Never ending winrscmde memory usage

[Entregan]

I've recently come across a bit of malware that I can't seem to get rid of. Normally, I don't have problems removing anything I get. On the rare ocassion something like that does happen, I defer to Malwarebytes, and my problems are often alieviated. This time, unfortunately, I can't seem to get rid of whatever is causing this one.

I have a series of activities I normally do, which don't really tax my computer that much. I play games and watch movies. That's about it. For the most part I don't even surf the web. However, this little beauty of a trojan bogs down everything to the point of making even the simplest of tasks take forever. The only way I can keep my computer running remotely efficiently, is to open my task manager and kill the process. The problem being that it immediately restarts as it is an svchost file. I have run malwarebytes several times now, and when i reboot to complete the removal it is always there.

< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2

Run by Entregan at 7:46:15 on 2012-12-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3771 [GMT -6:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe

C:\Users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Entregan\Downloads\OTL.com

C:\Program Files (x86)\Skype\Phone\Skype.exe

\\.\globalroot\systemroot\svchost.exe -netsvcs

C:\Windows\system32\StikyNot.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: wxDownload Class: {058F3854-AE44-8D10-5FBA-9FA9BD92DB29} - C:\ProgramData\wxDownload\50b3e6f662612.ocx

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun

uRun: [spotify] "C:\Users\Entregan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [spotify Web Helper] "C:\Users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Google] rundll32.exe "C:\Users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll",RunServiceW

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

dRun: [Google] rundll32.exe "C:\Users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll",RunServiceW

StartupFolder: C:\Users\Entregan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\Users\Entregan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Entregan\AppData\Roaming\Dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{0C94C160-F292-43EB-B06D-8CC60005FCDF} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{9574A2CC-F6A5-49A3-8133-577BFD244B0A} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{9574A2CC-F6A5-49A3-8133-577BFD244B0A}\C696E6B6379737F5F475F51383634313 : DHCPNameServer = 192.168.15.1

TCP: Interfaces\{9A47D100-A2B0-4FA4-9612-792695A486CF} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{A9C84BEA-4A40-4E15-9A0B-EF9ECA8C2CA5} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{E7D0B127-D204-4484-9FC7-514E8EFA0784}\2656C6B696E6E233736343 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{E7D0B127-D204-4484-9FC7-514E8EFA0784}\441627B60225166756E6723702C496768647 : DHCPNameServer = 192.168.2.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= c:\progra~2\wxdownload\sprotector.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

x64-mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US New Customized Web Search

FF - prefs.js: browser.startup.homepage - netflix.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 4

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-26 16:01; 50b3e6d3346e5@50b3e6d33471e.com; C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\extensions\50b3e6d3346e5@50b3e6d33471e.com

FF - ExtSQL: !HIDDEN! 2012-03-31 02:19; fbphotozoom@installdaddy.com; C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 29a92b03-ec2d-4a1f-b430-fd485c7c9f8b

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics

.

FF - user.js: extensions.autoDisableScopes - 14

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-20 279616]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-10 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-3-31 793056]

R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-24 240160]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-4-6 46136]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-10-10 96896]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2012-3-31 1038304]

S3 DMRepairService;PC Tools Performance Toolkit Repair Service;C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2012-3-31 1030112]

S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;C:\Windows\System32\drivers\netr7364.sys [2011-12-7 716800]

S3 PCTDMDefrag;PCTDMDefrag;C:\Windows\System32\drivers\PCTDMDefrag.sys [2012-3-31 163440]

S3 PCTDSMon;PCTDSMon;C:\Windows\System32\drivers\PCTDSMon.sys [2012-3-31 191104]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-8 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-7 1255736]

.

=============== Created Last 30 ================

.

2012-12-02 12:31:07 20480 ----a-w- C:\Windows\svchost.exe

2012-12-01 07:41:02 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2012-12-01 07:41:00 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-01 01:01:03 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C799154-D873-460D-B987-398221FAE0A1}\mpengine.dll

2012-11-28 18:20:59 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcD2D3.tmp

2012-11-28 18:18:39 -------- d-----w- C:\Users\Entregan\Tracing

2012-11-26 22:01:17 -------- d-----w- C:\ProgramData\Premium

2012-11-26 22:01:15 -------- d-----w- C:\Program Files (x86)\wxDownload Fast

2012-11-26 22:00:39 -------- d-----w- C:\Program Files (x86)\WxDownload

2012-11-26 22:00:33 -------- d-----w- C:\ProgramData\wxDownload

2012-11-26 21:59:09 -------- d-----w- C:\ProgramData\InstallMate

2012-11-21 21:55:05 -------- d-----w- C:\Users\Entregan\AppData\Roaming\MicroST

2012-11-21 21:55:05 -------- d-----w- C:\gOYNuoGr9r1xSBK

2012-11-16 09:13:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-16 09:13:07 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-16 09:13:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-16 09:13:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-16 09:04:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-11-16 09:01:24 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-16 09:01:24 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-16 09:01:24 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-16 09:01:24 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-16 09:01:24 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-16 09:01:24 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-16 09:01:24 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

.

==================== Find3M ====================

.

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 20:57:23 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-08 20:57:23 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-14 04:45:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-14 04:45:15 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-14 04:45:15 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 7:47:01.16 ===============

< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 12/6/2011 10:43:15 PM

System Uptime: 12/2/2012 6:29:43 AM (1 hours ago)

.

Motherboard: eMachines | | MCP61PM-GM

Processor: AMD Athlon II X2 250u Processor | CPU 1 | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 686 GiB total, 485.9 GiB free.

D: is CDROM (UDF)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM (CDFS)

K: is Removable

L: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&36DC3827&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&36DC3827&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP146: 11/30/2012 2:02:06 AM - Removed service pack backup files

RP147: 11/30/2012 3:03:18 AM - Created by PC Tools Performance Toolkit

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

1ClickDownload

1ClickDownloader

Acrobat.com

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader 9.1 MUI

Advertising Center

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Apple Mobile Device Support

Apple Software Update

Belkin 54Mbps Wireless Network Adapter

Bonjour

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CDisplay 1.8

Compatibility Pack for the 2007 Office system

Curse Client

DAEMON Tools Lite

DC Universe Online Live

Diablo III

DivX Setup

Dropbox

Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801

eBay Worldwide

eMachines Games

eMachines Recovery Management

eMachines Registration

eMachines ScreenSaver

eMachines Updater

FastFox

Fiesta

Free Alarm Clock 2.7.0

GameMaker 8.1

Google Toolbar for Internet Explorer

Google Update Helper

Grapevine 3.0

Identity Card

ImagXpress

Jasc Paint Shop Pro 9

Java 7 Update 7

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

KeyBlaze Typing Tutor

LG USB Modem driver

Magic Set Editor 2.0.0

Magic The Gathering - Duels of the Planeswalkers 2012

Magic Workstation 0.94f

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

mIRC

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

Pando Media Booster

PC Tools Performance Toolkit 2.0

PVSonyDll

Realtek High Definition Audio Driver

Rosetta Stone Version 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Shades of Truth Launcher

Skype Click to Call

Skype™ 6.0

Spotify

StarCraft II

Steam

Tanarus

thriXXX 3DSexVilla2-123.001

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client

VLC

VLC media player 1.1.11

Welcome Center

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinRAR 4.10 (64-bit)

World of Warcraft

WxDownload Expansion

wxDownload Fast 0.6.0

XChat 2 (remove only)

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

Yontoo 1.10.02

.

==== Event Viewer Messages From Past Week ========

.

12/2/2012 6:30:10 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/2/2012 6:30:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

12/2/2012 6:30:09 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/1/2012 5:08:47 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

12/1/2012 5:08:47 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

12/1/2012 5:02:11 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

12/1/2012 1:38:14 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WLAN AutoConfig service, but this action failed with the following error: An instance of the service is already running.

12/1/2012 1:36:14 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/1/2012 1:36:14 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/30/2012 9:31:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

11/30/2012 3:13:07 AM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

11/30/2012 3:12:32 AM, Error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s).

11/30/2012 3:12:14 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

11/30/2012 3:11:55 AM, Error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).

11/25/2012 5:20:43 PM, Error: Service Control Manager [7034] - The PC Tools Performance Toolkit Defrag Service service terminated unexpectedly. It has done this 2 time(s).

11/25/2012 5:17:49 PM, Error: Service Control Manager [7031] - The PC Tools Performance Toolkit Defrag Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

[CatByte]

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Choose your language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Choose your language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

[Entregan]

I've tried your suggested flash drive based repair. When I'm to select the drive to repair, there are no options to select. It says to select the driver for the drive I want to repair. Please advise.

[CatByte]

ok,

we'll try a different approach

Please run the following

Refer to the ComboFix User's Guide

1. Download ComboFix from the following location:
   Link
   * IMPORTANT !!! Place ComboFix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   You can get help on disabling your protection programs here
   
3. Double click on ComboFix.exe & follow the prompts.
   
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
5. When finished, it shall produce a log for you. Post that log in your next reply
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   ---------------------------------------------------------------------------------------------
   
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[Entregan]

In running that program, I managed to get the BSOD. A first, I might add. It got to about stage 50 roughly.

[Entregan]

Upon continuing my efforts the program appears to have completed.

<- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >

ComboFix 12-12-01.02 - Entregan 12/02/2012 10:40:26.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4955 [GMT -6:00]

Running from: c:\users\Entregan\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Autorun.inf

c:\program files (x86)\smartdl

c:\program files (x86)\smartdl\dler.exe

c:\program files (x86)\smartdl\gunzip.exe

c:\program files (x86)\smartdl\header.bmp

c:\program files (x86)\smartdl\header2.bmp

c:\program files (x86)\smartdl\header3.bmp

c:\program files (x86)\smartdl\next.bmp

c:\program files (x86)\smartdl\skip.bmp

c:\program files (x86)\smartdl\status-o

C:\torrent.exe

c:\users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}

c:\users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}\@

c:\users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}\n

c:\users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll

c:\users\Entregan\AppData\Roaming\MicroST

c:\users\Entregan\Desktop\Setup.exe

c:\windows\Installer\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}

c:\windows\svchost.exe

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))

.

