25 0] Dropbox.lnk - c:\users\Entregan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\WxDownload\sprotector.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-12-12 1038304] R3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-12-12 1030112] R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-12-07 716800] R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-12-12 163440] R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-12-12 191104] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736] R3 X6va006;X6va006;c:\users\Entregan\AppData\Local\Temp\00644A2.tmp [x] R3 X6va008;X6va008;c:\users\Entregan\AppData\Local\Temp\008F928.tmp [x] R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-20 279616] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793056] S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464] . . Contents of the 'Scheduled Tasks' folder . 2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 20:57] . 2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58] . 2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58] . 2012-12-02 c:\windows\Tasks\PTSchedule.job - c:\program files (x86)\PC Tools\PC Tools Utilities\pt.exe [2012-03-31 17:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088] . ------- Supplementary Scan ------- . uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US New Customized Web Search FF - prefs.js: browser.startup.homepage - netflix.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q= FF - prefs.js: network.proxy.type - 4 FF - ExtSQL: 2012-11-26 16:01; 50b3e6d3346e5@50b3e6d33471e.com; c:\users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\extensions\50b3e6d3346e5@50b3e6d33471e.com FF - ExtSQL: !HIDDEN! 2012-03-31 02:19; fbphotozoom@installdaddy.com; c:\program files (x86)\fbphotozoom\fbphotozoom15.xpi FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 29a92b03-ec2d-4a1f-b430-fd485c7c9f8b FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics FF - user.js: extensions.autoDisableScopes - 14 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Google - c:\users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll Wow6432Node-HKU-Default-Run-Google - c:\users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006] "ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\00644A2.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008] "ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\008F928.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va010] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d, 36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61, f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:70,7b,e5,0b,15,c6,cd,01 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Mozilla Firefox\firefox.exe c:\\.\globalroot\systemroot\svchost.exe c:\program files (x86)\Mozilla Firefox\plugin-container.exe c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe . ************************************************************************** . Completion time: 2012-12-02 11:51:22 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-02 17:51 . Pre-Run: 521,692,004,352 bytes free Post-Run: 521,152,172,032 bytes free . - - End Of File - - C858D554C0005564E7D41323F67ECB91
  7. In running that program, I managed to get the BSOD. A first, I might add. It got to about stage 50 roughly.
  8. I've tried your suggested flash drive based repair. When I'm to select the drive to repair, there are no options to select. It says to select the driver for the drive I want to repair. Please advise.
  9. I've recently come across a bit of malware that I can't seem to get rid of. Normally, I don't have problems removing anything I get. On the rare ocassion something like that does happen, I defer to Malwarebytes, and my problems are often alieviated. This time, unfortunately, I can't seem to get rid of whatever is causing this one. I have a series of activities I normally do, which don't really tax my computer that much. I play games and watch movies. That's about it. For the most part I don't even surf the web. However, this little beauty of a trojan bogs down everything to the point of making even the simplest of tasks take forever. The only way I can keep my computer running remotely efficiently, is to open my task manager and kill the process. The problem being that it immediately restarts as it is an svchost file. I have run malwarebytes several times now, and when i reboot to complete the removal it is always there. < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2 Run by Entregan at 7:46:15 on 2012-12-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3771 [GMT -6:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe C:\Users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Entregan\Downloads\OTL.com C:\Program Files (x86)\Skype\Phone\Skype.exe \\.\globalroot\systemroot\svchost.exe -netsvcs C:\Windows\system32\StikyNot.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: wxDownload Class: {058F3854-AE44-8D10-5FBA-9FA9BD92DB29} - C:\ProgramData\wxDownload\50b3e6f662612.ocx BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun uRun: [spotify] "C:\Users\Entregan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [spotify Web Helper] "C:\Users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [Google] rundll32.exe "C:\Users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll",RunServiceW uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun dRun: [Google] rundll32.exe "C:\Users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll",RunServiceW StartupFolder: C:\Users\Entregan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip StartupFolder: C:\Users\Entregan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Entregan\AppData\Roaming\Dropbox\bin\Dropbox.