Entregan
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Entregan
-
-
Alright. Here's the logs from ComboFix. As it stands, I'm still not optimal. However, everything does seem to be in good working order.
< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
ComboFix 12-12-02.01 - Entregan 12/02/2012 22:13:03.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4228 [GMT -6:00]
Running from: c:\users\Entregan\Desktop\ComboFix.exe
Command switches used :: c:\users\Entregan\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\1ClickDownload\uninstall.exe"
"c:\programdata\wxDownload\50b3e6f662612.ocx"
"c:\users\All Users\wxDownload\50b3e6f662612.ocx"
"c:\users\Entregan\AppData\Local\Temp\fhNZ4irv.exe.part"
"c:\users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\36152302-733eefef"
"c:\users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6eba7426-493cb52f"
"c:\users\Entregan\Downloads\boarding_school_babes_teachers_pet.exe"
"c:\users\Entregan\Downloads\cnet2_ComicViewer_exe.exe"
"c:\users\Entregan\Downloads\cnet2_flash_movie_player_exe.exe"
"c:\users\Entregan\Downloads\DTLite4451-0236.exe"
"c:\users\Entregan\Downloads\PC_Tools_Performance_Toolkit__.exe"
"c:\users\Entregan\Downloads\SoftonicDownloader_for_flash-movie-player.exe"
"c:\users\Entregan\Downloads\SoftonicDownloader_for_startup-doctor.exe"
"c:\users\Entregan\Downloads\SoftonicDownloader_for_steam.exe"
"c:\users\Entregan\Downloads\The_Avengers_[2012]_CAM_H264_elite-pirates.exe"
"c:\users\Entregan\Downloads\vlcmediaplayer-setup.exe"
"c:\users\Entregan\Music\Collective_Soul_-_Collective_Soul_[blue]_(1995).exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\1ClickDownload\uninstall.exe
c:\programdata\wxDownload\50b3e6f662612.ocx
c:\users\All Users\wxDownload\50b3e6f662612.ocx
c:\users\Entregan\Downloads\boarding_school_babes_teachers_pet.exe
c:\users\Entregan\Downloads\cnet2_ComicViewer_exe.exe
c:\users\Entregan\Downloads\cnet2_flash_movie_player_exe.exe
c:\users\Entregan\Downloads\DTLite4451-0236.exe
c:\users\Entregan\Downloads\PC_Tools_Performance_Toolkit__.exe
c:\users\Entregan\Downloads\SoftonicDownloader_for_flash-movie-player.exe
c:\users\Entregan\Downloads\SoftonicDownloader_for_startup-doctor.exe
c:\users\Entregan\Downloads\SoftonicDownloader_for_steam.exe
c:\users\Entregan\Downloads\The_Avengers_[2012]_CAM_H264_elite-pirates.exe
c:\users\Entregan\Downloads\vlcmediaplayer-setup.exe
c:\users\Entregan\Music\Collective_Soul_-_Collective_Soul_[blue]_(1995).exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 04:24 . 2012-12-03 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-02 23:20 . 2012-12-02 23:20 -------- d-----w- c:\program files (x86)\ESET
2012-12-02 22:14 . 2012-12-02 22:14 -------- d-----w- c:\windows\ERUNT
2012-12-02 22:14 . 2012-12-02 22:14 -------- d-----w- C:\JRT
2012-12-01 07:41 . 2010-04-29 21:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-12-01 07:41 . 2010-04-29 21:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-01 01:01 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C799154-D873-460D-B987-398221FAE0A1}\mpengine.dll
2012-11-30 15:25 . 2012-11-30 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-28 18:20 . 2012-11-28 18:21 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcD2D3.tmp
2012-11-28 18:18 . 2012-12-02 16:14 -------- d-----w- c:\users\Entregan\Tracing
2012-11-26 22:01 . 2012-11-26 22:01 -------- d-----w- c:\program files (x86)\wxDownload Fast
2012-11-26 22:00 . 2012-11-26 22:00 -------- d-----w- c:\program files (x86)\WxDownload
2012-11-26 22:00 . 2012-12-03 04:23 -------- d-----w- c:\programdata\wxDownload
2012-11-21 21:55 . 2012-11-21 21:55 -------- d-----w- C:\gOYNuoGr9r1xSBK
2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files\Microsoft Silverlight
2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-16 09:13 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 09:13 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 09:13 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 09:13 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 09:04 . 2012-10-08 11:26 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-11-16 09:04 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-16 09:04 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-16 09:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 09:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 09:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 09:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 09:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 09:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 09:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 09:01 . 2011-12-07 23:51 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 13:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 20:57 . 2012-09-01 20:22 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 20:57 . 2011-12-13 21:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 19:19 . 2012-10-09 20:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 20:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-14 04:45 . 2012-09-14 04:45 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 04:45 . 2012-09-14 04:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-14 04:45 . 2012-02-20 06:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976]
"Spotify"="c:\users\Entregan\AppData\Roaming\Spotify\Spotify.exe" [2012-11-12 7880664]
"Spotify Web Helper"="c:\users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-12 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103904]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\users\Entregan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-10-25 0]
Dropbox.lnk - c:\users\Entregan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-12-12 1038304]
R3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-12-12 1030112]
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-12-07 716800]
R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-12-12 163440]
R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-12-12 191104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]
R3 X6va006;X6va006;c:\users\Entregan\AppData\Local\Temp\00644A2.tmp [x]
R3 X6va008;X6va008;c:\users\Entregan\AppData\Local\Temp\008F928.tmp [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-20 279616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793056]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 45201805
*Deregistered* - 45201805
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 20:57]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58]
.
2012-12-02 c:\windows\Tasks\PTSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Utilities\pt.exe [2012-03-31 17:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - netflix.com
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2012-03-31 02:19; fbphotozoom@installdaddy.com; c:\program files (x86)\fbphotozoom\fbphotozoom15.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{058F3854-AE44-8D10-5FBA-9FA9BD92DB29} - c:\programdata\wxDownload\50b3e6f662612.ocx
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\00644A2.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\008F928.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,7b,e5,0b,15,c6,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-02 22:26:43
ComboFix-quarantined-files.txt 2012-12-03 04:26
ComboFix2.txt 2012-12-02 17:51
.
Pre-Run: 520,530,472,960 bytes free
Post-Run: 520,485,888,000 bytes free
.
- - End Of File - - FD818AAAFF845AD05A994543D1D8BE95
-
17:16:26.0790 2888 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:16:27.0850 2888 ============================================================
17:16:27.0850 2888 Current date / time: 2012/12/02 17:16:27.0850
17:16:27.0850 2888 SystemInfo:
17:16:27.0850 2888
17:16:27.0850 2888 OS Version: 6.1.7601 ServicePack: 1.0
17:16:27.0850 2888 Product type: Workstation
17:16:27.0850 2888 ComputerName: LOS-ENTERPRISES
17:16:27.0850 2888 UserName: Entregan
17:16:27.0850 2888 Windows directory: C:\Windows
17:16:27.0850 2888 System windows directory: C:\Windows
17:16:27.0850 2888 Running under WOW64
17:16:27.0850 2888 Processor architecture: Intel x64
17:16:27.0850 2888 Number of processors: 2
17:16:27.0850 2888 Page size: 0x1000
17:16:27.0850 2888 Boot type: Normal boot
17:16:27.0850 2888 ============================================================
17:16:28.0989 2888 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:16:29.0020 2888 Drive \Device\Harddisk6\DR6 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:16:29.0020 2888 ============================================================
17:16:29.0020 2888 \Device\Harddisk0\DR0:
17:16:29.0020 2888 MBR partitions:
17:16:29.0020 2888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
17:16:29.0020 2888 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x55B13000
17:16:29.0020 2888 \Device\Harddisk6\DR6:
17:16:29.0020 2888 MBR partitions:
17:16:29.0020 2888 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x77DFC0
17:16:29.0020 2888 ============================================================
17:16:29.0036 2888 C: <-> \Device\Harddisk0\DR0\Partition2
17:16:29.0036 2888 ============================================================
17:16:29.0036 2888 Initialize success
17:16:29.0036 2888 ============================================================
17:17:35.0687 1924 ============================================================
17:17:35.0687 1924 Scan started
17:17:35.0687 1924 Mode: Manual; TDLFS;
17:17:35.0687 1924 ============================================================
17:17:35.0843 1924 ================ Scan system memory ========================
17:17:35.0843 1924 System memory - ok
17:17:35.0843 1924 ================ Scan services =============================
17:17:35.0999 1924 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:17:35.0999 1924 1394ohci - ok
17:17:36.0030 1924 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:17:36.0030 1924 ACPI - ok
17:17:36.0046 1924 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:17:36.0046 1924 AcpiPmi - ok
17:17:36.0155 1924 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:17:36.0155 1924 AdobeFlashPlayerUpdateSvc - ok
17:17:36.0202 1924 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:17:36.0202 1924 adp94xx - ok
17:17:36.0233 1924 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:17:36.0233 1924 adpahci - ok
17:17:36.0249 1924 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:17:36.0249 1924 adpu320 - ok
17:17:36.0280 1924 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:17:36.0280 1924 AeLookupSvc - ok
17:17:36.0296 1924 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:17:36.0311 1924 AFD - ok
17:17:36.0311 1924 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:17:36.0311 1924 agp440 - ok
17:17:36.0342 1924 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:17:36.0342 1924 ALG - ok
17:17:36.0342 1924 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:17:36.0358 1924 aliide - ok
17:17:36.0405 1924 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:17:36.0405 1924 AMD External Events Utility - ok
17:17:36.0467 1924 AMD FUEL Service - ok
17:17:36.0467 1924 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:17:36.0467 1924 amdide - ok
17:17:36.0498 1924 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
17:17:36.0498 1924 amdiox64 - ok
17:17:36.0514 1924 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:17:36.0514 1924 AmdK8 - ok
17:17:36.0732 1924 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:17:36.0920 1924 amdkmdag - ok
17:17:36.0951 1924 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:17:36.0966 1924 amdkmdap - ok
17:17:36.0966 1924 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:17:36.0966 1924 AmdPPM - ok
17:17:36.0982 1924 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:17:36.0982 1924 amdsata - ok
17:17:36.0998 1924 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:17:37.0013 1924 amdsbs - ok
17:17:37.0013 1924 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:17:37.0013 1924 amdxata - ok
17:17:37.0060 1924 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:17:37.0060 1924 AODDriver4.1 - ok
17:17:37.0076 1924 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:17:37.0076 1924 AppID - ok
17:17:37.0107 1924 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:17:37.0107 1924 AppIDSvc - ok
17:17:37.0138 1924 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:17:37.0138 1924 Appinfo - ok
17:17:37.0216 1924 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:17:37.0216 1924 Apple Mobile Device - ok
17:17:37.0247 1924 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:17:37.0247 1924 arc - ok
17:17:37.0263 1924 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:17:37.0263 1924 arcsas - ok
17:17:37.0310 1924 aspnet_state - ok
17:17:37.0341 1924 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:17:37.0341 1924 AsyncMac - ok
17:17:37.0341 1924 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:17:37.0341 1924 atapi - ok
17:17:37.0388 1924 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:17:37.0388 1924 AtiHDAudioService - ok
17:17:37.0419 1924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:17:37.0434 1924 AudioEndpointBuilder - ok
17:17:37.0450 1924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:17:37.0450 1924 AudioSrv - ok
17:17:37.0497 1924 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:17:37.0497 1924 AxInstSV - ok
17:17:37.0528 1924 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:17:37.0544 1924 b06bdrv - ok
17:17:37.0559 1924 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:17:37.0559 1924 b57nd60a - ok