.

2012-12-01 07:41 . 2010-04-29 21:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2012-12-01 07:41 . 2010-04-29 21:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-01 01:01 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C799154-D873-460D-B987-398221FAE0A1}\mpengine.dll

2012-11-30 15:25 . 2012-11-30 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-11-28 18:20 . 2012-11-28 18:21 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcD2D3.tmp

2012-11-28 18:18 . 2012-12-02 16:14 -------- d-----w- c:\users\Entregan\Tracing

2012-11-26 22:01 . 2012-11-26 22:01 -------- d-----w- c:\programdata\Premium

2012-11-26 22:01 . 2012-11-26 22:01 -------- d-----w- c:\program files (x86)\wxDownload Fast

2012-11-26 22:00 . 2012-11-26 22:00 -------- d-----w- c:\program files (x86)\WxDownload

2012-11-26 22:00 . 2012-11-26 22:01 -------- d-----w- c:\programdata\wxDownload

2012-11-26 21:59 . 2012-11-26 22:01 -------- d-----w- c:\programdata\InstallMate

2012-11-21 21:55 . 2012-11-21 21:55 -------- d-----w- C:\gOYNuoGr9r1xSBK

2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files\Microsoft Silverlight

2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-11-16 09:13 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 09:13 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 09:13 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 09:13 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 09:04 . 2012-10-08 11:26 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-11-16 09:04 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-16 09:04 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-16 09:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 09:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 09:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-16 09:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-16 09:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 09:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 09:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-16 09:01 . 2011-12-07 23:51 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-16 08:38 . 2012-11-28 13:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 13:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 13:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-08 20:57 . 2012-09-01 20:22 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 20:57 . 2011-12-13 21:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-14 19:19 . 2012-10-09 20:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-09 20:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-14 04:45 . 2012-09-14 04:45 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-14 04:45 . 2012-09-14 04:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-14 04:45 . 2012-02-20 06:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{058F3854-AE44-8D10-5FBA-9FA9BD92DB29}]

2012-11-26 22:02 129024 ----a-w- c:\programdata\wxDownload\50b3e6f662612.ocx

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2012-03-27 00:40 792864 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976]

"Spotify"="c:\users\Entregan\AppData\Roaming\Spotify\Spotify.exe" [2012-11-12 7880664]

"Spotify Web Helper"="c:\users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-12 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103904]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

.

c:\users\Entregan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-10-25 0]

Dropbox.lnk - c:\users\Entregan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\WxDownload\sprotector.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-12-12 1038304]

R3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-12-12 1030112]

R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-12-07 716800]

R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-12-12 163440]

R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-12-12 191104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]

R3 X6va006;X6va006;c:\users\Entregan\AppData\Local\Temp\00644A2.tmp [x]

R3 X6va008;X6va008;c:\users\Entregan\AppData\Local\Temp\008F928.tmp [x]

R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-20 279616]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]

S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793056]

S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 20:57]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58]

.

2012-12-02 c:\windows\Tasks\PTSchedule.job

- c:\program files (x86)\PC Tools\PC Tools Utilities\pt.exe [2012-03-31 17:16]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US New Customized Web Search

FF - prefs.js: browser.startup.homepage - netflix.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 4

FF - ExtSQL: 2012-11-26 16:01; 50b3e6d3346e5@50b3e6d33471e.com; c:\users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\extensions\50b3e6d3346e5@50b3e6d33471e.com

FF - ExtSQL: !HIDDEN! 2012-03-31 02:19; fbphotozoom@installdaddy.com; c:\program files (x86)\fbphotozoom\fbphotozoom15.xpi

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 29a92b03-ec2d-4a1f-b430-fd485c7c9f8b

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Google - c:\users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll

Wow6432Node-HKU-Default-Run-Google - c:\users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\00644A2.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]

"ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\008F928.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va010]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,

36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:70,7b,e5,0b,15,c6,cd,01

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Mozilla Firefox\firefox.exe

c:\\.\globalroot\systemroot\svchost.exe

c:\program files (x86)\Mozilla Firefox\plugin-container.exe

c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

.

**************************************************************************

.

Completion time: 2012-12-02 11:51:22 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-02 17:51

.

Pre-Run: 521,692,004,352 bytes free

Post-Run: 521,152,172,032 bytes free

.

- - End Of File - - C858D554C0005564E7D41323F67ECB91

[CatByte]

looking better,

please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
  
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  
• Copy and paste the contents of these two log files in your next reply.

Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

NEXT

Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
  
• Right-mouse click JRT.exe and select Run as administrator
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message
  

NEXT

Download AdwCleaner from here and save it to your desktop.

• Run AdwCleaner and select Delete
  
• Once done it will ask to reboot, allow the reboot
  
• On reboot a log will be produced, please attach the content of the log to your next reply
  

[Entregan]

Process has been completed. So far things are looking good!

< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default

File : C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\prefs.js

Deleted : user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Deleted : user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]

Deleted : user_pref("CT3244149.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT3244149.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]

Deleted : user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3244149_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

*************************

AdwCleaner[s2].txt - [4871 octets] - [02/12/2012 16:24:03]

########## EOF - C:\AdwCleaner[s2].txt - [4931 octets] ##########

<- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ->

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.607000 GHz

Memory total: 6441787392, free: 2579046400

------------ Kernel report ------------

12/02/2012 15:25:01

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\nvstor64.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nvmf6264.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\amdiox64.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_nvstor64.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\??\C:\Windows\system32\Drivers\PROCEXP113.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk6\DR6

Upper Device Object: 0xfffffa8007c34790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000077\

Lower Device Object: 0xfffffa8007c29610

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xfffffa8007c1a790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000074\

Lower Device Object: 0xfffffa8007bdf660

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8007ac6790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000073\

Lower Device Object: 0xfffffa8007bbf060

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa8007ac5060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000072\

Lower Device Object: 0xfffffa8007bdfb60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8007c19790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000071\

Lower Device Object: 0xfffffa8007bd1450

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8007c1b790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000070\

Lower Device Object: 0xfffffa8007bbc380

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800642e410

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000060\

Lower Device Object: 0xfffffa800609e060

Lower Device Driver Name: \00000519\

Driver name found: nvstor64

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.12.02.03

Downloaded database version: v2012.11.30.01

Initializing...

Done!

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 4

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800642e410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800642f040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800642e410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800550fa80, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa800609e060, DeviceName: \Device\00000060\, DriverName: \00000519\

------------ End ----------

Upper DeviceData: 0xfffff8a0100bda60, 0xfffffa800642e410, 0xfffffa80099721e0

Lower DeviceData: 0xfffff8a01018e420, 0xfffffa800609e060, 0xfffffa8008b4a8e0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

MBR is forged!

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 470BF6B0

Partition information:

Partition 0 type is Other (0x27)

Partition is ACTIVE.

Partition starts at LBA: 6 Numsec = 0

Partition file system is UNKNOWN

Partition is not bootable

Infected: VBR on Active partition --> [Rootkit.Pihar.c.MBR]

Changing partition to empty and not active. New active partition is 1 on drive 0 ...

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 27262976

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 27265024 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 27469824 Numsec = 1437675520

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0

Disk Size: 750156374016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-5-1465129168-1465149168)...

Sector 1465148926 --> [Forged physical sector]

Sector 1465148927 --> [Forged physical sector]

Sector 1465148928 --> [Forged physical sector]

Sector 1465148929 --> [Forged physical sector]

Sector 1465148930 --> [Forged physical sector]

Sector 1465148931 --> [Forged physical sector]

Sector 1465148932 --> [Forged physical sector]

Sector 1465148933 --> [Forged physical sector]

Sector 1465148934 --> [Forged physical sector]

Sector 1465148935 --> [Forged physical sector]

Sector 1465148936 --> [Forged physical sector]

Sector 1465148937 --> [Forged physical sector]

Sector 1465148938 --> [Forged physical sector]

Sector 1465148939 --> [Forged physical sector]

Sector 1465148940 --> [Forged physical sector]

Sector 1465148941 --> [Forged physical sector]

Sector 1465148942 --> [Forged physical sector]

Sector 1465148943 --> [Forged physical sector]

Sector 1465148944 --> [Forged physical sector]

Sector 1465148945 --> [Forged physical sector]

Sector 1465148946 --> [Forged physical sector]

Sector 1465148947 --> [Forged physical sector]

Sector 1465148948 --> [Forged physical sector]

Sector 1465148949 --> [Forged physical sector]

Sector 1465148950 --> [Forged physical sector]

Sector 1465148951 --> [Forged physical sector]

Sector 1465148952 --> [Forged physical sector]

Sector 1465148953 --> [Forged physical sector]

Sector 1465148954 --> [Forged physical sector]

Sector 1465148955 --> [Forged physical sector]

Sector 1465148956 --> [Forged physical sector]

Sector 1465148957 --> [Forged physical sector]

Sector 1465148958 --> [Forged physical sector]

Sector 1465148959 --> [Forged physical sector]

Sector 1465148960 --> [Forged physical sector]

Sector 1465148961 --> [Forged physical sector]

Sector 1465148962 --> [Forged physical sector]

Sector 1465148963 --> [Forged physical sector]

Sector 1465148964 --> [Forged physical sector]

Sector 1465148965 --> [Forged physical sector]

Sector 1465148966 --> [Forged physical sector]

Sector 1465148967 --> [Forged physical sector]

Sector 1465148968 --> [Forged physical sector]

Sector 1465148969 --> [Forged physical sector]

Sector 1465148970 --> [Forged physical sector]

Sector 1465148971 --> [Forged physical sector]