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{0C94C160-F292-43EB-B06D-8CC60005FCDF} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{9574A2CC-F6A5-49A3-8133-577BFD244B0A} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{9574A2CC-F6A5-49A3-8133-577BFD244B0A}\C696E6B6379737F5F475F51383634313 : DHCPNameServer = 192.168.15.1 TCP: Interfaces\{9A47D100-A2B0-4FA4-9612-792695A486CF} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{A9C84BEA-4A40-4E15-9A0B-EF9ECA8C2CA5} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{E7D0B127-D204-4484-9FC7-514E8EFA0784}\2656C6B696E6E233736343 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{E7D0B127-D204-4484-9FC7-514E8EFA0784}\441627B60225166756E6723702C496768647 : DHCPNameServer = 192.168.2.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll AppInit_DLLs= c:\progra~2\wxdownload\sprotector.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 x64-mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244 x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US New Customized Web Search FF - prefs.js: browser.startup.homepage - netflix.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q= FF - prefs.js: network.proxy.type - 4 FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-11-26 16:01; 50b3e6d3346e5@50b3e6d33471e.com; C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\extensions\50b3e6d3346e5@50b3e6d33471e.com FF - ExtSQL: !HIDDEN! 2012-03-31 02:19; fbphotozoom@installdaddy.com; C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 29a92b03-ec2d-4a1f-b430-fd485c7c9f8b FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics . FF - user.js: extensions.autoDisableScopes - 14 . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-20 279616] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-10 239616] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984] R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-3-31 793056] R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-24 240160] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-4-6 46136] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-10-10 96896] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2012-3-31 1038304] S3 DMRepairService;PC Tools Performance Toolkit Repair Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2012-3-31 1030112] S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;C:\Windows\System32\drivers\netr7364.sys [2011-12-7 716800] S3 PCTDMDefrag;PCTDMDefrag;C:\Windows\System32\drivers\PCTDMDefrag.sys [2012-3-31 163440] S3 PCTDSMon;PCTDSMon;C:\Windows\System32\drivers\PCTDSMon.sys [2012-3-31 191104] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-8 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-7 1255736] . =============== Created Last 30 ================ . 2012-12-02 12:31:07 20480 ----a-w- C:\Windows\svchost.exe 2012-12-01 07:41:02 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2012-12-01 07:41:00 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-01 01:01:03 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C799154-D873-460D-B987-398221FAE0A1}\mpengine.dll 2012-11-28 18:20:59 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcD2D3.tmp 2012-11-28 18:18:39 -------- d-----w- C:\Users\Entregan\Tracing 2012-11-26 22:01:17 -------- d-----w- C:\ProgramData\Premium 2012-11-26 22:01:15 -------- d-----w- C:\Program Files (x86)\wxDownload Fast 2012-11-26 22:00:39 -------- d-----w- C:\Program Files (x86)\WxDownload 2012-11-26 22:00:33 -------- d-----w- C:\ProgramData\wxDownload 2012-11-26 21:59:09 -------- d-----w- C:\ProgramData\InstallMate 2012-11-21 21:55:05 -------- d-----w- C:\Users\Entregan\AppData\Roaming\MicroST 2012-11-21 21:55:05 -------- d-----w- C:\gOYNuoGr9r1xSBK 2012-11-16 09:13:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-16 09:13:07 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-16 09:13:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-16 09:13:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-16 09:04:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll 2012-11-16 09:01:24 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-16 09:01:24 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-16 09:01:24 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-16 09:01:24 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-16 09:01:24 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-16 09:01:24 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-16 09:01:24 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll . ==================== Find3M ==================== . 