17:17:37.0637 1924 [ 6FA3557EA5FA09BA705298CC6B0E9F5A ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
17:17:37.0637 1924 BCMH43XX - ok
17:17:37.0668 1924 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:17:37.0668 1924 BDESVC - ok
17:17:37.0684 1924 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:17:37.0684 1924 Beep - ok
17:17:37.0793 1924 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:17:37.0824 1924 BFE - ok
17:17:37.0934 1924 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:17:37.0965 1924 BITS - ok
17:17:37.0980 1924 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:17:37.0996 1924 blbdrive - ok
17:17:38.0043 1924 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:17:38.0043 1924 Bonjour Service - ok
17:17:38.0074 1924 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:17:38.0074 1924 bowser - ok
17:17:38.0090 1924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:17:38.0105 1924 BrFiltLo - ok
17:17:38.0121 1924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:17:38.0121 1924 BrFiltUp - ok
17:17:38.0136 1924 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:17:38.0136 1924 BridgeMP - ok
17:17:38.0152 1924 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:17:38.0168 1924 Browser - ok
17:17:38.0183 1924 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:17:38.0183 1924 Brserid - ok
17:17:38.0199 1924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:17:38.0199 1924 BrSerWdm - ok
17:17:38.0214 1924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:17:38.0214 1924 BrUsbMdm - ok
17:17:38.0214 1924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:17:38.0214 1924 BrUsbSer - ok
17:17:38.0230 1924 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:17:38.0246 1924 BTHMODEM - ok
17:17:38.0261 1924 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:17:38.0261 1924 bthserv - ok
17:17:38.0292 1924 catchme - ok
17:17:38.0308 1924 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:17:38.0308 1924 cdfs - ok
17:17:38.0355 1924 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:17:38.0355 1924 cdrom - ok
17:17:38.0370 1924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:17:38.0370 1924 CertPropSvc - ok
17:17:38.0386 1924 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:17:38.0386 1924 circlass - ok
17:17:38.0417 1924 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:17:38.0417 1924 CLFS - ok
17:17:38.0433 1924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:17:38.0448 1924 clr_optimization_v2.0.50727_32 - ok
17:17:38.0495 1924 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:17:38.0495 1924 clr_optimization_v2.0.50727_64 - ok
17:17:38.0542 1924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:17:38.0542 1924 clr_optimization_v4.0.30319_32 - ok
17:17:38.0573 1924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:17:38.0573 1924 clr_optimization_v4.0.30319_64 - ok
17:17:38.0589 1924 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:17:38.0604 1924 CmBatt - ok
17:17:38.0636 1924 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:17:38.0636 1924 cmdide - ok
17:17:38.0667 1924 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:17:38.0667 1924 CNG - ok
17:17:38.0682 1924 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:17:38.0682 1924 Compbatt - ok
17:17:38.0714 1924 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:17:38.0714 1924 CompositeBus - ok
17:17:38.0729 1924 COMSysApp - ok
17:17:38.0745 1924 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:17:38.0745 1924 crcdisk - ok
17:17:38.0760 1924 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:17:38.0776 1924 CryptSvc - ok
17:17:38.0792 1924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:17:38.0807 1924 DcomLaunch - ok
17:17:38.0838 1924 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:17:38.0838 1924 defragsvc - ok
17:17:38.0870 1924 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:17:38.0870 1924 DfsC - ok
17:17:38.0885 1924 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:17:38.0901 1924 Dhcp - ok
17:17:38.0901 1924 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:17:38.0916 1924 discache - ok
17:17:38.0932 1924 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:17:38.0932 1924 Disk - ok
17:17:39.0026 1924 [ 2CAAD3E488998887861C46B3027D0DC8 ] DMDefragService C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe
17:17:39.0041 1924 DMDefragService - ok
17:17:39.0088 1924 [ E4BFEBC56896951001F1297BF47D5341 ] DMRepairService C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe
17:17:39.0104 1924 DMRepairService - ok
17:17:39.0135 1924 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:17:39.0135 1924 Dnscache - ok
17:17:39.0166 1924 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:17:39.0182 1924 dot3svc - ok
17:17:39.0213 1924 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:17:39.0213 1924 DPS - ok
17:17:39.0228 1924 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:17:39.0228 1924 drmkaud - ok
17:17:39.0275 1924 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:17:39.0275 1924 dtsoftbus01 - ok
17:17:39.0322 1924 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:17:39.0338 1924 DXGKrnl - ok
17:17:39.0369 1924 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:17:39.0369 1924 EapHost - ok
17:17:39.0431 1924 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:17:39.0509 1924 ebdrv - ok
17:17:39.0525 1924 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:17:39.0525 1924 EFS - ok
17:17:39.0587 1924 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:17:39.0603 1924 ehRecvr - ok
17:17:39.0634 1924 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:17:39.0634 1924 ehSched - ok
17:17:39.0681 1924 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:17:39.0681 1924 elxstor - ok
17:17:39.0712 1924 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:17:39.0712 1924 ErrDev - ok
17:17:39.0759 1924 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:17:39.0759 1924 EventSystem - ok
17:17:39.0774 1924 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:17:39.0774 1924 exfat - ok
17:17:39.0790 1924 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:17:39.0806 1924 fastfat - ok
17:17:39.0821 1924 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:17:39.0837 1924 Fax - ok
17:17:39.0852 1924 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:17:39.0852 1924 fdc - ok
17:17:39.0884 1924 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:17:39.0884 1924 fdPHost - ok
17:17:39.0899 1924 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:17:39.0899 1924 FDResPub - ok
17:17:39.0915 1924 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:17:39.0915 1924 FileInfo - ok
17:17:39.0930 1924 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:17:39.0930 1924 Filetrace - ok
17:17:39.0993 1924 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:17:40.0008 1924 FLEXnet Licensing Service - ok
17:17:40.0024 1924 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:17:40.0024 1924 flpydisk - ok
17:17:40.0055 1924 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:17:40.0071 1924 FltMgr - ok
17:17:40.0102 1924 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:17:40.0133 1924 FontCache - ok
17:17:40.0164 1924 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:17:40.0164 1924 FontCache3.0.0.0 - ok
17:17:40.0242 1924 [ A9FF65EA14E4CABFCC1BB8ECE111A249 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
17:17:40.0258 1924 ForceWare Intelligent Application Manager (IAM) - ok
17:17:40.0274 1924 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:17:40.0274 1924 FsDepends - ok
17:17:40.0305 1924 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:17:40.0305 1924 Fs_Rec - ok
17:17:40.0320 1924 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:17:40.0336 1924 fvevol - ok
17:17:40.0367 1924 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:17:40.0367 1924 gagp30kx - ok
17:17:40.0430 1924 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
17:17:40.0430 1924 GameConsoleService - ok
17:17:40.0476 1924 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:17:40.0492 1924 gpsvc - ok
17:17:40.0554 1924 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
17:17:40.0586 1924 Greg_Service - ok
17:17:40.0632 1924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:40.0632 1924 gupdate - ok
17:17:40.0648 1924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:40.0648 1924 gupdatem - ok
17:17:40.0679 1924 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:17:40.0679 1924 gusvc - ok
17:17:40.0695 1924 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:17:40.0695 1924 hcw85cir - ok
17:17:40.0726 1924 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:17:40.0742 1924 HdAudAddService - ok
17:17:40.0757 1924 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:17:40.0757 1924 HDAudBus - ok
17:17:40.0757 1924 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:17:40.0757 1924 HidBatt - ok
17:17:40.0788 1924 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:17:40.0804 1924 HidBth - ok
17:17:40.0804 1924 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:17:40.0804 1924 HidIr - ok
17:17:40.0835 1924 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:17:40.0835 1924 hidserv - ok
17:17:40.0866 1924 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:17:40.0866 1924 HidUsb - ok
17:17:40.0898 1924 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:17:40.0898 1924 hkmsvc - ok
17:17:40.0929 1924 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:17:40.0929 1924 HomeGroupListener - ok
17:17:40.0960 1924 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:17:40.0960 1924 HomeGroupProvider - ok
17:17:40.0991 1924 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:17:40.0991 1924 HpSAMD - ok
17:17:41.0038 1924 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:17:41.0038 1924 HTTP - ok
17:17:41.0054 1924 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:17:41.0054 1924 hwpolicy - ok
17:17:41.0085 1924 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:17:41.0085 1924 i8042prt - ok
17:17:41.0116 1924 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:17:41.0116 1924 iaStorV - ok
17:17:41.0147 1924 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:17:41.0163 1924 idsvc - ok
17:17:41.0178 1924 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:17:41.0194 1924 iirsp - ok
17:17:41.0225 1924 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:17:41.0241 1924 IKEEXT - ok
17:17:41.0303 1924 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:17:41.0319 1924 IntcAzAudAddService - ok
17:17:41.0319 1924 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:17:41.0319 1924 intelide - ok
17:17:41.0334 1924 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:17:41.0334 1924 intelppm - ok
17:17:41.0366 1924 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:17:41.0366 1924 IPBusEnum - ok
17:17:41.0397 1924 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:17:41.0397 1924 IpFilterDriver - ok
17:17:41.0428 1924 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:17:41.0444 1924 iphlpsvc - ok
17:17:41.0459 1924 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:17:41.0459 1924 IPMIDRV - ok
17:17:41.0475 1924 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:17:41.0475 1924 IPNAT - ok
17:17:41.0490 1924 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:17:41.0490 1924 IRENUM - ok
17:17:41.0490 1924 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:17:41.0490 1924 isapnp - ok
17:17:41.0506 1924 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:17:41.0506 1924 iScsiPrt - ok
17:17:41.0537 1924 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:17:41.0537 1924 kbdclass - ok
17:17:41.0553 1924 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:17:41.0553 1924 kbdhid - ok
17:17:41.0568 1924 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:17:41.0568 1924 KeyIso - ok
17:17:41.0600 1924 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:17:41.0600 1924 KSecDD - ok
17:17:41.0631 1924 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:17:41.0631 1924 KSecPkg - ok
17:17:41.0646 1924 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:17:41.0646 1924 ksthunk - ok
17:17:41.0678 1924 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:17:41.0678 1924 KtmRm - ok
17:17:41.0693 1924 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:17:41.0709 1924 LanmanServer - ok
17:17:41.0724 1924 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:17:41.0724 1924 LanmanWorkstation - ok
17:17:41.0756 1924 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:17:41.0756 1924 lltdio - ok
17:17:41.0787 1924 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:17:41.0787 1924 lltdsvc - ok
17:17:41.0818 1924 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:17:41.0818 1924 lmhosts - ok
17:17:41.0818 1924 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:17:41.0834 1924 LSI_FC - ok
17:17:41.0834 1924 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:17:41.0849 1924 LSI_SAS - ok
17:17:41.0849 1924 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:17:41.0865 1924 LSI_SAS2 - ok
17:17:41.0865 1924 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:17:41.0865 1924 LSI_SCSI - ok
17:17:41.0880 1924 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:17:41.0880 1924 luafv - ok
17:17:41.0912 1924 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:17:41.0912 1924 Mcx2Svc - ok
17:17:41.0943 1924 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:17:41.0943 1924 megasas - ok
17:17:41.0958 1924 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:17:41.0958 1924 MegaSR - ok