Sector 1465148972 --> [Forged physical sector]

Sector 1465148973 --> [Forged physical sector]

Sector 1465148974 --> [Forged physical sector]

Sector 1465148975 --> [Forged physical sector]

Sector 1465148976 --> [Forged physical sector]

Sector 1465148977 --> [Forged physical sector]

Sector 1465148978 --> [Forged physical sector]

Sector 1465148979 --> [Forged physical sector]

Sector 1465148980 --> [Forged physical sector]

Sector 1465148981 --> [Forged physical sector]

Sector 1465148982 --> [Forged physical sector]

Sector 1465148983 --> [Forged physical sector]

Sector 1465148984 --> [Forged physical sector]

Sector 1465148985 --> [Forged physical sector]

Sector 1465148986 --> [Forged physical sector]

Sector 1465148987 --> [Forged physical sector]

Sector 1465148988 --> [Forged physical sector]

Sector 1465148989 --> [Forged physical sector]

Sector 1465148990 --> [Forged physical sector]

Sector 1465148991 --> [Forged physical sector]

Sector 1465148992 --> [Forged physical sector]

Sector 1465148993 --> [Forged physical sector]

Sector 1465148994 --> [Forged physical sector]

Sector 1465148995 --> [Forged physical sector]

Sector 1465148996 --> [Forged physical sector]

Sector 1465148997 --> [Forged physical sector]

Sector 1465148998 --> [Forged physical sector]

Sector 1465148999 --> [Forged physical sector]

Sector 1465149000 --> [Forged physical sector]

Sector 1465149001 --> [Forged physical sector]

Sector 1465149002 --> [Forged physical sector]

Sector 1465149003 --> [Forged physical sector]

Sector 1465149004 --> [Forged physical sector]

Sector 1465149005 --> [Forged physical sector]

Sector 1465149006 --> [Forged physical sector]

Sector 1465149007 --> [Forged physical sector]

Sector 1465149008 --> [Forged physical sector]

Sector 1465149009 --> [Forged physical sector]

Sector 1465149010 --> [Forged physical sector]

Sector 1465149011 --> [Forged physical sector]

Sector 1465149012 --> [Forged physical sector]

Sector 1465149013 --> [Forged physical sector]

Sector 1465149014 --> [Forged physical sector]

Sector 1465149015 --> [Forged physical sector]

Sector 1465149016 --> [Forged physical sector]

Sector 1465149017 --> [Forged physical sector]

Sector 1465149018 --> [Forged physical sector]

Sector 1465149019 --> [Forged physical sector]

Sector 1465149020 --> [Forged physical sector]

Sector 1465149021 --> [Forged physical sector]

Sector 1465149022 --> [Forged physical sector]

Sector 1465149023 --> [Forged physical sector]

Sector 1465149024 --> [Forged physical sector]

Sector 1465149025 --> [Forged physical sector]

Sector 1465149026 --> [Forged physical sector]

Sector 1465149027 --> [Forged physical sector]

Sector 1465149028 --> [Forged physical sector]

Sector 1465149029 --> [Forged physical sector]

Sector 1465149030 --> [Forged physical sector]

Sector 1465149031 --> [Forged physical sector]

Sector 1465149032 --> [Forged physical sector]

Sector 1465149033 --> [Forged physical sector]

Sector 1465149034 --> [Forged physical sector]

Sector 1465149035 --> [Forged physical sector]

Sector 1465149036 --> [Forged physical sector]

Sector 1465149037 --> [Forged physical sector]

Sector 1465149038 --> [Forged physical sector]

Sector 1465149039 --> [Forged physical sector]

Sector 1465149040 --> [Forged physical sector]

Sector 1465149041 --> [Forged physical sector]

Sector 1465149042 --> [Forged physical sector]

Sector 1465149043 --> [Forged physical sector]

Sector 1465149044 --> [Forged physical sector]

Sector 1465149045 --> [Forged physical sector]

Sector 1465149046 --> [Forged physical sector]

Sector 1465149047 --> [Forged physical sector]

Sector 1465149048 --> [Forged physical sector]

Sector 1465149049 --> [Forged physical sector]

Sector 1465149050 --> [Forged physical sector]

Sector 1465149051 --> [Forged physical sector]

Sector 1465149052 --> [Forged physical sector]

Sector 1465149053 --> [Forged physical sector]

Sector 1465149054 --> [Forged physical sector]

Sector 1465149055 --> [Forged physical sector]

Sector 1465149056 --> [Forged physical sector]

Sector 1465149057 --> [Forged physical sector]

Sector 1465149058 --> [Forged physical sector]

Sector 1465149059 --> [Forged physical sector]

Sector 1465149060 --> [Forged physical sector]

Sector 1465149061 --> [Forged physical sector]

Sector 1465149062 --> [Forged physical sector]

Sector 1465149063 --> [Forged physical sector]

Sector 1465149064 --> [Forged physical sector]

Sector 1465149065 --> [Forged physical sector]

Sector 1465149066 --> [Forged physical sector]

Sector 1465149067 --> [Forged physical sector]

Sector 1465149068 --> [Forged physical sector]

Sector 1465149069 --> [Forged physical sector]

Sector 1465149070 --> [Forged physical sector]

Sector 1465149071 --> [Forged physical sector]

Sector 1465149072 --> [Forged physical sector]

Sector 1465149073 --> [Forged physical sector]

Sector 1465149074 --> [Forged physical sector]

Sector 1465149075 --> [Forged physical sector]

Sector 1465149076 --> [Forged physical sector]

Sector 1465149077 --> [Forged physical sector]

Sector 1465149078 --> [Forged physical sector]

Sector 1465149079 --> [Forged physical sector]

Sector 1465149080 --> [Forged physical sector]

Sector 1465149081 --> [Forged physical sector]

Sector 1465149082 --> [Forged physical sector]

Sector 1465149083 --> [Forged physical sector]

Sector 1465149084 --> [Forged physical sector]

Sector 1465149085 --> [Forged physical sector]

Sector 1465149086 --> [Forged physical sector]

Sector 1465149087 --> [Forged physical sector]

Sector 1465149088 --> [Forged physical sector]

Sector 1465149089 --> [Forged physical sector]

Sector 1465149090 --> [Forged physical sector]

Sector 1465149091 --> [Forged physical sector]

Sector 1465149092 --> [Forged physical sector]

Sector 1465149093 --> [Forged physical sector]

Sector 1465149094 --> [Forged physical sector]

Sector 1465149095 --> [Forged physical sector]

Sector 1465149096 --> [Forged physical sector]

Sector 1465149097 --> [Forged physical sector]

Sector 1465149098 --> [Forged physical sector]

Sector 1465149099 --> [Forged physical sector]

Sector 1465149100 --> [Forged physical sector]

Sector 1465149101 --> [Forged physical sector]

Sector 1465149102 --> [Forged physical sector]

Sector 1465149103 --> [Forged physical sector]

Sector 1465149104 --> [Forged physical sector]

Sector 1465149105 --> [Forged physical sector]

Sector 1465149106 --> [Forged physical sector]

Sector 1465149107 --> [Forged physical sector]

Sector 1465149108 --> [Forged physical sector]

Sector 1465149109 --> [Forged physical sector]

Sector 1465149110 --> [Forged physical sector]

Sector 1465149111 --> [Forged physical sector]

Sector 1465149112 --> [Forged physical sector]

Sector 1465149113 --> [Forged physical sector]

Sector 1465149114 --> [Forged physical sector]

Sector 1465149115 --> [Forged physical sector]

Sector 1465149116 --> [Forged physical sector]

Sector 1465149117 --> [Forged physical sector]

Sector 1465149118 --> [Forged physical sector]

Sector 1465149119 --> [Forged physical sector]

Sector 1465149120 --> [Forged physical sector]

Sector 1465149121 --> [Forged physical sector]

Sector 1465149122 --> [Forged physical sector]

Sector 1465149123 --> [Forged physical sector]

Sector 1465149124 --> [Forged physical sector]

Sector 1465149125 --> [Forged physical sector]

Sector 1465149126 --> [Forged physical sector]

Sector 1465149127 --> [Forged physical sector]

Sector 1465149128 --> [Forged physical sector]

Sector 1465149129 --> [Forged physical sector]

Sector 1465149130 --> [Forged physical sector]

Sector 1465149131 --> [Forged physical sector]

Sector 1465149132 --> [Forged physical sector]

Sector 1465149133 --> [Forged physical sector]

Sector 1465149134 --> [Forged physical sector]

Sector 1465149135 --> [Forged physical sector]

Sector 1465149136 --> [Forged physical sector]

Sector 1465149137 --> [Forged physical sector]

Sector 1465149138 --> [Forged physical sector]

Sector 1465149139 --> [Forged physical sector]

Sector 1465149140 --> [Forged physical sector]

Sector 1465149141 --> [Forged physical sector]

Sector 1465149142 --> [Forged physical sector]

Sector 1465149143 --> [Forged physical sector]

Sector 1465149144 --> [Forged physical sector]

Sector 1465149145 --> [Forged physical sector]

Sector 1465149146 --> [Forged physical sector]

Sector 1465149147 --> [Forged physical sector]

Sector 1465149148 --> [Forged physical sector]

Sector 1465149149 --> [Forged physical sector]

Sector 1465149150 --> [Forged physical sector]

Sector 1465149151 --> [Forged physical sector]

Sector 1465149152 --> [Forged physical sector]

Sector 1465149153 --> [Forged physical sector]

Sector 1465149154 --> [Forged physical sector]

Sector 1465149155 --> [Forged physical sector]

Sector 1465149156 --> [Forged physical sector]

Sector 1465149157 --> [Forged physical sector]

Sector 1465149158 --> [Forged physical sector]

Sector 1465149159 --> [Forged physical sector]

Sector 1465149160 --> [Forged physical sector]

Sector 1465149161 --> [Forged physical sector]