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 20:57:23 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-08 20:57:23 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-09-14 04:45:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-14 04:45:15 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-14 04:45:15 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 7:47:01.16 =============== < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 12/6/2011 10:43:15 PM System Uptime: 12/2/2012 6:29:43 AM (1 hours ago) . Motherboard: eMachines | | MCP61PM-GM Processor: AMD Athlon II X2 250u Processor | CPU 1 | 1600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 686 GiB total, 485.9 GiB free. D: is CDROM (UDF) E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable J: is CDROM (CDFS) K: is Removable L: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&36DC3827&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&36DC3827&0 Service: i8042prt . ==== System Restore Points =================== . RP146: 11/30/2012 2:02:06 AM - Removed service pack backup files RP147: 11/30/2012 3:03:18 AM - Created by PC Tools Performance Toolkit . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent 1ClickDownload 1ClickDownloader Acrobat.com Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader 9.1 MUI Advertising Center AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Apple Mobile Device Support Apple Software Update Belkin 54Mbps Wireless Network Adapter Bonjour Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CDisplay 1.8 Compatibility Pack for the 2007 Office system Curse Client DAEMON Tools Lite DC Universe Online Live Diablo III DivX Setup Dropbox Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801 eBay Worldwide eMachines Games eMachines Recovery Management eMachines Registration eMachines ScreenSaver eMachines Updater FastFox Fiesta Free Alarm Clock 2.7.0 GameMaker 8.1 Google Toolbar for Internet Explorer Google Update Helper Grapevine 3.0 Identity Card ImagXpress Jasc Paint Shop Pro 9 Java 7 Update 7 Java Auto Updater Java 6 Update 31 Junk Mail filter update KeyBlaze Typing Tutor LG USB Modem driver Magic Set Editor 2.0.0 Magic The Gathering - Duels of the Planeswalkers 2012 Magic Workstation 0.94f Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works mIRC Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml NVIDIA Display Control Panel NVIDIA Drivers NVIDIA ForceWare Network Access Manager Pando Media Booster PC Tools Performance Toolkit 2.0 PVSonyDll Realtek High Definition Audio Driver Rosetta Stone Version 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Shades of Truth Launcher Skype Click to Call Skype™ 6.0 Spotify StarCraft II Steam Tanarus thriXXX 3DSexVilla2-123.001 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.6195 Ventrilo Client VLC VLC media player 1.1.11 Welcome Center Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer WinRAR 4.10 (64-bit) World of Warcraft WxDownload Expansion wxDownload Fast 0.6.0 XChat 2 (remove only) Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar Yontoo 1.10.02 . ==== Event Viewer Messages From Past Week ======== . 12/2/2012 6:30:10 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 12/2/2012 6:30:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 12/2/2012 6:30:09 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/1/2012 5:08:47 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 12/1/2012 5:08:47 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 12/1/2012 5:02:11 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s). 12/1/2012 1:38:14 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WLAN AutoConfig service, but this action failed with the following error: An instance of the service is already running. 12/1/2012 1:36:14 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s). 12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 11/30/2012 9:31:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 11/30/2012 3:13:07 AM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 11/30/2012 3:12:32 AM, Error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s). 11/30/2012 3:12:14 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 11/30/2012 3:11:55 AM, Error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s). 11/25/2012 5:20:43 PM, Error: Service Control Manager [7034] - The PC Tools Performance Toolkit Defrag Service service terminated unexpectedly. It has done this 2 time(s). 11/25/2012 5:17:49 PM, Error: Service Control Manager [7031] - The PC Tools Performance Toolkit Defrag Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. . ==== End Of File ===========================
  10. . . . bogs down everything to the point of making even the simplest of tasks take forever. The only way I can keep my computer running remotely efficiently, is to open my task manager and kill the process. The problem being that it immediately restarts as it is an svchost file. I have run malwarebytes several times now, and when i reboot to complete the removal it is always there. ( my apologies for the double post. )
  11. I've recently come across a bit of malware that I can't seem to get rid of. Normally, I don't have problems removing anything I get. On the rare ocassion something like that does happen, I defer to Malwarebytes, and my problems are often alieviated. This time, unfortunately, I can't seem to get rid of whatever is causing this one. I have a series of activities I normally do, which don't really tax my computer that much. I play games and watch movies. That's about it. For the most part I don't even surf the web. However, this little beauty of a trojan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.