17:17:42.0036 1924 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:17:42.0036 1924 Microsoft Office Groove Audit Service - ok
17:17:42.0052 1924 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:17:42.0068 1924 MMCSS - ok
17:17:42.0083 1924 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:17:42.0083 1924 Modem - ok
17:17:42.0099 1924 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:17:42.0099 1924 monitor - ok
17:17:42.0114 1924 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:17:42.0114 1924 mouclass - ok
17:17:42.0130 1924 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:17:42.0130 1924 mouhid - ok
17:17:42.0146 1924 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:17:42.0146 1924 mountmgr - ok
17:17:42.0208 1924 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:17:42.0208 1924 MozillaMaintenance - ok
17:17:42.0255 1924 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:17:42.0255 1924 mpio - ok
17:17:42.0270 1924 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:17:42.0270 1924 mpsdrv - ok
17:17:42.0317 1924 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:17:42.0333 1924 MpsSvc - ok
17:17:42.0364 1924 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:17:42.0380 1924 MRxDAV - ok
17:17:42.0395 1924 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:17:42.0395 1924 mrxsmb - ok
17:17:42.0426 1924 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:17:42.0442 1924 mrxsmb10 - ok
17:17:42.0458 1924 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:17:42.0458 1924 mrxsmb20 - ok
17:17:42.0473 1924 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:17:42.0473 1924 msahci - ok
17:17:42.0473 1924 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:17:42.0489 1924 msdsm - ok
17:17:42.0504 1924 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:17:42.0504 1924 MSDTC - ok
17:17:42.0520 1924 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:17:42.0520 1924 Msfs - ok
17:17:42.0536 1924 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:17:42.0536 1924 mshidkmdf - ok
17:17:42.0551 1924 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:17:42.0567 1924 msisadrv - ok
17:17:42.0582 1924 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:17:42.0582 1924 MSiSCSI - ok
17:17:42.0598 1924 msiserver - ok
17:17:42.0614 1924 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:17:42.0614 1924 MSKSSRV - ok
17:17:42.0614 1924 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:17:42.0614 1924 MSPCLOCK - ok
17:17:42.0629 1924 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:17:42.0629 1924 MSPQM - ok
17:17:42.0660 1924 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:17:42.0660 1924 MsRPC - ok
17:17:42.0676 1924 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:17:42.0676 1924 mssmbios - ok
17:17:42.0676 1924 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:17:42.0676 1924 MSTEE - ok
17:17:42.0692 1924 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:17:42.0692 1924 MTConfig - ok
17:17:42.0707 1924 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:17:42.0707 1924 Mup - ok
17:17:42.0723 1924 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:17:42.0723 1924 napagent - ok
17:17:42.0770 1924 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:17:42.0770 1924 NativeWifiP - ok
17:17:42.0816 1924 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:17:42.0832 1924 NDIS - ok
17:17:42.0848 1924 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:17:42.0848 1924 NdisCap - ok
17:17:42.0848 1924 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:17:42.0863 1924 NdisTapi - ok
17:17:42.0879 1924 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:17:42.0879 1924 Ndisuio - ok
17:17:42.0894 1924 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:17:42.0894 1924 NdisWan - ok
17:17:42.0926 1924 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:17:42.0926 1924 NDProxy - ok
17:17:43.0004 1924 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:17:43.0035 1924 Nero BackItUp Scheduler 4.0 - ok
17:17:43.0066 1924 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:17:43.0066 1924 NetBIOS - ok
17:17:43.0082 1924 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:17:43.0082 1924 NetBT - ok
17:17:43.0097 1924 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:17:43.0097 1924 Netlogon - ok
17:17:43.0128 1924 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:17:43.0144 1924 Netman - ok
17:17:43.0160 1924 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:17:43.0160 1924 netprofm - ok
17:17:43.0191 1924 [ 93A240FD4C133D1ED7CCF829159C4B78 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
17:17:43.0191 1924 netr7364 - ok
17:17:43.0238 1924 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:17:43.0238 1924 NetTcpPortSharing - ok
17:17:43.0269 1924 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:17:43.0269 1924 nfrd960 - ok
17:17:43.0316 1924 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:17:43.0316 1924 NlaSvc - ok
17:17:43.0331 1924 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:17:43.0331 1924 Npfs - ok
17:17:43.0331 1924 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:17:43.0347 1924 nsi - ok
17:17:43.0347 1924 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:17:43.0347 1924 nsiproxy - ok
17:17:43.0394 1924 [ C04F5DEF37E55F6A34428B050F44D3D6 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
17:17:43.0394 1924 nSvcIp - ok
17:17:43.0440 1924 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:17:43.0472 1924 Ntfs - ok
17:17:43.0487 1924 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:17:43.0487 1924 Null - ok
17:17:43.0534 1924 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
17:17:43.0534 1924 NVENETFD - ok
17:17:43.0784 1924 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:17:44.0033 1924 nvlddmkm - ok
17:17:44.0049 1924 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
17:17:44.0049 1924 NVNET - ok
17:17:44.0080 1924 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:17:44.0096 1924 nvraid - ok
17:17:44.0096 1924 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:17:44.0096 1924 nvstor - ok
17:17:44.0127 1924 [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
17:17:44.0127 1924 nvstor64 - ok
17:17:44.0142 1924 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:17:44.0158 1924 nvsvc - ok
17:17:44.0189 1924 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:17:44.0189 1924 nv_agp - ok
17:17:44.0236 1924 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:17:44.0252 1924 odserv - ok
17:17:44.0267 1924 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:17:44.0267 1924 ohci1394 - ok
17:17:44.0314 1924 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:17:44.0330 1924 ose - ok
17:17:44.0361 1924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:17:44.0376 1924 p2pimsvc - ok
17:17:44.0392 1924 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:17:44.0408 1924 p2psvc - ok
17:17:44.0423 1924 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:17:44.0423 1924 Parport - ok
17:17:44.0454 1924 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:17:44.0454 1924 partmgr - ok
17:17:44.0470 1924 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:17:44.0470 1924 PcaSvc - ok
17:17:44.0501 1924 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:17:44.0501 1924 pci - ok
17:17:44.0501 1924 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:17:44.0501 1924 pciide - ok
17:17:44.0517 1924 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:17:44.0532 1924 pcmcia - ok
17:17:44.0548 1924 [ F807B82D4A743270C881F635055B1F7F ] PCTDMDefrag C:\Windows\system32\drivers\PCTDMDefrag.sys
17:17:44.0548 1924 PCTDMDefrag - ok
17:17:44.0564 1924 [ AC61DD47194DF8241527B4291E5BB536 ] PCTDSMon C:\Windows\system32\drivers\PCTDSMon.sys
17:17:44.0564 1924 PCTDSMon - ok
17:17:44.0610 1924 [ 97571EF24B653DDC0538C59BCD989AE1 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
17:17:44.0610 1924 PCToolsSSDMonitorSvc - ok
17:17:44.0642 1924 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:17:44.0642 1924 pcw - ok
17:17:44.0657 1924 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:17:44.0673 1924 PEAUTH - ok
17:17:44.0751 1924 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:17:44.0751 1924 PerfHost - ok
17:17:44.0829 1924 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:17:44.0860 1924 pla - ok
17:17:44.0907 1924 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:17:44.0922 1924 PlugPlay - ok
17:17:44.0954 1924 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:17:44.0954 1924 PNRPAutoReg - ok
17:17:44.0969 1924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:17:44.0985 1924 PNRPsvc - ok
17:17:45.0016 1924 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:17:45.0016 1924 PolicyAgent - ok
17:17:45.0063 1924 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:17:45.0063 1924 Power - ok
17:17:45.0094 1924 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:17:45.0094 1924 PptpMiniport - ok
17:17:45.0110 1924 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:17:45.0110 1924 Processor - ok
17:17:45.0141 1924 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:17:45.0156 1924 ProfSvc - ok
17:17:45.0156 1924 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:17:45.0156 1924 ProtectedStorage - ok
17:17:45.0203 1924 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:17:45.0203 1924 Psched - ok
17:17:45.0234 1924 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:17:45.0266 1924 ql2300 - ok
17:17:45.0297 1924 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:17:45.0297 1924 ql40xx - ok
17:17:45.0312 1924 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:17:45.0312 1924 QWAVE - ok
17:17:45.0344 1924 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:17:45.0344 1924 QWAVEdrv - ok
17:17:45.0344 1924 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:17:45.0359 1924 RasAcd - ok
17:17:45.0390 1924 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:17:45.0390 1924 RasAgileVpn - ok
17:17:45.0406 1924 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:17:45.0406 1924 RasAuto - ok
17:17:45.0437 1924 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:17:45.0453 1924 Rasl2tp - ok
17:17:45.0468 1924 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:17:45.0468 1924 RasMan - ok
17:17:45.0500 1924 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:17:45.0500 1924 RasPppoe - ok
17:17:45.0531 1924 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:17:45.0531 1924 RasSstp - ok
17:17:45.0546 1924 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:17:45.0546 1924 rdbss - ok
17:17:45.0562 1924 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:17:45.0562 1924 rdpbus - ok
17:17:45.0578 1924 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:17:45.0578 1924 RDPCDD - ok
17:17:45.0578 1924 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:17:45.0578 1924 RDPENCDD - ok
17:17:45.0593 1924 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:17:45.0593 1924 RDPREFMP - ok
17:17:45.0609 1924 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:17:45.0624 1924 RDPWD - ok
17:17:45.0640 1924 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:17:45.0640 1924 rdyboost - ok
17:17:45.0656 1924 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:17:45.0671 1924 RemoteAccess - ok
17:17:45.0702 1924 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:17:45.0702 1924 RemoteRegistry - ok
17:17:45.0734 1924 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:17:45.0734 1924 RpcEptMapper - ok
17:17:45.0749 1924 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:17:45.0749 1924 RpcLocator - ok
17:17:45.0780 1924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:17:45.0780 1924 RpcSs - ok
17:17:45.0796 1924 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:17:45.0796 1924 rspndr - ok
17:17:45.0796 1924 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:17:45.0812 1924 SamSs - ok
17:17:45.0843 1924 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:17:45.0843 1924 sbp2port - ok
17:17:45.0858 1924 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:17:45.0858 1924 SCardSvr - ok
17:17:45.0890 1924 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:17:45.0890 1924 scfilter - ok
17:17:45.0936 1924 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:17:45.0968 1924 Schedule - ok
17:17:45.0983 1924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:17:45.0999 1924 SCPolicySvc - ok
17:17:46.0030 1924 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:17:46.0030 1924 SDRSVC - ok
17:17:46.0046 1924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:17:46.0046 1924 secdrv - ok
17:17:46.0077 1924 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:17:46.0077 1924 seclogon - ok
17:17:46.0092 1924 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:17:46.0092 1924 SENS - ok
17:17:46.0124 1924 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:17:46.0124 1924 SensrSvc - ok
17:17:46.0139 1924 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:17:46.0139 1924 Serenum - ok
17:17:46.0186 1924 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:17:46.0186 1924 Serial - ok
17:17:46.0202 1924 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:17:46.0217 1924 sermouse - ok
17:17:46.0248 1924 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:17:46.0248 1924 SessionEnv - ok
17:17:46.0264 1924 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:17:46.0280 1924 sffdisk - ok
17:17:46.0280 1924 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:17:46.0280 1924 sffp_mmc - ok
17:17:46.0280 1924 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:17:46.0280 1924 sffp_sd - ok