Sector 1465149162 --> [Forged physical sector]

Sector 1465149163 --> [Forged physical sector]

Sector 1465149164 --> [Forged physical sector]

Sector 1465149165 --> [Forged physical sector]

Sector 1465149166 --> [Forged physical sector]

Sector 1465149167 --> [Forged physical sector]

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8007c1b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007c19040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007c1b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007bbc380, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8007c19790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006b8a3a0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007c19790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007bd1450, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa8007ac5060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007c1b040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007ac5060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007bdfb60, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8007ac6790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007c1a040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007ac6790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007bbf060, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 5, DevicePointer: 0xfffffa8007c1a790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007ac5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007c1a790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007bdf660, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 512

Drive: 6, DevicePointer: 0xfffffa8007c34790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007b2b580, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007c34790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007c29610, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xfffff8a01113da80, 0xfffffa8007c34790, 0xfffffa80097800e0

Lower DeviceData: 0xfffff8a011850ac0, 0xfffffa8007c29610, 0xfffffa80095589d0

Drive 6

Scanning MBR on drive 6...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 18CC46C1

Partition information:

Partition 0 type is Other (0xc)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 7856064

Partition file system is FAT32

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 4022337024 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Infected: C:\Users\Entregan\Desktop\installer_winrar.exe --> [PUP.BundleInstaller.PHP]

Infected: C:\Users\Entregan\Downloads\FastDownload.exe --> [Affiliate.Downloader]

Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from AhaShare.com.txt" is sparse (flags = 32768)

Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from Demonoid.me.txt" is sparse (flags = 32768)

Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from elite-pirates.com.txt" is sparse (flags = 32768)

Infected: C:\Windows\svchost.exe --> [Trojan.Agent]

Infected: C:\Windows\svchost.exe --> [Trojan.Agent]

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 4

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occured

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.607000 GHz

Memory total: 6441787392, free: 5390708736

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.607000 GHz

Memory total: 6441787392, free: 4913487872

------------ Kernel report ------------

12/02/2012 15:49:18

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\nvstor64.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nvmf6264.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\amdiox64.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_nvstor64.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk6\DR6

Upper Device Object: 0xfffffa8007911060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000076\

Lower Device Object: 0xfffffa8007916490

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xfffffa8006c09060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000073\

Lower Device Object: 0xfffffa8006bf6990

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8006c03060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000072\

Lower Device Object: 0xfffffa8006bf7060

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa8006c02060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000071\

Lower Device Object: 0xfffffa8006bf6060

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8006c01060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000070\

Lower Device Object: 0xfffffa8006bf3710

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

[Entregan]

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8006bfe060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006f\

Lower Device Object: 0xfffffa8006bfa060

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800643d460

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000005f\

Lower Device Object: 0xfffffa8005ec4110

Lower Device Driver Name: \Driver\nvstor64\

Driver name found: nvstor64

DriverEntry returned 0x0

Function returned 0x0

Initializing...

Done!

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800643d460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800643e040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800643d460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005edae40, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8005ec4110, DeviceName: \Device\0000005f\, DriverName: \Driver\nvstor64\

------------ End ----------

Upper DeviceData: 0xfffff8a00b6945b0, 0xfffffa800643d460, 0xfffffa80058c9790

Lower DeviceData: 0xfffff8a00b576a10, 0xfffffa8005ec4110, 0xfffffa8005ce6e40

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 470BF6B0

Partition information:

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 27262976

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 27265024 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 27469824 Numsec = 1437675520

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8006bfe060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006bff910, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006bfe060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006bfa060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8006c01060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006bfeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006c01060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006bf3710, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006c01b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006bf6060, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8006c03060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006c02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006c03060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006bf7060, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 5, DevicePointer: 0xfffffa8006c09060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006c03b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006c09060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006bf6990, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 512

Drive: 6, DevicePointer: 0xfffffa8007911060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800790d910, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007911060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007916490, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xfffff8a00b1a66b0, 0xfffffa8007911060, 0xfffffa8005cdc090

Lower DeviceData: 0xfffff8a00b150150, 0xfffffa8007916490, 0xfffffa8005cdde40

Drive 6

Scanning MBR on drive 6...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 18CC46C1

Partition information:

Partition 0 type is Other (0xc)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 7856064

Partition file system is FAT32

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 4022337024 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Scan Interrupted

Done!

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.607000 GHz

Memory total: 6441787392, free: 5516976128

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.607000 GHz

Memory total: 6441787392, free: 5113593856

------------ Kernel report ------------

12/02/2012 16:03:41

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\nvstor64.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nvmf6264.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\amdiox64.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_nvstor64.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk6\DR6

Upper Device Object: 0xfffffa800780a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000076\

Lower Device Object: 0xfffffa80079a7b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xfffffa8006bfa060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000073\

Lower Device Object: 0xfffffa8006c03750

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8006bfb060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000072\

Lower Device Object: 0xfffffa80079a8060

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa8006c00060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000071\

Lower Device Object: 0xfffffa8006bf0a50

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8006c02060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000070\

Lower Device Object: 0xfffffa8006bf1b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8006c04060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006f\

Lower Device Object: 0xfffffa8006c01060

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80063ed060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000005f\

Lower Device Object: 0xfffffa80060c39c0

Lower Device Driver Name: \Driver\nvstor64\

Driver name found: nvstor64

DriverEntry returned 0x0

Function returned 0x0

Initializing...

Done!

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80063ed060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80063edb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80063ed060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80060bf7a0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80060c39c0, DeviceName: \Device\0000005f\, DriverName: \Driver\nvstor64\

------------ End ----------

Upper DeviceData: 0xfffff8a00bce2010, 0xfffffa80063ed060, 0xfffffa8005f7b090

Lower DeviceData: 0xfffff8a00bc6d120, 0xfffffa80060c39c0, 0xfffffa8005e9f090

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 470BF6B0

Partition information:

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 27262976

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 27265024 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 27469824 Numsec = 1437675520

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8006c04060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006c03040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006c04060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006c01060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006c04b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006c02060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006bf1b60, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa8006c00060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006c02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006c00060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006bf0a50, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8006bfb060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006c00b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006bfb060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80079a8060, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 5, DevicePointer: 0xfffffa8006bfa060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006bfbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006bfa060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006c03750, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 512

Drive: 6, DevicePointer: 0xfffffa800780a060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800791f040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800780a060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80079a7b60, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xfffff8a00bd01b80, 0xfffffa800780a060, 0xfffffa8005d9b790

Lower DeviceData: 0xfffff8a00bc54070, 0xfffffa80079a7b60, 0xfffffa8005ce8940

Drive 6

Scanning MBR on drive 6...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 18CC46C1

Partition information:

Partition 0 type is Other (0xc)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 7856064

Partition file system is FAT32

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 4022337024 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from AhaShare.com.txt" is sparse (flags = 32768)

Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from Demonoid.me.txt" is sparse (flags = 32768)

Read File: File "C:\Users\Entregan\Desktop\The Avengers [2012] CAM H264 elite-pirates.com\Torrent downloaded from elite-pirates.com.txt" is sparse (flags = 32768)

Done!

Scan finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.607000 GHz

Memory total: 6441787392, free: 5518618624

< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.7.4 (12.02.2012:1)

OS: Windows 7 Home Premium x64

Ran by Entregan on Sun 12/02/2012 at 16:14:47.93

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\crossrider"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\smartbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"

Successfully deleted: [Registry Key] "hkey_current_user\software\softonic"

Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"

Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"

Successfully deleted: [Registry Key] "hkey_local_machine\software\iminent"

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\Entregan\appdata\locallow\boost_interprocess"

Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"

~~~ FireFox

Successfully deleted: [File] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\user.js

Successfully deleted: [File] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\extensions\fnktxwelcd@fnktxwelcd.org.xpi [Tracur]

Successfully deleted: [Folder] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\smartbar

Successfully deleted: [Folder] C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\extensions\50b3e6d3346e5@50b3e6d33471e.com

Successfully deleted the following from C:\Users\Entregan\AppData\Roaming\mozilla\firefox\profiles\x0v0e92r.default\prefs.js

user_pref("CT3244149.1000082.isDisplayHidden", "true");

user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"http://feedlive.net/california.asx\"}");

user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3244149.FirstTime", "true");

user_pref("CT3244149.FirstTimeFF3", "true");

user_pref("CT3244149.LoginRevertSettingsEnabled", false);

user_pref("CT3244149.RevertSettingsEnabled", true);

user_pref("CT3244149.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=");

user_pref("CT3244149.UserID", "UN80476396242825083");

user_pref("CT3244149.UserId.enc", "MTNjZDRkNjgtNjZmZS1lYjI2LTBkZmItMjY5YjdjMjYwYmU3");

user_pref("CT3244149.addressBarTakeOverEnabledInHidden", "true");

user_pref("CT3244149.autoDisableScopes", 14);

user_pref("CT3244149.browser.search.defaultthis.engineName", true);

user_pref("CT3244149.cbfirsttime.enc", "TW9uIE5vdiAyNiAyMDEyIDE2OjAxOjM4IEdNVC0wNjAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp");

user_pref("CT3244149.defaultSearch", "true");

user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta

user_pref("CT3244149.enableAlerts", "always");

user_pref("CT3244149.enableSearchFromAddressBar", "true");

user_pref("CT3244149.firstTimeDialogOpened", "true");

user_pref("CT3244149.fixPageNotFoundError", "true");

user_pref("CT3244149.fixPageNotFoundErrorInHidden", "true");

user_pref("CT3244149.fixUrls", true);

user_pref("CT3244149.http___api30_starwebnet_com.pid2.enc", "YWE2ODYzNDAyYzk1NTEyNA==");

user_pref("CT3244149.http___toolbar_jollywallet_com_tlb_2.Affiliate_cache.enc", "WyJjODIyYzFiNjM4NTNlZDI3M2I4OTY4N2FjNTA1ZjlmYSIsIjczOGFhOGQzYmMwMmViODcxMmFjZDBlYjJjZjZkZmQ1IiwiMjM1MWY2MDBiZjYyMTAyYzU

user_pref("CT3244149.http___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOlt7InR5cGUiOiJtZW51IiwiY2FwdGlvbiI6IiIsImltYWdlIjoiaW1hZ2VzL215d2FsbGV0X21pbi5wbmciLCJpbWFnZWhvdmVyIjoiaW

user_pref("CT3244149.http___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiaHR0cDovL2FwaS5qb2xseXdhbGxldC5jb20vYWZmaWxpYXRlL2luaXQiLCJxdWVyeVVybCI6Imh0dHA6Ly9hcGkuam9sbHl3YWxs

user_pref("CT3244149.installId", "166");

user_pref("CT3244149.installType", "conduitnsisintegration");

user_pref("CT3244149.isCheckedStartAsHidden", true);

user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3244149.isFirstTimeToolbarLoading", "false");

user_pref("CT3244149.isNewTabEnabled", true);

user_pref("CT3244149.isPerformedSmartBarTransition", "true");

user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

user_pref("CT3244149.keyword", true);

user_pref("CT3244149.migrateAppsAndComponents", true);

user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"http://WhiteSmokeUSNew.OurToolbar.com/\",\"EB

user_pref("CT3244149.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT3244149.openThankYouPage", "false");

user_pref("CT3244149.openUninstallPage", "true");

user_pref("CT3244149.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"11\\\\/27\\\\/2012 01\\\"}\"}");

user_pref("CT3244149.revertSettingsEnabled", "true");

user_pref("CT3244149.search.searchAppId", "129895725399351616");

user_pref("CT3244149.search.searchCount", "0");

user_pref("CT3244149.searchInNewTabEnabledInHidden", "true");

user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3244149\"}");

user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://WhiteSmokeUSNew.OurToolbar.com//xpi\"}");

user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke US New\"}");

user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3244149.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353967291293");

user_pref("CT3244149.serviceLayer_services_appsMetadata_lastUpdate", "1353967291116");

user_pref("CT3244149.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353967292405");

user_pref("CT3244149.serviceLayer_services_login_10.13.40.15_lastUpdate", "1354245458202");

user_pref("CT3244149.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353967292362");

user_pref("CT3244149.serviceLayer_services_searchAPI_lastUpdate", "1353967288130");

user_pref("CT3244149.serviceLayer_services_serviceMap_lastUpdate", "1354245457791");

user_pref("CT3244149.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353967292450");

user_pref("CT3244149.serviceLayer_services_toolbarSettings_lastUpdate", "1354245457827");

user_pref("CT3244149.serviceLayer_services_translation_lastUpdate", "1354245457903");

user_pref("CT3244149.serviceLayer_services_userApps_lastUpdate", "1353967295540");

user_pref("CT3244149.settingsINI", true);

user_pref("CT3244149.shouldFirstTimeDialog", "false");

user_pref("CT3244149.smartbar.CTID", "CT3244149");

user_pref("CT3244149.smartbar.Uninstall", "0");

user_pref("CT3244149.smartbar.homepage", true);

user_pref("CT3244149.smartbar.isHidden", true);

user_pref("CT3244149.smartbar.toolbarName", "WhiteSmoke US New ");

user_pref("CT3244149.startPage", "userChanged");

user_pref("CT3244149.toolbarBornServerTime", "27-11-2012");

user_pref("CT3244149.toolbarCurrentServerTime", "30-11-2012");

user_pref("CT3244149.toolbarDisabled", "true");

user_pref("CT3244149_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1354245334276,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3244149&SearchSource=13&CUI=SB_CUI");

user_pref("Smartbar.ConduitSearchEngineList", "");

user_pref("Smartbar.ConduitSearchUrlList", "");

user_pref("Smartbar.keywordURLSelectedCTID", "CT3244149");

user_pref("aol_toolbar.default.homepage.check", false);

user_pref("aol_toolbar.default.search.check", false);

user_pref("browser.search.selectedEngine", "WhiteSmoke US New Customized Web Search");

user_pref("extensions.50b3e6d334792.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe

user_pref("extensions.BabylonToolbar.prtkDS", 0);

user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics");

user_pref("extentions.y2layers.installId", "29a92b03-ec2d-4a1f-b430-fd485c7c9f8b");

user_pref("extentions.y2layers.lastDnsTest", 371896);

user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=");

user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3244149&SearchSource=13&CUI=SB_CUI");

user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=");

user_pref("smartbar.originalHomepage", "netflix.com");

user_pref("smartbar.originalSearchAddressUrl", "");

user_pref("smartbar.originalSearchEngine", false);

user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

user_pref("sweetim.toolbar.previous.keyword.URL", "");

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

user_pref("sweetim.toolbar.searchguard.enable", "");

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 12/02/2012 at 16:21:59.66

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >

# AdwCleaner v2.011 - Logfile created 12/02/2012 at 16:24:03

# Updated 02/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Entregan - LOS-ENTERPRISES

# Boot Mode : Normal

# Running from : C:\Users\Entregan\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default

File : C:\Users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\prefs.js

Deleted : user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Deleted : user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]

Deleted : user_pref("CT3244149.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT3244149.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]

Deleted : user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3244149_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

*************************

AdwCleaner[s2].txt - [4871 octets] - [02/12/2012 16:24:03]

########## EOF - C:\AdwCleaner[s2].txt - [4931 octets] ##########

[CatByte]

looks good

please run the following:

Please download TDSSKiller.zip

• Extract it to your desktop
  
• Double click TDSSKiller.exe
  
• when the window opens, click on Change Parameters
  
• under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  
• click OK
  
• Press Start Scan
  
  • If Malicious objects are found then ensure Cure is selected
    
  • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    
  • Then click Continue > Reboot now
    

  [*]Copy and paste the log in your next reply

  • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    

NEXT

Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activeX control to install
  
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  
• Click Scan
  
• Wait for the scan to finish
  
• When the scan completes, press the LIST OF THREATS FOUND button
  
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  
• Include the contents of this report in your next reply.
  
• Press the BACK button.
  
• Press Finish
  

[Entregan]

17:16:26.0790 2888 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

17:16:27.0850 2888 ============================================================

17:16:27.0850 2888 Current date / time: 2012/12/02 17:16:27.0850

17:16:27.0850 2888 SystemInfo:

17:16:27.0850 2888

17:16:27.0850 2888 OS Version: 6.1.7601 ServicePack: 1.0

17:16:27.0850 2888 Product type: Workstation

17:16:27.0850 2888 ComputerName: LOS-ENTERPRISES

17:16:27.0850 2888 UserName: Entregan

17:16:27.0850 2888 Windows directory: C:\Windows

17:16:27.0850 2888 System windows directory: C:\Windows

17:16:27.0850 2888 Running under WOW64

17:16:27.0850 2888 Processor architecture: Intel x64

17:16:27.0850 2888 Number of processors: 2

17:16:27.0850 2888 Page size: 0x1000

17:16:27.0850 2888 Boot type: Normal boot

17:16:27.0850 2888 ============================================================

17:16:28.0989 2888 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:16:29.0020 2888 Drive \Device\Harddisk6\DR6 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:16:29.0020 2888 ============================================================

17:16:29.0020 2888 \Device\Harddisk0\DR0:

17:16:29.0020 2888 MBR partitions:

17:16:29.0020 2888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000

17:16:29.0020 2888 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x55B13000

17:16:29.0020 2888 \Device\Harddisk6\DR6:

17:16:29.0020 2888 MBR partitions:

17:16:29.0020 2888 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x77DFC0

17:16:29.0020 2888 ============================================================

17:16:29.0036 2888 C: <-> \Device\Harddisk0\DR0\Partition2

17:16:29.0036 2888 ============================================================

17:16:29.0036 2888 Initialize success

17:16:29.0036 2888 ============================================================

17:17:35.0687 1924 ============================================================

17:17:35.0687 1924 Scan started

17:17:35.0687 1924 Mode: Manual; TDLFS;

17:17:35.0687 1924 ============================================================

17:17:35.0843 1924 ================ Scan system memory ========================

17:17:35.0843 1924 System memory - ok

17:17:35.0843 1924 ================ Scan services =============================

17:17:35.0999 1924 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

17:17:35.0999 1924 1394ohci - ok

17:17:36.0030 1924 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

17:17:36.0030 1924 ACPI - ok

17:17:36.0046 1924 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

17:17:36.0046 1924 AcpiPmi - ok

17:17:36.0155 1924 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

17:17:36.0155 1924 AdobeFlashPlayerUpdateSvc - ok

17:17:36.0202 1924 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

17:17:36.0202 1924 adp94xx - ok

17:17:36.0233 1924 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

17:17:36.0233 1924 adpahci - ok

17:17:36.0249 1924 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

17:17:36.0249 1924 adpu320 - ok