17:17:46.0295 1924 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:17:46.0295 1924 sfloppy - ok
17:17:46.0358 1924 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:17:46.0358 1924 SharedAccess - ok
17:17:46.0389 1924 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:17:46.0389 1924 ShellHWDetection - ok
17:17:46.0420 1924 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:17:46.0420 1924 SiSRaid2 - ok
17:17:46.0436 1924 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:17:46.0436 1924 SiSRaid4 - ok
17:17:46.0498 1924 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:17:46.0498 1924 SkypeUpdate - ok
17:17:46.0529 1924 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:17:46.0529 1924 Smb - ok
17:17:46.0560 1924 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:17:46.0560 1924 SNMPTRAP - ok
17:17:46.0592 1924 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:17:46.0592 1924 spldr - ok
17:17:46.0623 1924 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:17:46.0638 1924 Spooler - ok
17:17:46.0732 1924 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:17:46.0794 1924 sppsvc - ok
17:17:46.0826 1924 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:17:46.0826 1924 sppuinotify - ok
17:17:46.0857 1924 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:17:46.0872 1924 srv - ok
17:17:46.0888 1924 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:17:46.0888 1924 srv2 - ok
17:17:46.0919 1924 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:17:46.0919 1924 srvnet - ok
17:17:46.0950 1924 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:17:46.0950 1924 SSDPSRV - ok
17:17:46.0966 1924 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:17:46.0966 1924 SstpSvc - ok
17:17:46.0997 1924 Steam Client Service - ok
17:17:47.0013 1924 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:17:47.0013 1924 stexstor - ok
17:17:47.0060 1924 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:17:47.0060 1924 stisvc - ok
17:17:47.0091 1924 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:17:47.0091 1924 swenum - ok
17:17:47.0122 1924 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:17:47.0138 1924 swprv - ok
17:17:47.0200 1924 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:17:47.0231 1924 SysMain - ok
17:17:47.0262 1924 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:17:47.0262 1924 TabletInputService - ok
17:17:47.0278 1924 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:17:47.0294 1924 TapiSrv - ok
17:17:47.0309 1924 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:17:47.0309 1924 TBS - ok
17:17:47.0372 1924 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:17:47.0403 1924 Tcpip - ok
17:17:47.0450 1924 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:17:47.0465 1924 TCPIP6 - ok
17:17:47.0481 1924 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:17:47.0481 1924 tcpipreg - ok
17:17:47.0496 1924 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:17:47.0512 1924 TDPIPE - ok
17:17:47.0528 1924 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:17:47.0528 1924 TDTCP - ok
17:17:47.0559 1924 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:17:47.0559 1924 tdx - ok
17:17:47.0574 1924 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:17:47.0574 1924 TermDD - ok
17:17:47.0606 1924 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:17:47.0606 1924 TermService - ok
17:17:47.0621 1924 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:17:47.0637 1924 Themes - ok
17:17:47.0652 1924 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:17:47.0652 1924 THREADORDER - ok
17:17:47.0668 1924 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:17:47.0668 1924 TrkWks - ok
17:17:47.0715 1924 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:17:47.0715 1924 TrustedInstaller - ok
17:17:47.0746 1924 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:17:47.0746 1924 tssecsrv - ok
17:17:47.0777 1924 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:17:47.0777 1924 TsUsbFlt - ok
17:17:47.0808 1924 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:17:47.0824 1924 tunnel - ok
17:17:47.0840 1924 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:17:47.0840 1924 uagp35 - ok
17:17:47.0855 1924 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:17:47.0855 1924 udfs - ok
17:17:47.0886 1924 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:17:47.0886 1924 UI0Detect - ok
17:17:47.0902 1924 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:17:47.0902 1924 uliagpkx - ok
17:17:47.0933 1924 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:17:47.0933 1924 umbus - ok
17:17:47.0949 1924 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:17:47.0949 1924 UmPass - ok
17:17:47.0980 1924 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
17:17:47.0980 1924 Updater Service - ok
17:17:47.0996 1924 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:17:48.0011 1924 upnphost - ok
17:17:48.0042 1924 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:17:48.0042 1924 USBAAPL64 - ok
17:17:48.0074 1924 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:17:48.0089 1924 usbaudio - ok
17:17:48.0120 1924 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
17:17:48.0120 1924 usbbus - ok
17:17:48.0136 1924 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:17:48.0136 1924 usbccgp - ok
17:17:48.0136 1924 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:17:48.0152 1924 usbcir - ok
17:17:48.0167 1924 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
17:17:48.0167 1924 UsbDiag - ok
17:17:48.0183 1924 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:17:48.0183 1924 usbehci - ok
17:17:48.0198 1924 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:17:48.0214 1924 usbhub - ok
17:17:48.0214 1924 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
17:17:48.0214 1924 USBModem - ok
17:17:48.0230 1924 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:17:48.0230 1924 usbohci - ok
17:17:48.0230 1924 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:17:48.0230 1924 usbprint - ok
17:17:48.0245 1924 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:17:48.0261 1924 USBSTOR - ok
17:17:48.0261 1924 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:17:48.0276 1924 usbuhci - ok
17:17:48.0308 1924 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:17:48.0308 1924 usbvideo - ok
17:17:48.0323 1924 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:17:48.0323 1924 UxSms - ok
17:17:48.0339 1924 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:17:48.0339 1924 VaultSvc - ok
17:17:48.0370 1924 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:17:48.0370 1924 vdrvroot - ok
17:17:48.0401 1924 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:17:48.0417 1924 vds - ok
17:17:48.0417 1924 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:17:48.0417 1924 vga - ok
17:17:48.0432 1924 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:17:48.0432 1924 VgaSave - ok
17:17:48.0464 1924 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:17:48.0464 1924 vhdmp - ok
17:17:48.0479 1924 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:17:48.0479 1924 viaide - ok
17:17:48.0495 1924 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:17:48.0495 1924 volmgr - ok
17:17:48.0526 1924 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:17:48.0526 1924 volmgrx - ok
17:17:48.0542 1924 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:17:48.0542 1924 volsnap - ok
17:17:48.0573 1924 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:17:48.0573 1924 vsmraid - ok
17:17:48.0620 1924 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:17:48.0666 1924 VSS - ok
17:17:48.0682 1924 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:17:48.0682 1924 vwifibus - ok
17:17:48.0698 1924 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:17:48.0698 1924 vwififlt - ok
17:17:48.0698 1924 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:17:48.0713 1924 vwifimp - ok
17:17:48.0729 1924 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:17:48.0744 1924 W32Time - ok
17:17:48.0760 1924 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:17:48.0760 1924 WacomPen - ok
17:17:48.0776 1924 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:17:48.0776 1924 WANARP - ok
17:17:48.0776 1924 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:17:48.0776 1924 Wanarpv6 - ok
17:17:48.0854 1924 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:17:48.0916 1924 WatAdminSvc - ok
17:17:48.0978 1924 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:17:49.0025 1924 wbengine - ok
17:17:49.0056 1924 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:17:49.0056 1924 WbioSrvc - ok
17:17:49.0088 1924 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:17:49.0103 1924 wcncsvc - ok
17:17:49.0119 1924 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:17:49.0119 1924 WcsPlugInService - ok
17:17:49.0134 1924 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:17:49.0134 1924 Wd - ok
17:17:49.0181 1924 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:17:49.0181 1924 Wdf01000 - ok
17:17:49.0197 1924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:17:49.0197 1924 WdiServiceHost - ok
17:17:49.0197 1924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:17:49.0212 1924 WdiSystemHost - ok
17:17:49.0228 1924 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:17:49.0244 1924 WebClient - ok
17:17:49.0259 1924 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:17:49.0259 1924 Wecsvc - ok
17:17:49.0275 1924 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:17:49.0290 1924 wercplsupport - ok
17:17:49.0306 1924 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:17:49.0322 1924 WerSvc - ok
17:17:49.0322 1924 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:17:49.0322 1924 WfpLwf - ok
17:17:49.0337 1924 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:17:49.0337 1924 WIMMount - ok
17:17:49.0337 1924 WinDefend - ok
17:17:49.0353 1924 WinHttpAutoProxySvc - ok
17:17:49.0400 1924 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:17:49.0400 1924 Winmgmt - ok
17:17:49.0462 1924 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:17:49.0493 1924 WinRM - ok
17:17:49.0556 1924 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:17:49.0556 1924 WinUsb - ok
17:17:49.0587 1924 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:17:49.0602 1924 Wlansvc - ok
17:17:49.0649 1924 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:17:49.0649 1924 WmiAcpi - ok
17:17:49.0665 1924 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:17:49.0680 1924 wmiApSrv - ok
17:17:49.0696 1924 WMPNetworkSvc - ok
17:17:49.0712 1924 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:17:49.0712 1924 WPCSvc - ok
17:17:49.0727 1924 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:17:49.0743 1924 WPDBusEnum - ok
17:17:49.0758 1924 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:17:49.0758 1924 ws2ifsl - ok
17:17:49.0774 1924 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:17:49.0774 1924 wscsvc - ok
17:17:49.0774 1924 WSearch - ok
17:17:49.0883 1924 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:17:49.0930 1924 wuauserv - ok
17:17:49.0946 1924 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:17:49.0946 1924 WudfPf - ok
17:17:49.0961 1924 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:17:49.0977 1924 WUDFRd - ok
17:17:49.0992 1924 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:17:50.0008 1924 wudfsvc - ok
17:17:50.0024 1924 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:17:50.0039 1924 WwanSvc - ok
17:17:50.0086 1924 X6va006 - ok
17:17:50.0117 1924 X6va008 - ok
17:17:50.0180 1924 X6va010 - ok
17:17:50.0242 1924 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:17:50.0258 1924 YahooAUService - ok
17:17:50.0320 1924 ================ Scan global ===============================
17:17:50.0351 1924 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:17:50.0382 1924 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:17:50.0398 1924 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:17:50.0414 1924 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:17:50.0445 1924 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:17:50.0445 1924 [Global] - ok
17:17:50.0445 1924 ================ Scan MBR ==================================
17:17:50.0460 1924 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
17:17:54.0033 1924 \Device\Harddisk0\DR0 - ok
17:17:54.0048 1924 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk6\DR6
17:18:06.0497 1924 \Device\Harddisk6\DR6 - ok
17:18:06.0497 1924 ================ Scan VBR ==================================
17:18:06.0513 1924 [ 8C6572A2430ADBB6A5E9BC9E89AF6A12 ] \Device\Harddisk0\DR0\Partition1
17:18:06.0513 1924 \Device\Harddisk0\DR0\Partition1 - ok
17:18:06.0544 1924 [ 8CE128768D6B9BE5085B6ED954584AFD ] \Device\Harddisk0\DR0\Partition2
17:18:06.0544 1924 \Device\Harddisk0\DR0\Partition2 - ok
17:18:06.0544 1924 [ C7A49919AA0F94CC709CA26219B01D5C ] \Device\Harddisk6\DR6\Partition1
17:18:06.0544 1924 \Device\Harddisk6\DR6\Partition1 - ok
17:18:06.0544 1924 ============================================================
17:18:06.0544 1924 Scan finished
17:18:06.0544 1924 ============================================================
17:18:06.0560 2340 Detected object count: 0
17:18:06.0560 2340 Actual detected object count: 0
17:18:27.0947 4032 Deinitialize success
< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
C:\Program Files (x86)\1ClickDownload\uninstall.exe Win32/Adware.1ClickDownload application