17:17:36.0280 1924 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:17:36.0280 1924 AeLookupSvc - ok

17:17:36.0296 1924 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

17:17:36.0311 1924 AFD - ok

17:17:36.0311 1924 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

17:17:36.0311 1924 agp440 - ok

17:17:36.0342 1924 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

17:17:36.0342 1924 ALG - ok

17:17:36.0342 1924 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

17:17:36.0358 1924 aliide - ok

17:17:36.0405 1924 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

17:17:36.0405 1924 AMD External Events Utility - ok

17:17:36.0467 1924 AMD FUEL Service - ok

17:17:36.0467 1924 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

17:17:36.0467 1924 amdide - ok

17:17:36.0498 1924 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys

17:17:36.0498 1924 amdiox64 - ok

17:17:36.0514 1924 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

17:17:36.0514 1924 AmdK8 - ok

17:17:36.0732 1924 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

17:17:36.0920 1924 amdkmdag - ok

17:17:36.0951 1924 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

17:17:36.0966 1924 amdkmdap - ok

17:17:36.0966 1924 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

17:17:36.0966 1924 AmdPPM - ok

17:17:36.0982 1924 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

17:17:36.0982 1924 amdsata - ok

17:17:36.0998 1924 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

17:17:37.0013 1924 amdsbs - ok

17:17:37.0013 1924 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

17:17:37.0013 1924 amdxata - ok

17:17:37.0060 1924 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

17:17:37.0060 1924 AODDriver4.1 - ok

17:17:37.0076 1924 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

17:17:37.0076 1924 AppID - ok

17:17:37.0107 1924 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

17:17:37.0107 1924 AppIDSvc - ok

17:17:37.0138 1924 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

17:17:37.0138 1924 Appinfo - ok

17:17:37.0216 1924 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:17:37.0216 1924 Apple Mobile Device - ok

17:17:37.0247 1924 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

17:17:37.0247 1924 arc - ok

17:17:37.0263 1924 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

17:17:37.0263 1924 arcsas - ok

17:17:37.0310 1924 aspnet_state - ok

17:17:37.0341 1924 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:17:37.0341 1924 AsyncMac - ok

17:17:37.0341 1924 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

17:17:37.0341 1924 atapi - ok

17:17:37.0388 1924 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

17:17:37.0388 1924 AtiHDAudioService - ok

17:17:37.0419 1924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:17:37.0434 1924 AudioEndpointBuilder - ok

17:17:37.0450 1924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

17:17:37.0450 1924 AudioSrv - ok

17:17:37.0497 1924 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

17:17:37.0497 1924 AxInstSV - ok

17:17:37.0528 1924 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

17:17:37.0544 1924 b06bdrv - ok

17:17:37.0559 1924 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

17:17:37.0559 1924 b57nd60a - ok

17:17:37.0637 1924 [ 6FA3557EA5FA09BA705298CC6B0E9F5A ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys

17:17:37.0637 1924 BCMH43XX - ok

17:17:37.0668 1924 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

17:17:37.0668 1924 BDESVC - ok

17:17:37.0684 1924 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

17:17:37.0684 1924 Beep - ok

17:17:37.0793 1924 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

17:17:37.0824 1924 BFE - ok

17:17:37.0934 1924 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

17:17:37.0965 1924 BITS - ok

17:17:37.0980 1924 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

17:17:37.0996 1924 blbdrive - ok

17:17:38.0043 1924 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

17:17:38.0043 1924 Bonjour Service - ok

17:17:38.0074 1924 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:17:38.0074 1924 bowser - ok

17:17:38.0090 1924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:17:38.0105 1924 BrFiltLo - ok

17:17:38.0121 1924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:17:38.0121 1924 BrFiltUp - ok

17:17:38.0136 1924 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

17:17:38.0136 1924 BridgeMP - ok

17:17:38.0152 1924 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

17:17:38.0168 1924 Browser - ok

17:17:38.0183 1924 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

17:17:38.0183 1924 Brserid - ok

17:17:38.0199 1924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

17:17:38.0199 1924 BrSerWdm - ok

17:17:38.0214 1924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

17:17:38.0214 1924 BrUsbMdm - ok

17:17:38.0214 1924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

17:17:38.0214 1924 BrUsbSer - ok

17:17:38.0230 1924 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

17:17:38.0246 1924 BTHMODEM - ok

17:17:38.0261 1924 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

17:17:38.0261 1924 bthserv - ok

17:17:38.0292 1924 catchme - ok

17:17:38.0308 1924 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:17:38.0308 1924 cdfs - ok

17:17:38.0355 1924 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

17:17:38.0355 1924 cdrom - ok

17:17:38.0370 1924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

17:17:38.0370 1924 CertPropSvc - ok

17:17:38.0386 1924 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

17:17:38.0386 1924 circlass - ok

17:17:38.0417 1924 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

17:17:38.0417 1924 CLFS - ok

17:17:38.0433 1924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:17:38.0448 1924 clr_optimization_v2.0.50727_32 - ok

17:17:38.0495 1924 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:17:38.0495 1924 clr_optimization_v2.0.50727_64 - ok

17:17:38.0542 1924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:17:38.0542 1924 clr_optimization_v4.0.30319_32 - ok

17:17:38.0573 1924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:17:38.0573 1924 clr_optimization_v4.0.30319_64 - ok

17:17:38.0589 1924 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

17:17:38.0604 1924 CmBatt - ok

17:17:38.0636 1924 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

17:17:38.0636 1924 cmdide - ok

17:17:38.0667 1924 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

17:17:38.0667 1924 CNG - ok

17:17:38.0682 1924 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

17:17:38.0682 1924 Compbatt - ok

17:17:38.0714 1924 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

17:17:38.0714 1924 CompositeBus - ok

17:17:38.0729 1924 COMSysApp - ok

17:17:38.0745 1924 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

17:17:38.0745 1924 crcdisk - ok

17:17:38.0760 1924 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:17:38.0776 1924 CryptSvc - ok

17:17:38.0792 1924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

17:17:38.0807 1924 DcomLaunch - ok

17:17:38.0838 1924 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

17:17:38.0838 1924 defragsvc - ok

17:17:38.0870 1924 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:17:38.0870 1924 DfsC - ok

17:17:38.0885 1924 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

17:17:38.0901 1924 Dhcp - ok

17:17:38.0901 1924 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

17:17:38.0916 1924 discache - ok

17:17:38.0932 1924 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

17:17:38.0932 1924 Disk - ok

17:17:39.0026 1924 [ 2CAAD3E488998887861C46B3027D0DC8 ] DMDefragService C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe

17:17:39.0041 1924 DMDefragService - ok

17:17:39.0088 1924 [ E4BFEBC56896951001F1297BF47D5341 ] DMRepairService C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe

17:17:39.0104 1924 DMRepairService - ok

17:17:39.0135 1924 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:17:39.0135 1924 Dnscache - ok

17:17:39.0166 1924 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

17:17:39.0182 1924 dot3svc - ok

17:17:39.0213 1924 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

17:17:39.0213 1924 DPS - ok

17:17:39.0228 1924 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:17:39.0228 1924 drmkaud - ok

17:17:39.0275 1924 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

17:17:39.0275 1924 dtsoftbus01 - ok

17:17:39.0322 1924 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:17:39.0338 1924 DXGKrnl - ok

17:17:39.0369 1924 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

17:17:39.0369 1924 EapHost - ok

17:17:39.0431 1924 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

17:17:39.0509 1924 ebdrv - ok

17:17:39.0525 1924 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

17:17:39.0525 1924 EFS - ok

17:17:39.0587 1924 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

17:17:39.0603 1924 ehRecvr - ok

17:17:39.0634 1924 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

17:17:39.0634 1924 ehSched - ok

17:17:39.0681 1924 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

17:17:39.0681 1924 elxstor - ok

17:17:39.0712 1924 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

17:17:39.0712 1924 ErrDev - ok

17:17:39.0759 1924 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

17:17:39.0759 1924 EventSystem - ok

17:17:39.0774 1924 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

17:17:39.0774 1924 exfat - ok

17:17:39.0790 1924 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:17:39.0806 1924 fastfat - ok

17:17:39.0821 1924 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

17:17:39.0837 1924 Fax - ok

17:17:39.0852 1924 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

17:17:39.0852 1924 fdc - ok

17:17:39.0884 1924 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

17:17:39.0884 1924 fdPHost - ok

17:17:39.0899 1924 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

17:17:39.0899 1924 FDResPub - ok

17:17:39.0915 1924 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:17:39.0915 1924 FileInfo - ok

17:17:39.0930 1924 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:17:39.0930 1924 Filetrace - ok

17:17:39.0993 1924 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

17:17:40.0008 1924 FLEXnet Licensing Service - ok

17:17:40.0024 1924 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

17:17:40.0024 1924 flpydisk - ok

17:17:40.0055 1924 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:17:40.0071 1924 FltMgr - ok

17:17:40.0102 1924 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

17:17:40.0133 1924 FontCache - ok

17:17:40.0164 1924 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:17:40.0164 1924 FontCache3.0.0.0 - ok

17:17:40.0242 1924 [ A9FF65EA14E4CABFCC1BB8ECE111A249 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

17:17:40.0258 1924 ForceWare Intelligent Application Manager (IAM) - ok

17:17:40.0274 1924 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

17:17:40.0274 1924 FsDepends - ok

17:17:40.0305 1924 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:17:40.0305 1924 Fs_Rec - ok

17:17:40.0320 1924 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

17:17:40.0336 1924 fvevol - ok

17:17:40.0367 1924 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

17:17:40.0367 1924 gagp30kx - ok

17:17:40.0430 1924 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe

17:17:40.0430 1924 GameConsoleService - ok

17:17:40.0476 1924 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

17:17:40.0492 1924 gpsvc - ok

17:17:40.0554 1924 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

17:17:40.0586 1924 Greg_Service - ok

17:17:40.0632 1924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:17:40.0632 1924 gupdate - ok

17:17:40.0648 1924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:17:40.0648 1924 gupdatem - ok

17:17:40.0679 1924 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

17:17:40.0679 1924 gusvc - ok

17:17:40.0695 1924 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

17:17:40.0695 1924 hcw85cir - ok

17:17:40.0726 1924 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:17:40.0742 1924 HdAudAddService - ok

17:17:40.0757 1924 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

17:17:40.0757 1924 HDAudBus - ok

17:17:40.0757 1924 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

17:17:40.0757 1924 HidBatt - ok

17:17:40.0788 1924 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

17:17:40.0804 1924 HidBth - ok

17:17:40.0804 1924 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

17:17:40.0804 1924 HidIr - ok

17:17:40.0835 1924 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

17:17:40.0835 1924 hidserv - ok

17:17:40.0866 1924 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

17:17:40.0866 1924 HidUsb - ok

17:17:40.0898 1924 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

17:17:40.0898 1924 hkmsvc - ok

17:17:40.0929 1924 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:17:40.0929 1924 HomeGroupListener - ok

17:17:40.0960 1924 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:17:40.0960 1924 HomeGroupProvider - ok

17:17:40.0991 1924 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

17:17:40.0991 1924 HpSAMD - ok

17:17:41.0038 1924 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:17:41.0038 1924 HTTP - ok

17:17:41.0054 1924 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

17:17:41.0054 1924 hwpolicy - ok

17:17:41.0085 1924 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

17:17:41.0085 1924 i8042prt - ok

17:17:41.0116 1924 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

17:17:41.0116 1924 iaStorV - ok

17:17:41.0147 1924 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:17:41.0163 1924 idsvc - ok

17:17:41.0178 1924 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

17:17:41.0194 1924 iirsp - ok

17:17:41.0225 1924 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

17:17:41.0241 1924 IKEEXT - ok

17:17:41.0303 1924 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

17:17:41.0319 1924 IntcAzAudAddService - ok

17:17:41.0319 1924 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

17:17:41.0319 1924 intelide - ok

17:17:41.0334 1924 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

17:17:41.0334 1924 intelppm - ok

17:17:41.0366 1924 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:17:41.0366 1924 IPBusEnum - ok

17:17:41.0397 1924 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:17:41.0397 1924 IpFilterDriver - ok

17:17:41.0428 1924 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

17:17:41.0444 1924 iphlpsvc - ok

17:17:41.0459 1924 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

17:17:41.0459 1924 IPMIDRV - ok

17:17:41.0475 1924 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

17:17:41.0475 1924 IPNAT - ok

17:17:41.0490 1924 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:17:41.0490 1924 IRENUM - ok

17:17:41.0490 1924 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

17:17:41.0490 1924 isapnp - ok

17:17:41.0506 1924 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

17:17:41.0506 1924 iScsiPrt - ok

17:17:41.0537 1924 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

17:17:41.0537 1924 kbdclass - ok

17:17:41.0553 1924 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

17:17:41.0553 1924 kbdhid - ok

17:17:41.0568 1924 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

17:17:41.0568 1924 KeyIso - ok

17:17:41.0600 1924 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:17:41.0600 1924 KSecDD - ok

17:17:41.0631 1924 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

17:17:41.0631 1924 KSecPkg - ok

17:17:41.0646 1924 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

17:17:41.0646 1924 ksthunk - ok

17:17:41.0678 1924 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

17:17:41.0678 1924 KtmRm - ok

17:17:41.0693 1924 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

17:17:41.0709 1924 LanmanServer - ok

17:17:41.0724 1924 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:17:41.0724 1924 LanmanWorkstation - ok

17:17:41.0756 1924 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:17:41.0756 1924 lltdio - ok

17:17:41.0787 1924 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:17:41.0787 1924 lltdsvc - ok

17:17:41.0818 1924 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

17:17:41.0818 1924 lmhosts - ok

17:17:41.0818 1924 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

17:17:41.0834 1924 LSI_FC - ok

17:17:41.0834 1924 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

17:17:41.0849 1924 LSI_SAS - ok

17:17:41.0849 1924 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:17:41.0865 1924 LSI_SAS2 - ok

17:17:41.0865 1924 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:17:41.0865 1924 LSI_SCSI - ok

17:17:41.0880 1924 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

17:17:41.0880 1924 luafv - ok

17:17:41.0912 1924 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

17:17:41.0912 1924 Mcx2Svc - ok

17:17:41.0943 1924 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

17:17:41.0943 1924 megasas - ok

17:17:41.0958 1924 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

17:17:41.0958 1924 MegaSR - ok

17:17:42.0036 1924 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

17:17:42.0036 1924 Microsoft Office Groove Audit Service - ok

17:17:42.0052 1924 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

17:17:42.0068 1924 MMCSS - ok

17:17:42.0083 1924 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

17:17:42.0083 1924 Modem - ok

17:17:42.0099 1924 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:17:42.0099 1924 monitor - ok

17:17:42.0114 1924 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

17:17:42.0114 1924 mouclass - ok

17:17:42.0130 1924 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

17:17:42.0130 1924 mouhid - ok

17:17:42.0146 1924 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

17:17:42.0146 1924 mountmgr - ok

17:17:42.0208 1924 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

17:17:42.0208 1924 MozillaMaintenance - ok

17:17:42.0255 1924 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

17:17:42.0255 1924 mpio - ok

17:17:42.0270 1924 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:17:42.0270 1924 mpsdrv - ok

17:17:42.0317 1924 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

17:17:42.0333 1924 MpsSvc - ok

17:17:42.0364 1924 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:17:42.0380 1924 MRxDAV - ok

17:17:42.0395 1924 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:17:42.0395 1924 mrxsmb - ok

17:17:42.0426 1924 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:17:42.0442 1924 mrxsmb10 - ok

17:17:42.0458 1924 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:17:42.0458 1924 mrxsmb20 - ok

17:17:42.0473 1924 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

17:17:42.0473 1924 msahci - ok

17:17:42.0473 1924 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

17:17:42.0489 1924 msdsm - ok

17:17:42.0504 1924 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

17:17:42.0504 1924 MSDTC - ok

17:17:42.0520 1924 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:17:42.0520 1924 Msfs - ok

17:17:42.0536 1924 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

17:17:42.0536 1924 mshidkmdf - ok

17:17:42.0551 1924 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

17:17:42.0567 1924 msisadrv - ok

17:17:42.0582 1924 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:17:42.0582 1924 MSiSCSI - ok

17:17:42.0598 1924 msiserver - ok

17:17:42.0614 1924 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:17:42.0614 1924 MSKSSRV - ok

17:17:42.0614 1924 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:17:42.0614 1924 MSPCLOCK - ok

17:17:42.0629 1924 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:17:42.0629 1924 MSPQM - ok

17:17:42.0660 1924 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:17:42.0660 1924 MsRPC - ok

17:17:42.0676 1924 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

17:17:42.0676 1924 mssmbios - ok

17:17:42.0676 1924 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:17:42.0676 1924 MSTEE - ok

17:17:42.0692 1924 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

17:17:42.0692 1924 MTConfig - ok

17:17:42.0707 1924 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

17:17:42.0707 1924 Mup - ok

17:17:42.0723 1924 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

17:17:42.0723 1924 napagent - ok

17:17:42.0770 1924 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:17:42.0770 1924 NativeWifiP - ok

17:17:42.0816 1924 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

17:17:42.0832 1924 NDIS - ok

17:17:42.0848 1924 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

17:17:42.0848 1924 NdisCap - ok

17:17:42.0848 1924 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:17:42.0863 1924 NdisTapi - ok

17:17:42.0879 1924 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:17:42.0879 1924 Ndisuio - ok

17:17:42.0894 1924 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:17:42.0894 1924 NdisWan - ok

17:17:42.0926 1924 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:17:42.0926 1924 NDProxy - ok

17:17:43.0004 1924 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

17:17:43.0035 1924 Nero BackItUp Scheduler 4.0 - ok

17:17:43.0066 1924 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:17:43.0066 1924 NetBIOS - ok

17:17:43.0082 1924 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

17:17:43.0082 1924 NetBT - ok

17:17:43.0097 1924 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

17:17:43.0097 1924 Netlogon - ok

17:17:43.0128 1924 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

17:17:43.0144 1924 Netman - ok

17:17:43.0160 1924 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

17:17:43.0160 1924 netprofm - ok

17:17:43.0191 1924 [ 93A240FD4C133D1ED7CCF829159C4B78 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys

17:17:43.0191 1924 netr7364 - ok

17:17:43.0238 1924 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:17:43.0238 1924 NetTcpPortSharing - ok

17:17:43.0269 1924 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

17:17:43.0269 1924 nfrd960 - ok

17:17:43.0316 1924 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

17:17:43.0316 1924 NlaSvc - ok

17:17:43.0331 1924 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:17:43.0331 1924 Npfs - ok

17:17:43.0331 1924 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

17:17:43.0347 1924 nsi - ok

17:17:43.0347 1924 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:17:43.0347 1924 nsiproxy - ok

17:17:43.0394 1924 [ C04F5DEF37E55F6A34428B050F44D3D6 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

17:17:43.0394 1924 nSvcIp - ok

17:17:43.0440 1924 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:17:43.0472 1924 Ntfs - ok

17:17:43.0487 1924 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

17:17:43.0487 1924 Null - ok

17:17:43.0534 1924 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys

17:17:43.0534 1924 NVENETFD - ok

17:17:43.0784 1924 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:17:44.0033 1924 nvlddmkm - ok

17:17:44.0049 1924 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys

17:17:44.0049 1924 NVNET - ok

17:17:44.0080 1924 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

17:17:44.0096 1924 nvraid - ok

17:17:44.0096 1924 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

17:17:44.0096 1924 nvstor - ok

17:17:44.0127 1924 [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys

17:17:44.0127 1924 nvstor64 - ok

17:17:44.0142 1924 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe

17:17:44.0158 1924 nvsvc - ok

17:17:44.0189 1924 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

17:17:44.0189 1924 nv_agp - ok

17:17:44.0236 1924 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

17:17:44.0252 1924 odserv - ok

17:17:44.0267 1924 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

17:17:44.0267 1924 ohci1394 - ok

17:17:44.0314 1924 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:17:44.0330 1924 ose - ok

17:17:44.0361 1924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