C:\ProgramData\wxDownload\50b3e6f662612.ocx Win32/Adware.MultiPlug.D application
C:\Qoobox\Quarantine\C\torrent.exe.vir Win32/BundleInstaller.A application
C:\Qoobox\Quarantine\C\Users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll.vir a variant of Win32/Kryptik.AOWX trojan
C:\Qoobox\Quarantine\C\Users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}\n.vir Win64/Sirefef.W trojan
C:\Users\All Users\wxDownload\50b3e6f662612.ocx Win32/Adware.MultiPlug.D application
C:\Users\Entregan\AppData\Local\Temp\fhNZ4irv.exe.part a variant of Win32/SoftonicDownloader.E application
C:\Users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\36152302-733eefef a variant of Win32/Kryptik.AJFC trojan
C:\Users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6eba7426-493cb52f multiple threats
C:\Users\Entregan\Downloads\boarding_school_babes_teachers_pet.exe Win32/BundleInstaller.A application
C:\Users\Entregan\Downloads\cnet2_ComicViewer_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Entregan\Downloads\cnet2_flash_movie_player_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Entregan\Downloads\DTLite4451-0236.exe Win32/OpenCandy application
C:\Users\Entregan\Downloads\PC_Tools_Performance_Toolkit__.exe multiple threats
C:\Users\Entregan\Downloads\SoftonicDownloader_for_flash-movie-player.exe Win32/SoftonicDownloader application
C:\Users\Entregan\Downloads\SoftonicDownloader_for_startup-doctor.exe Win32/SoftonicDownloader.D application
C:\Users\Entregan\Downloads\SoftonicDownloader_for_steam.exe Win32/SoftonicDownloader application
C:\Users\Entregan\Downloads\The_Avengers_[2012]_CAM_H264_elite-pirates.exe Win32/Adware.1ClickDownload.C application
C:\Users\Entregan\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Users\Entregan\Music\Collective_Soul_-_Collective_Soul_[blue]_(1995).exe multiple threats
-
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006bfe060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xfffffa8006bfa060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800643d460
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005f\
Lower Device Object: 0xfffffa8005ec4110
Lower Device Driver Name: \Driver\nvstor64\
Driver name found: nvstor64
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800643d460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800643e040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800643d460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005edae40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005ec4110, DeviceName: \Device\0000005f\, DriverName: \Driver\nvstor64\
------------ End ----------
Upper DeviceData: 0xfffff8a00b6945b0, 0xfffffa800643d460, 0xfffffa80058c9790
Lower DeviceData: 0xfffff8a00b576a10, 0xfffffa8005ec4110, 0xfffffa8005ce6e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 470BF6B0
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 27262976
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 27265024 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 27469824 Numsec = 1437675520
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8006bfe060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006bff910, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006bfe060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006bfa060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8006c01060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006bfeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006c01060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006bf3710, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006c01b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006bf6060, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8006c03060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006c02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006c03060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006bf7060, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8006c09060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006c03b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006c09060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006bf6990, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 6, DevicePointer: 0xfffffa8007911060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800790d910, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007911060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007916490, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a00b1a66b0, 0xfffffa8007911060, 0xfffffa8005cdc090
Lower DeviceData: 0xfffff8a00b150150, 0xfffffa8007916490, 0xfffffa8005cdde40
Drive 6
Scanning MBR on drive 6...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18CC46C1
Partition information:
Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 7856064
Partition file system is FAT32
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4022337024 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Scan Interrupted
Done!
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 6441787392, free: 5516976128
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 6441787392, free: 5113593856
------------ Kernel report ------------
12/02/2012 16:03:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800780a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000076\
Lower Device Object: 0xfffffa80079a7b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8006bfa060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xfffffa8006c03750
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8006bfb060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xfffffa80079a8060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8006c00060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa8006bf0a50
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8006c02060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xfffffa8006bf1b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006c04060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xfffffa8006c01060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80063ed060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005f\
Lower Device Object: 0xfffffa80060c39c0
Lower Device Driver Name: \Driver\nvstor64\
Driver name found: nvstor64
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80063ed060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80063edb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80063ed060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80060bf7a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80060c39c0, DeviceName: \Device\0000005f\, DriverName: \Driver\nvstor64\
------------ End ----------
Upper DeviceData: 0xfffff8a00bce2010, 0xfffffa80063ed060, 0xfffffa8005f7b090
Lower DeviceData: 0xfffff8a00bc6d120, 0xfffffa80060c39c0, 0xfffffa8005e9f090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 470BF6B0
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 27262976
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 27265024 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 27469824 Numsec = 1437675520
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8006c04060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006c03040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006c04060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006c01060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006c04b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006bf1b60, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8006c00060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006c02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006c00060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006bf0a50, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8006bfb060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006c00b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006bfb060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80079a8060, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8006bfa060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006bfbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006bfa060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006c03750, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 6, DevicePointer: 0xfffffa800780a060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800791f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800780a060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80079a7b60, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a00bd01b80, 0xfffffa800780a060, 0xfffffa8005d9b790
Lower DeviceData: 0xfffff8a00bc54070, 0xfffffa80079a7b60, 0xfffffa8005ce8940
Drive 6
Scanning MBR on drive 6...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18CC46C1
Partition information:
Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 7856064
Partition file system is FAT32
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4022337024 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from AhaShare.com.txt" is sparse (flags = 32768)
Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from Demonoid.me.txt" is sparse (flags = 32768)
Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from elite-pirates.com.txt" is sparse (flags = 32768)
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 6441787392, free: 5518618624
< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.7.4 (12.02.2012:1)
OS: Windows 7 Home Premium x64
Ran by Entregan on Sun 12/02/2012 at 16:14:47.93
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\crossrider"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\smartbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\softonic"
Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Successfully deleted: [Registry Key] "hkey_local_machine\software\iminent"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Entregan\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
~~~ FireFox
Successfully deleted: [File] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\user.js
Successfully deleted: [File] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\extensions\fnktxwelcd@fnktxwelcd.org.xpi [Tracur]
Successfully deleted: [Folder] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\smartbar
Successfully deleted: [Folder] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\extensions\50b3e6d3346e5@50b3e6d33471e.com
Successfully deleted the following from C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\prefs.js
user_pref("CT3244149.1000082.isDisplayHidden", "true");
user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"http://feedlive.net/california.asx\"}");
user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3244149.FirstTime", "true");
user_pref("CT3244149.FirstTimeFF3", "true");
user_pref("CT3244149.LoginRevertSettingsEnabled", false);
user_pref("CT3244149.RevertSettingsEnabled", true);
user_pref("CT3244149.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=");
user_pref("CT3244149.UserID", "UN80476396242825083");
user_pref("CT3244149.UserId.enc", "MTNjZDRkNjgtNjZmZS1lYjI2LTBkZmItMjY5YjdjMjYwYmU3");
user_pref("CT3244149.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3244149.autoDisableScopes", 14);
user_pref("CT3244149.browser.search.defaultthis.engineName", true);
user_pref("CT3244149.cbfirsttime.enc", "TW9uIE5vdiAyNiAyMDEyIDE2OjAxOjM4IEdNVC0wNjAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp");
user_pref("CT3244149.defaultSearch", "true");
user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta
user_pref("CT3244149.enableAlerts", "always");
user_pref("CT3244149.enableSearchFromAddressBar", "true");
user_pref("CT3244149.firstTimeDialogOpened", "true");
user_pref("CT3244149.fixPageNotFoundError", "true");
user_pref("CT3244149.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3244149.fixUrls", true);
user_pref("CT3244149.http___api30_starwebnet_com.pid2.enc", "YWE2ODYzNDAyYzk1NTEyNA==");
user_pref("CT3244149.http___toolbar_jollywallet_com_tlb_2.Affiliate_cache.enc", "WyJjODIyYzFiNjM4NTNlZDI3M2I4OTY4N2FjNTA1ZjlmYSIsIjczOGFhOGQzYmMwMmViODcxMmFjZDBlYjJjZjZkZmQ1IiwiMjM1MWY2MDBiZjYyMTAyYzU
user_pref("CT3244149.http___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOlt7InR5cGUiOiJtZW51IiwiY2FwdGlvbiI6IiIsImltYWdlIjoiaW1hZ2VzL215d2FsbGV0X21pbi5wbmciLCJpbWFnZWhvdmVyIjoiaW
user_pref("CT3244149.http___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiaHR0cDovL2FwaS5qb2xseXdhbGxldC5jb20vYWZmaWxpYXRlL2luaXQiLCJxdWVyeVVybCI6Imh0dHA6Ly9hcGkuam9sbHl3YWxs
user_pref("CT3244149.installId", "166");
user_pref("CT3244149.installType", "conduitnsisintegration");
user_pref("CT3244149.isCheckedStartAsHidden", true);
user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3244149.isFirstTimeToolbarLoading", "false");
user_pref("CT3244149.isNewTabEnabled", true);
user_pref("CT3244149.isPerformedSmartBarTransition", "true");
user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3244149.keyword", true);
user_pref("CT3244149.migrateAppsAndComponents", true);
user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"http://WhiteSmokeUSNew.OurToolbar.com/\",\"EB
user_pref("CT3244149.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3244149.openThankYouPage", "false");
user_pref("CT3244149.openUninstallPage", "true");
user_pref("CT3244149.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"11\\\\/27\\\\/2012 01\\\"}\"}");
user_pref("CT3244149.revertSettingsEnabled", "true");
user_pref("CT3244149.search.searchAppId", "129895725399351616");
user_pref("CT3244149.search.searchCount", "0");
user_pref("CT3244149.searchInNewTabEnabledInHidden", "true");
user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3244149\"}");
user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://WhiteSmokeUSNew.OurToolbar.com//xpi\"}");
user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke US New\"}");
user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3244149.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353967291293");
user_pref("CT3244149.serviceLayer_services_appsMetadata_lastUpdate", "1353967291116");
user_pref("CT3244149.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353967292405");
user_pref("CT3244149.serviceLayer_services_login_10.13.40.15_lastUpdate", "1354245458202");
user_pref("CT3244149.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353967292362");
user_pref("CT3244149.serviceLayer_services_searchAPI_lastUpdate", "1353967288130");
user_pref("CT3244149.serviceLayer_services_serviceMap_lastUpdate", "1354245457791");
user_pref("CT3244149.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353967292450");
user_pref("CT3244149.serviceLayer_services_toolbarSettings_lastUpdate", "1354245457827");
user_pref("CT3244149.serviceLayer_services_translation_lastUpdate", "1354245457903");
user_pref("CT3244149.serviceLayer_services_userApps_lastUpdate", "1353967295540");
user_pref("CT3244149.settingsINI", true);
user_pref("CT3244149.shouldFirstTimeDialog", "false");
user_pref("CT3244149.smartbar.CTID", "CT3244149");
user_pref("CT3244149.smartbar.Uninstall", "0");
user_pref("CT3244149.smartbar.homepage", true);
user_pref("CT3244149.smartbar.isHidden", true);
user_pref("CT3244149.smartbar.toolbarName", "WhiteSmoke US New ");
user_pref("CT3244149.startPage", "userChanged");
user_pref("CT3244149.toolbarBornServerTime", "27-11-2012");
user_pref("CT3244149.toolbarCurrentServerTime", "30-11-2012");
user_pref("CT3244149.toolbarDisabled", "true");
user_pref("CT3244149_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1354245334276,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3244149&SearchSource=13&CUI=SB_CUI");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3244149");
user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.search.selectedEngine", "WhiteSmoke US New Customized Web Search");
user_pref("extensions.50b3e6d334792.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics");
user_pref("extentions.y2layers.installId", "29a92b03-ec2d-4a1f-b430-fd485c7c9f8b");
user_pref("extentions.y2layers.lastDnsTest", 371896);
user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=");
user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3244149&SearchSource=13&CUI=SB_CUI");
user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=");
user_pref("smartbar.originalHomepage", "netflix.com");
user_pref("smartbar.originalSearchAddressUrl", "");
user_pref("smartbar.originalSearchEngine", false);
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/02/2012 at 16:21:59.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
# AdwCleaner v2.011 - Logfile created 12/02/2012 at 16:24:03
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Entregan - LOS-ENTERPRISES
# Boot Mode : Normal
# Running from : C:\Users\Entregan\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\ProgramData\Partner
***** [Registry] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (en-US)
Profile name : default
File : C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\prefs.js
Deleted : user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3244149.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3244149.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Deleted : user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3244149_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
*************************
AdwCleaner[s2].txt - [4871 octets] - [02/12/2012 16:24:03]
########## EOF - C:\AdwCleaner[s2].txt - [4931 octets] ##########
-
Process has been completed. So far things are looking good!
< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (en-US)
Profile name : default
File : C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\prefs.js
Deleted : user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3244149.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3244149.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Deleted : user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3244149_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
*************************
AdwCleaner[s2].txt - [4871 octets] - [02/12/2012 16:24:03]
########## EOF - C:\AdwCleaner[s2].txt - [4931 octets] ##########
<- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ->
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 6441787392, free: 2579046400
------------ Kernel report ------------
12/02/2012 15:25:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8007c34790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa8007c29610
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8007c1a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000074\
Lower Device Object: 0xfffffa8007bdf660
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8007ac6790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xfffffa8007bbf060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8007ac5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xfffffa8007bdfb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007c19790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa8007bd1450
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007c1b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xfffffa8007bbc380
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800642e410
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000060\
Lower Device Object: 0xfffffa800609e060
Lower Device Driver Name: \00000519\
Driver name found: nvstor64
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.02.03
Downloaded database version: v2012.11.30.01
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800642e410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800642f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800642e410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800550fa80, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800609e060, DeviceName: \Device\00000060\, DriverName: \00000519\
------------ End ----------
Upper DeviceData: 0xfffff8a0100bda60, 0xfffffa800642e410, 0xfffffa80099721e0
Lower DeviceData: 0xfffff8a01018e420, 0xfffffa800609e060, 0xfffffa8008b4a8e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
MBR is forged!
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 470BF6B0
Partition information:
Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 6 Numsec = 0
Partition file system is UNKNOWN
Partition is not bootable
Infected: VBR on Active partition --> [Rootkit.Pihar.c.MBR]
Changing partition to empty and not active. New active partition is 1 on drive 0 ...
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 27262976
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 27265024 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 27469824 Numsec = 1437675520
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
MBR infection found on drive 0
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-5-1465129168-1465149168)...
Sector 1465148926 --> [Forged physical sector]
Sector 1465148927 --> [Forged physical sector]
Sector 1465148928 --> [Forged physical sector]
Sector 1465148929 --> [Forged physical sector]
Sector 1465148930 --> [Forged physical sector]
Sector 1465148931 --> [Forged physical sector]
Sector 1465148932 --> [Forged physical sector]
Sector 1465148933 --> [Forged physical sector]
Sector 1465148934 --> [Forged physical sector]
Sector 1465148935 --> [Forged physical sector]
Sector 1465148936 --> [Forged physical sector]
Sector 1465148937 --> [Forged physical sector]
Sector 1465148938 --> [Forged physical sector]
Sector 1465148939 --> [Forged physical sector]
Sector 1465148940 --> [Forged physical sector]
Sector 1465148941 --> [Forged physical sector]
Sector 1465148942 --> [Forged physical sector]
Sector 1465148943 --> [Forged physical sector]
Sector 1465148944 --> [Forged physical sector]
Sector 1465148945 --> [Forged physical sector]
Sector 1465148946 --> [Forged physical sector]
Sector 1465148947 --> [Forged physical sector]
Sector 1465148948 --> [Forged physical sector]
Sector 1465148949 --> [Forged physical sector]
Sector 1465148950 --> [Forged physical sector]
Sector 1465148951 --> [Forged physical sector]
Sector 1465148952 --> [Forged physical sector]
Sector 1465148953 --> [Forged physical sector]
Sector 1465148954 --> [Forged physical sector]
Sector 1465148955 --> [Forged physical sector]
Sector 1465148956 --> [Forged physical sector]
Sector 1465148957 --> [Forged physical sector]
Sector 1465148958 --> [Forged physical sector]
Sector 1465148959 --> [Forged physical sector]
Sector 1465148960 --> [Forged physical sector]
Sector 1465148961 --> [Forged physical sector]
Sector 1465148962 --> [Forged physical sector]
Sector 1465148963 --> [Forged physical sector]
Sector 1465148964 --> [Forged physical sector]
Sector 1465148965 --> [Forged physical sector]
Sector 1465148966 --> [Forged physical sector]
Sector 1465148967 --> [Forged physical sector]
Sector 1465148968 --> [Forged physical sector]
Sector 1465148969 --> [Forged physical sector]
Sector 1465148970 --> [Forged physical sector]
Sector 1465148971 --> [Forged physical sector]
Sector 1465148972 --> [Forged physical sector]
Sector 1465148973 --> [Forged physical sector]
Sector 1465148974 --> [Forged physical sector]
Sector 1465148975 --> [Forged physical sector]
Sector 1465148976 --> [Forged physical sector]
Sector 1465148977 --> [Forged physical sector]
Sector 1465148978 --> [Forged physical sector]
Sector 1465148979 --> [Forged physical sector]
Sector 1465148980 --> [Forged physical sector]
Sector 1465148981 --> [Forged physical sector]
Sector 1465148982 --> [Forged physical sector]
Sector 1465148983 --> [Forged physical sector]
Sector 1465148984 --> [Forged physical sector]
Sector 1465148985 --> [Forged physical sector]
Sector 1465148986 --> [Forged physical sector]
Sector 1465148987 --> [Forged physical sector]
Sector 1465148988 --> [Forged physical sector]
Sector 1465148989 --> [Forged physical sector]
Sector 1465148990 --> [Forged physical sector]
Sector 1465148991 --> [Forged physical sector]
Sector 1465148992 --> [Forged physical sector]
Sector 1465148993 --> [Forged physical sector]
Sector 1465148994 --> [Forged physical sector]
Sector 1465148995 --> [Forged physical sector]
Sector 1465148996 --> [Forged physical sector]
Sector 1465148997 --> [Forged physical sector]
Sector 1465148998 --> [Forged physical sector]
Sector 1465148999 --> [Forged physical sector]
Sector 1465149000 --> [Forged physical sector]
Sector 1465149001 --> [Forged physical sector]
Sector 1465149002 --> [Forged physical sector]
Sector 1465149003 --> [Forged physical sector]
Sector 1465149004 --> [Forged physical sector]
Sector 1465149005 --> [Forged physical sector]
Sector 1465149006 --> [Forged physical sector]
Sector 1465149007 --> [Forged physical sector]
Sector 1465149008 --> [Forged physical sector]
Sector 1465149009 --> [Forged physical sector]
Sector 1465149010 --> [Forged physical sector]
Sector 1465149011 --> [Forged physical sector]
Sector 1465149012 --> [Forged physical sector]
Sector 1465149013 --> [Forged physical sector]
Sector 1465149014 --> [Forged physical sector]
Sector 1465149015 --> [Forged physical sector]
Sector 1465149016 --> [Forged physical sector]
Sector 1465149017 --> [Forged physical sector]
Sector 1465149018 --> [Forged physical sector]
Sector 1465149019 --> [Forged physical sector]
Sector 1465149020 --> [Forged physical sector]
Sector 1465149021 --> [Forged physical sector]
Sector 1465149022 --> [Forged physical sector]
Sector 1465149023 --> [Forged physical sector]
Sector 1465149024 --> [Forged physical sector]
Sector 1465149025 --> [Forged physical sector]
Sector 1465149026 --> [Forged physical sector]
Sector 1465149027 --> [Forged physical sector]
Sector 1465149028 --> [Forged physical sector]
Sector 1465149029 --> [Forged physical sector]
Sector 1465149030 --> [Forged physical sector]
Sector 1465149031 --> [Forged physical sector]
Sector 1465149032 --> [Forged physical sector]
Sector 1465149033 --> [Forged physical sector]
Sector 1465149034 --> [Forged physical sector]
Sector 1465149035 --> [Forged physical sector]
Sector 1465149036 --> [Forged physical sector]
Sector 1465149037 --> [Forged physical sector]
Sector 1465149038 --> [Forged physical sector]
Sector 1465149039 --> [Forged physical sector]
Sector 1465149040 --> [Forged physical sector]
Sector 1465149041 --> [Forged physical sector]
Sector 1465149042 --> [Forged physical sector]
Sector 1465149043 --> [Forged physical sector]
Sector 1465149044 --> [Forged physical sector]
Sector 1465149045 --> [Forged physical sector]
Sector 1465149046 --> [Forged physical sector]
Sector 1465149047 --> [Forged physical sector]
Sector 1465149048 --> [Forged physical sector]
Sector 1465149049 --> [Forged physical sector]
Sector 1465149050 --> [Forged physical sector]
Sector 1465149051 --> [Forged physical sector]
Sector 1465149052 --> [Forged physical sector]
Sector 1465149053 --> [Forged physical sector]
Sector 1465149054 --> [Forged physical sector]
Sector 1465149055 --> [Forged physical sector]
Sector 1465149056 --> [Forged physical sector]
Sector 1465149057 --> [Forged physical sector]
Sector 1465149058 --> [Forged physical sector]
Sector 1465149059 --> [Forged physical sector]
Sector 1465149060 --> [Forged physical sector]
Sector 1465149061 --> [Forged physical sector]
Sector 1465149062 --> [Forged physical sector]
Sector 1465149063 --> [Forged physical sector]
Sector 1465149064 --> [Forged physical sector]
Sector 1465149065 --> [Forged physical sector]
Sector 1465149066 --> [Forged physical sector]
Sector 1465149067 --> [Forged physical sector]
Sector 1465149068 --> [Forged physical sector]
Sector 1465149069 --> [Forged physical sector]
Sector 1465149070 --> [Forged physical sector]
Sector 1465149071 --> [Forged physical sector]
Sector 1465149072 --> [Forged physical sector]
Sector 1465149073 --> [Forged physical sector]
Sector 1465149074 --> [Forged physical sector]
Sector 1465149075 --> [Forged physical sector]
Sector 1465149076 --> [Forged physical sector]
Sector 1465149077 --> [Forged physical sector]
Sector 1465149078 --> [Forged physical sector]
Sector 1465149079 --> [Forged physical sector]
Sector 1465149080 --> [Forged physical sector]
Sector 1465149081 --> [Forged physical sector]
Sector 1465149082 --> [Forged physical sector]
Sector 1465149083 --> [Forged physical sector]
Sector 1465149084 --> [Forged physical sector]
Sector 1465149085 --> [Forged physical sector]
Sector 1465149086 --> [Forged physical sector]
Sector 1465149087 --> [Forged physical sector]
Sector 1465149088 --> [Forged physical sector]
Sector 1465149089 --> [Forged physical sector]
Sector 1465149090 --> [Forged physical sector]
Sector 1465149091 --> [Forged physical sector]
Sector 1465149092 --> [Forged physical sector]
Sector 1465149093 --> [Forged physical sector]
Sector 1465149094 --> [Forged physical sector]
Sector 1465149095 --> [Forged physical sector]
Sector 1465149096 --> [Forged physical sector]
Sector 1465149097 --> [Forged physical sector]
Sector 1465149098 --> [Forged physical sector]
Sector 1465149099 --> [Forged physical sector]
Sector 1465149100 --> [Forged physical sector]
Sector 1465149101 --> [Forged physical sector]
Sector 1465149102 --> [Forged physical sector]
Sector 1465149103 --> [Forged physical sector]
Sector 1465149104 --> [Forged physical sector]
Sector 1465149105 --> [Forged physical sector]
Sector 1465149106 --> [Forged physical sector]
Sector 1465149107 --> [Forged physical sector]
Sector 1465149108 --> [Forged physical sector]
Sector 1465149109 --> [Forged physical sector]
Sector 1465149110 --> [Forged physical sector]
Sector 1465149111 --> [Forged physical sector]
Sector 1465149112 --> [Forged physical sector]
Sector 1465149113 --> [Forged physical sector]
Sector 1465149114 --> [Forged physical sector]
Sector 1465149115 --> [Forged physical sector]
Sector 1465149116 --> [Forged physical sector]
Sector 1465149117 --> [Forged physical sector]
Sector 1465149118 --> [Forged physical sector]
Sector 1465149119 --> [Forged physical sector]
Sector 1465149120 --> [Forged physical sector]
Sector 1465149121 --> [Forged physical sector]
Sector 1465149122 --> [Forged physical sector]
Sector 1465149123 --> [Forged physical sector]
Sector 1465149124 --> [Forged physical sector]
Sector 1465149125 --> [Forged physical sector]
Sector 1465149126 --> [Forged physical sector]
Sector 1465149127 --> [Forged physical sector]
Sector 1465149128 --> [Forged physical sector]
Sector 1465149129 --> [Forged physical sector]
Sector 1465149130 --> [Forged physical sector]
Sector 1465149131 --> [Forged physical sector]
Sector 1465149132 --> [Forged physical sector]
Sector 1465149133 --> [Forged physical sector]
Sector 1465149134 --> [Forged physical sector]
Sector 1465149135 --> [Forged physical sector]
Sector 1465149136 --> [Forged physical sector]
Sector 1465149137 --> [Forged physical sector]
Sector 1465149138 --> [Forged physical sector]
Sector 1465149139 --> [Forged physical sector]
Sector 1465149140 --> [Forged physical sector]
Sector 1465149141 --> [Forged physical sector]
Sector 1465149142 --> [Forged physical sector]
Sector 1465149143 --> [Forged physical sector]
Sector 1465149144 --> [Forged physical sector]
Sector 1465149145 --> [Forged physical sector]
Sector 1465149146 --> [Forged physical sector]
Sector 1465149147 --> [Forged physical sector]
Sector 1465149148 --> [Forged physical sector]
Sector 1465149149 --> [Forged physical sector]
Sector 1465149150 --> [Forged physical sector]
Sector 1465149151 --> [Forged physical sector]
Sector 1465149152 --> [Forged physical sector]
Sector 1465149153 --> [Forged physical sector]
Sector 1465149154 --> [Forged physical sector]
Sector 1465149155 --> [Forged physical sector]
Sector 1465149156 --> [Forged physical sector]
Sector 1465149157 --> [Forged physical sector]
Sector 1465149158 --> [Forged physical sector]
Sector 1465149159 --> [Forged physical sector]
Sector 1465149160 --> [Forged physical sector]
Sector 1465149161 --> [Forged physical sector]
Sector 1465149162 --> [Forged physical sector]
Sector 1465149163 --> [Forged physical sector]
Sector 1465149164 --> [Forged physical sector]
Sector 1465149165 --> [Forged physical sector]
Sector 1465149166 --> [Forged physical sector]
Sector 1465149167 --> [Forged physical sector]
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8007c1b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007c19040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007c1b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007bbc380, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8007c19790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b8a3a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007c19790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007bd1450, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8007ac5060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007c1b040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007ac5060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007bdfb60, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8007ac6790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007c1a040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007ac6790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007bbf060, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8007c1a790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007ac5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007c1a790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007bdf660, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 6, DevicePointer: 0xfffffa8007c34790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b2b580, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007c34790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007c29610, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a01113da80, 0xfffffa8007c34790, 0xfffffa80097800e0
Lower DeviceData: 0xfffff8a011850ac0, 0xfffffa8007c29610, 0xfffffa80095589d0
Drive 6
Scanning MBR on drive 6...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18CC46C1
Partition information:
Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 7856064
Partition file system is FAT32
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4022337024 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Infected: C:\Users\Entregan\Desktop\installer_winrar.exe --> [PUP.BundleInstaller.PHP]
Infected: C:\Users\Entregan\Downloads\FastDownload.exe --> [Affiliate.Downloader]
Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from AhaShare.com.txt" is sparse (flags = 32768)
Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from Demonoid.me.txt" is sparse (flags = 32768)
Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from elite-pirates.com.txt" is sparse (flags = 32768)
Infected: C:\Windows\svchost.exe --> [Trojan.Agent]
Infected: C:\Windows\svchost.exe --> [Trojan.Agent]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 4
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occured
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 6441787392, free: 5390708736
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 6441787392, free: 4913487872
------------ Kernel report ------------
12/02/2012 15:49:18
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8007911060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000076\
Lower Device Object: 0xfffffa8007916490
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8006c09060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xfffffa8006bf6990
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8006c03060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xfffffa8006bf7060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8006c02060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa8006bf6060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8006c01060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xfffffa8006bf3710
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
-
Upon continuing my efforts the program appears to have completed.
<- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
ComboFix 12-12-01.02 - Entregan 12/02/2012 10:40:26.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4955 [GMT -6:00]
Running from: c:\users\Entregan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\program files (x86)\smartdl
c:\program files (x86)\smartdl\dler.exe
c:\program files (x86)\smartdl\gunzip.exe
c:\program files (x86)\smartdl\header.bmp
c:\program files (x86)\smartdl\header2.bmp
c:\program files (x86)\smartdl\header3.bmp
c:\program files (x86)\smartdl\next.bmp
c:\program files (x86)\smartdl\skip.bmp
c:\program files (x86)\smartdl\status-o
C:\torrent.exe
c:\users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}
c:\users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}\@
c:\users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}\n
c:\users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll
c:\users\Entregan\AppData\Roaming\MicroST
c:\users\Entregan\Desktop\Setup.exe
c:\windows\Installer\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}
c:\windows\svchost.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-01 07:41 . 2010-04-29 21:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-12-01 07:41 . 2010-04-29 21:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-01 01:01 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C799154-D873-460D-B987-398221FAE0A1}\mpengine.dll
2012-11-30 15:25 . 2012-11-30 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-28 18:20 . 2012-11-28 18:21 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcD2D3.tmp
2012-11-28 18:18 . 2012-12-02 16:14 -------- d-----w- c:\users\Entregan\Tracing
2012-11-26 22:01 . 2012-11-26 22:01 -------- d-----w- c:\programdata\Premium
2012-11-26 22:01 . 2012-11-26 22:01 -------- d-----w- c:\program files (x86)\wxDownload Fast
2012-11-26 22:00 . 2012-11-26 22:00 -------- d-----w- c:\program files (x86)\WxDownload
2012-11-26 22:00 . 2012-11-26 22:01 -------- d-----w- c:\programdata\wxDownload
2012-11-26 21:59 . 2012-11-26 22:01 -------- d-----w- c:\programdata\InstallMate
2012-11-21 21:55 . 2012-11-21 21:55 -------- d-----w- C:\gOYNuoGr9r1xSBK
2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files\Microsoft Silverlight
2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-16 09:13 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 09:13 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 09:13 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 09:13 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 09:04 . 2012-10-08 11:26 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-11-16 09:04 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-16 09:04 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-16 09:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 09:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 09:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 09:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 09:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 09:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 09:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 09:01 . 2011-12-07 23:51 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 13:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 20:57 . 2012-09-01 20:22 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 20:57 . 2011-12-13 21:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 19:19 . 2012-10-09 20:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 20:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-14 04:45 . 2012-09-14 04:45 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 04:45 . 2012-09-14 04:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-14 04:45 . 2012-02-20 06:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{058F3854-AE44-8D10-5FBA-9FA9BD92DB29}]
2012-11-26 22:02 129024 ----a-w- c:\programdata\wxDownload\50b3e6f662612.ocx
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-03-27 00:40 792864 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976]
"Spotify"="c:\users\Entregan\AppData\Roaming\Spotify\Spotify.exe" [2012-11-12 7880664]
"Spotify Web Helper"="c:\users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-12 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103904]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\users\Entregan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-10-25 0]
Dropbox.lnk - c:\users\Entregan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\WxDownload\sprotector.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-12-12 1038304]
R3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-12-12 1030112]
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-12-07 716800]
R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-12-12 163440]
R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-12-12 191104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]
R3 X6va006;X6va006;c:\users\Entregan\AppData\Local\Temp\00644A2.tmp [x]
R3 X6va008;X6va008;c:\users\Entregan\AppData\Local\Temp\008F928.tmp [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-20 279616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793056]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 20:57]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58]
.
2012-12-02 c:\windows\Tasks\PTSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Utilities\pt.exe [2012-03-31 17:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US New Customized Web Search
FF - prefs.js: browser.startup.homepage - netflix.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-11-26 16:01; 50b3e6d3346e5@50b3e6d33471e.com; c:\users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\extensions\50b3e6d3346e5@50b3e6d33471e.com
FF - ExtSQL: !HIDDEN! 2012-03-31 02:19; fbphotozoom@installdaddy.com; c:\program files (x86)\fbphotozoom\fbphotozoom15.xpi
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 29a92b03-ec2d-4a1f-b430-fd485c7c9f8b
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Google - c:\users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll
Wow6432Node-HKU-Default-Run-Google - c:\users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\00644A2.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\008F928.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,7b,e5,0b,15,c6,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Mozilla Firefox\plugin-container.exe
c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
.
**************************************************************************
.
Completion time: 2012-12-02 11:51:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-02 17:51
.
Pre-Run: 521,692,004,352 bytes free
Post-Run: 521,152,172,032 bytes free
.
- - End Of File - - C858D554C0005564E7D41323F67ECB91
-
In running that program, I managed to get the BSOD. A first, I might add. It got to about stage 50 roughly.
-
I've tried your suggested flash drive based repair. When I'm to select the drive to repair, there are no options to select. It says to select the driver for the drive I want to repair. Please advise.
-
I've recently come across a bit of malware that I can't seem to get rid of. Normally, I don't have problems removing anything I get. On the rare ocassion something like that does happen, I defer to Malwarebytes, and my problems are often alieviated. This time, unfortunately, I can't seem to get rid of whatever is causing this one.
I have a series of activities I normally do, which don't really tax my computer that much. I play games and watch movies. That's about it. For the most part I don't even surf the web. However, this little beauty of a trojan bogs down everything to the point of making even the simplest of tasks take forever. The only way I can keep my computer running remotely efficiently, is to open my task manager and kill the process. The problem being that it immediately restarts as it is an svchost file. I have run malwarebytes several times now, and when i reboot to complete the removal it is always there.
< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Entregan at 7:46:15 on 2012-12-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3771 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Entregan\Downloads\OTL.com
C:\Program Files (x86)\Skype\Phone\Skype.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\StikyNot.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: wxDownload Class: {058F3854-AE44-8D10-5FBA-9FA9BD92DB29} - C:\ProgramData\wxDownload\50b3e6f662612.ocx
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
uRun: [spotify] "C:\Users\Entregan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [spotify Web Helper] "C:\Users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google] rundll32.exe "C:\Users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll",RunServiceW
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
dRun: [Google] rundll32.exe "C:\Users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll",RunServiceW
StartupFolder: C:\Users\Entregan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Entregan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Entregan\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0C94C160-F292-43EB-B06D-8CC60005FCDF} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9574A2CC-F6A5-49A3-8133-577BFD244B0A} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9574A2CC-F6A5-49A3-8133-577BFD244B0A}\C696E6B6379737F5F475F51383634313 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{9A47D100-A2B0-4FA4-9612-792695A486CF} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A9C84BEA-4A40-4E15-9A0B-EF9ECA8C2CA5} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E7D0B127-D204-4484-9FC7-514E8EFA0784}\2656C6B696E6E233736343 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E7D0B127-D204-4484-9FC7-514E8EFA0784}\441627B60225166756E6723702C496768647 : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~2\wxdownload\sprotector.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
x64-mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US New Customized Web Search
FF - prefs.js: browser.startup.homepage - netflix.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-26 16:01; 50b3e6d3346e5@50b3e6d33471e.com; C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\extensions\50b3e6d3346e5@50b3e6d33471e.com
FF - ExtSQL: !HIDDEN! 2012-03-31 02:19; fbphotozoom@installdaddy.com; C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 29a92b03-ec2d-4a1f-b430-fd485c7c9f8b
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-20 279616]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-10 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-3-31 793056]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-24 240160]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-4-6 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-10-10 96896]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2012-3-31 1038304]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2012-3-31 1030112]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;C:\Windows\System32\drivers\netr7364.sys [2011-12-7 716800]
S3 PCTDMDefrag;PCTDMDefrag;C:\Windows\System32\drivers\PCTDMDefrag.sys [2012-3-31 163440]
S3 PCTDSMon;PCTDSMon;C:\Windows\System32\drivers\PCTDSMon.sys [2012-3-31 191104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-7 1255736]
.
=============== Created Last 30 ================
.
2012-12-02 12:31:07 20480 ----a-w- C:\Windows\svchost.exe
2012-12-01 07:41:02 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-12-01 07:41:00 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-01 01:01:03 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C799154-D873-460D-B987-398221FAE0A1}\mpengine.dll
2012-11-28 18:20:59 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcD2D3.tmp
2012-11-28 18:18:39 -------- d-----w- C:\Users\Entregan\Tracing
2012-11-26 22:01:17 -------- d-----w- C:\ProgramData\Premium
2012-11-26 22:01:15 -------- d-----w- C:\Program Files (x86)\wxDownload Fast
2012-11-26 22:00:39 -------- d-----w- C:\Program Files (x86)\WxDownload
2012-11-26 22:00:33 -------- d-----w- C:\ProgramData\wxDownload
2012-11-26 21:59:09 -------- d-----w- C:\ProgramData\InstallMate
2012-11-21 21:55:05 -------- d-----w- C:\Users\Entregan\AppData\Roaming\MicroST
2012-11-21 21:55:05 -------- d-----w- C:\gOYNuoGr9r1xSBK
2012-11-16 09:13:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 09:13:07 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 09:13:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 09:13:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-16 09:04:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-11-16 09:01:24 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 09:01:24 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 09:01:24 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 09:01:24 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 09:01:24 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-16 09:01:24 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 09:01:24 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
.
==================== Find3M ====================
.
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 20:57:23 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 20:57:23 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 04:45:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 04:45:15 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-14 04:45:15 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 7:47:01.16 ===============
< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/6/2011 10:43:15 PM
System Uptime: 12/2/2012 6:29:43 AM (1 hours ago)
.
Motherboard: eMachines | | MCP61PM-GM
Processor: AMD Athlon II X2 250u Processor | CPU 1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 485.9 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is Removable
L: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&36DC3827&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&36DC3827&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP146: 11/30/2012 2:02:06 AM - Removed service pack backup files
RP147: 11/30/2012 3:03:18 AM - Created by PC Tools Performance Toolkit
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
1ClickDownload
1ClickDownloader
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 MUI
Advertising Center
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Mobile Device Support
Apple Software Update
Belkin 54Mbps Wireless Network Adapter
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplay 1.8
Compatibility Pack for the 2007 Office system
Curse Client
DAEMON Tools Lite
DC Universe Online Live
Diablo III
DivX Setup
Dropbox
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
FastFox
Fiesta
Free Alarm Clock 2.7.0
GameMaker 8.1
Google Toolbar for Internet Explorer
Google Update Helper
Grapevine 3.0
Identity Card
ImagXpress
Jasc Paint Shop Pro 9
Java 7 Update 7
Java Auto Updater
Java 6 Update 31
Junk Mail filter update
KeyBlaze Typing Tutor
LG USB Modem driver
Magic Set Editor 2.0.0
Magic The Gathering - Duels of the Planeswalkers 2012
Magic Workstation 0.94f
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
mIRC
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
Pando Media Booster
PC Tools Performance Toolkit 2.0
PVSonyDll
Realtek High Definition Audio Driver
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Shades of Truth Launcher
Skype Click to Call
Skype™ 6.0
Spotify
StarCraft II
Steam
Tanarus
thriXXX 3DSexVilla2-123.001
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
VLC
VLC media player 1.1.11
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.10 (64-bit)
World of Warcraft
WxDownload Expansion
wxDownload Fast 0.6.0
XChat 2 (remove only)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
12/2/2012 6:30:10 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/2/2012 6:30:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
12/2/2012 6:30:09 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/1/2012 5:08:47 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
12/1/2012 5:08:47 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
12/1/2012 5:02:11 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
12/1/2012 1:38:14 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WLAN AutoConfig service, but this action failed with the following error: An instance of the service is already running.
12/1/2012 1:36:14 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/30/2012 9:31:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/30/2012 3:13:07 AM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/30/2012 3:12:32 AM, Error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s).
11/30/2012 3:12:14 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/30/2012 3:11:55 AM, Error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
11/25/2012 5:20:43 PM, Error: Service Control Manager [7034] - The PC Tools Performance Toolkit Defrag Service service terminated unexpectedly. It has done this 2 time(s).
11/25/2012 5:17:49 PM, Error: Service Control Manager [7031] - The PC Tools Performance Toolkit Defrag Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
-
. . . bogs down everything to the point of making even the simplest of tasks take forever. The only way I can keep my computer running remotely efficiently, is to open my task manager and kill the process. The problem being that it immediately restarts as it is an svchost file. I have run malwarebytes several times now, and when i reboot to complete the removal it is always there. ( my apologies for the double post. )
-
I've recently come across a bit of malware that I can't seem to get rid of. Normally, I don't have problems removing anything I get. On the rare ocassion something like that does happen, I defer to Malwarebytes, and my problems are often alieviated. This time, unfortunately, I can't seem to get rid of whatever is causing this one.
I have a series of activities I normally do, which don't really tax my computer that much. I play games and watch movies. That's about it. For the most part I don't even surf the web. However, this little beauty of a trojan
Never ending winrscmde memory usage
in Resolved Malware Removal Logs
Posted
>>> Deleted.
>>> Computer operates at sub-par speeds.
>>> Possible Defrag?