17:17:44.0376 1924 p2pimsvc - ok

17:17:44.0392 1924 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

17:17:44.0408 1924 p2psvc - ok

17:17:44.0423 1924 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

17:17:44.0423 1924 Parport - ok

17:17:44.0454 1924 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:17:44.0454 1924 partmgr - ok

17:17:44.0470 1924 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

17:17:44.0470 1924 PcaSvc - ok

17:17:44.0501 1924 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

17:17:44.0501 1924 pci - ok

17:17:44.0501 1924 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

17:17:44.0501 1924 pciide - ok

17:17:44.0517 1924 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

17:17:44.0532 1924 pcmcia - ok

17:17:44.0548 1924 [ F807B82D4A743270C881F635055B1F7F ] PCTDMDefrag C:\Windows\system32\drivers\PCTDMDefrag.sys

17:17:44.0548 1924 PCTDMDefrag - ok

17:17:44.0564 1924 [ AC61DD47194DF8241527B4291E5BB536 ] PCTDSMon C:\Windows\system32\drivers\PCTDSMon.sys

17:17:44.0564 1924 PCTDSMon - ok

17:17:44.0610 1924 [ 97571EF24B653DDC0538C59BCD989AE1 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

17:17:44.0610 1924 PCToolsSSDMonitorSvc - ok

17:17:44.0642 1924 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

17:17:44.0642 1924 pcw - ok

17:17:44.0657 1924 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:17:44.0673 1924 PEAUTH - ok

17:17:44.0751 1924 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

17:17:44.0751 1924 PerfHost - ok

17:17:44.0829 1924 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

17:17:44.0860 1924 pla - ok

17:17:44.0907 1924 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:17:44.0922 1924 PlugPlay - ok

17:17:44.0954 1924 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

17:17:44.0954 1924 PNRPAutoReg - ok

17:17:44.0969 1924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

17:17:44.0985 1924 PNRPsvc - ok

17:17:45.0016 1924 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

17:17:45.0016 1924 PolicyAgent - ok

17:17:45.0063 1924 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

17:17:45.0063 1924 Power - ok

17:17:45.0094 1924 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

17:17:45.0094 1924 PptpMiniport - ok

17:17:45.0110 1924 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

17:17:45.0110 1924 Processor - ok

17:17:45.0141 1924 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

17:17:45.0156 1924 ProfSvc - ok

17:17:45.0156 1924 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

17:17:45.0156 1924 ProtectedStorage - ok

17:17:45.0203 1924 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

17:17:45.0203 1924 Psched - ok

17:17:45.0234 1924 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

17:17:45.0266 1924 ql2300 - ok

17:17:45.0297 1924 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

17:17:45.0297 1924 ql40xx - ok

17:17:45.0312 1924 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

17:17:45.0312 1924 QWAVE - ok

17:17:45.0344 1924 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

17:17:45.0344 1924 QWAVEdrv - ok

17:17:45.0344 1924 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

17:17:45.0359 1924 RasAcd - ok

17:17:45.0390 1924 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

17:17:45.0390 1924 RasAgileVpn - ok

17:17:45.0406 1924 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

17:17:45.0406 1924 RasAuto - ok

17:17:45.0437 1924 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

17:17:45.0453 1924 Rasl2tp - ok

17:17:45.0468 1924 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

17:17:45.0468 1924 RasMan - ok

17:17:45.0500 1924 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

17:17:45.0500 1924 RasPppoe - ok

17:17:45.0531 1924 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

17:17:45.0531 1924 RasSstp - ok

17:17:45.0546 1924 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

17:17:45.0546 1924 rdbss - ok

17:17:45.0562 1924 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

17:17:45.0562 1924 rdpbus - ok

17:17:45.0578 1924 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

17:17:45.0578 1924 RDPCDD - ok

17:17:45.0578 1924 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

17:17:45.0578 1924 RDPENCDD - ok

17:17:45.0593 1924 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

17:17:45.0593 1924 RDPREFMP - ok

17:17:45.0609 1924 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

17:17:45.0624 1924 RDPWD - ok

17:17:45.0640 1924 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

17:17:45.0640 1924 rdyboost - ok

17:17:45.0656 1924 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

17:17:45.0671 1924 RemoteAccess - ok

17:17:45.0702 1924 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

17:17:45.0702 1924 RemoteRegistry - ok

17:17:45.0734 1924 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

17:17:45.0734 1924 RpcEptMapper - ok

17:17:45.0749 1924 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

17:17:45.0749 1924 RpcLocator - ok

17:17:45.0780 1924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

17:17:45.0780 1924 RpcSs - ok

17:17:45.0796 1924 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

17:17:45.0796 1924 rspndr - ok

17:17:45.0796 1924 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

17:17:45.0812 1924 SamSs - ok

17:17:45.0843 1924 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

17:17:45.0843 1924 sbp2port - ok

17:17:45.0858 1924 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

17:17:45.0858 1924 SCardSvr - ok

17:17:45.0890 1924 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

17:17:45.0890 1924 scfilter - ok

17:17:45.0936 1924 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

17:17:45.0968 1924 Schedule - ok

17:17:45.0983 1924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

17:17:45.0999 1924 SCPolicySvc - ok

17:17:46.0030 1924 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

17:17:46.0030 1924 SDRSVC - ok

17:17:46.0046 1924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

17:17:46.0046 1924 secdrv - ok

17:17:46.0077 1924 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

17:17:46.0077 1924 seclogon - ok

17:17:46.0092 1924 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

17:17:46.0092 1924 SENS - ok

17:17:46.0124 1924 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

17:17:46.0124 1924 SensrSvc - ok

17:17:46.0139 1924 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

17:17:46.0139 1924 Serenum - ok

17:17:46.0186 1924 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

17:17:46.0186 1924 Serial - ok

17:17:46.0202 1924 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

17:17:46.0217 1924 sermouse - ok

17:17:46.0248 1924 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

17:17:46.0248 1924 SessionEnv - ok

17:17:46.0264 1924 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

17:17:46.0280 1924 sffdisk - ok

17:17:46.0280 1924 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

17:17:46.0280 1924 sffp_mmc - ok

17:17:46.0280 1924 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

17:17:46.0280 1924 sffp_sd - ok

17:17:46.0295 1924 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

17:17:46.0295 1924 sfloppy - ok

17:17:46.0358 1924 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

17:17:46.0358 1924 SharedAccess - ok

17:17:46.0389 1924 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:17:46.0389 1924 ShellHWDetection - ok

17:17:46.0420 1924 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:17:46.0420 1924 SiSRaid2 - ok

17:17:46.0436 1924 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

17:17:46.0436 1924 SiSRaid4 - ok

17:17:46.0498 1924 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

17:17:46.0498 1924 SkypeUpdate - ok

17:17:46.0529 1924 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

17:17:46.0529 1924 Smb - ok

17:17:46.0560 1924 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

17:17:46.0560 1924 SNMPTRAP - ok

17:17:46.0592 1924 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

17:17:46.0592 1924 spldr - ok

17:17:46.0623 1924 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

17:17:46.0638 1924 Spooler - ok

17:17:46.0732 1924 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

17:17:46.0794 1924 sppsvc - ok

17:17:46.0826 1924 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

17:17:46.0826 1924 sppuinotify - ok

17:17:46.0857 1924 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

17:17:46.0872 1924 srv - ok

17:17:46.0888 1924 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

17:17:46.0888 1924 srv2 - ok

17:17:46.0919 1924 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

17:17:46.0919 1924 srvnet - ok

17:17:46.0950 1924 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

17:17:46.0950 1924 SSDPSRV - ok

17:17:46.0966 1924 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

17:17:46.0966 1924 SstpSvc - ok

17:17:46.0997 1924 Steam Client Service - ok

17:17:47.0013 1924 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

17:17:47.0013 1924 stexstor - ok

17:17:47.0060 1924 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

17:17:47.0060 1924 stisvc - ok

17:17:47.0091 1924 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

17:17:47.0091 1924 swenum - ok

17:17:47.0122 1924 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

17:17:47.0138 1924 swprv - ok

17:17:47.0200 1924 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

17:17:47.0231 1924 SysMain - ok

17:17:47.0262 1924 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:17:47.0262 1924 TabletInputService - ok

17:17:47.0278 1924 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

17:17:47.0294 1924 TapiSrv - ok

17:17:47.0309 1924 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

17:17:47.0309 1924 TBS - ok

17:17:47.0372 1924 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

17:17:47.0403 1924 Tcpip - ok

17:17:47.0450 1924 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

17:17:47.0465 1924 TCPIP6 - ok

17:17:47.0481 1924 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

17:17:47.0481 1924 tcpipreg - ok

17:17:47.0496 1924 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

17:17:47.0512 1924 TDPIPE - ok

17:17:47.0528 1924 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

17:17:47.0528 1924 TDTCP - ok

17:17:47.0559 1924 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

17:17:47.0559 1924 tdx - ok

17:17:47.0574 1924 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

17:17:47.0574 1924 TermDD - ok

17:17:47.0606 1924 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

17:17:47.0606 1924 TermService - ok

17:17:47.0621 1924 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

17:17:47.0637 1924 Themes - ok

17:17:47.0652 1924 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

17:17:47.0652 1924 THREADORDER - ok

17:17:47.0668 1924 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

17:17:47.0668 1924 TrkWks - ok

17:17:47.0715 1924 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:17:47.0715 1924 TrustedInstaller - ok

17:17:47.0746 1924 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

17:17:47.0746 1924 tssecsrv - ok

17:17:47.0777 1924 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

17:17:47.0777 1924 TsUsbFlt - ok

17:17:47.0808 1924 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

17:17:47.0824 1924 tunnel - ok

17:17:47.0840 1924 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

17:17:47.0840 1924 uagp35 - ok

17:17:47.0855 1924 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

17:17:47.0855 1924 udfs - ok

17:17:47.0886 1924 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

17:17:47.0886 1924 UI0Detect - ok

17:17:47.0902 1924 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

17:17:47.0902 1924 uliagpkx - ok

17:17:47.0933 1924 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

17:17:47.0933 1924 umbus - ok

17:17:47.0949 1924 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

17:17:47.0949 1924 UmPass - ok

17:17:47.0980 1924 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

17:17:47.0980 1924 Updater Service - ok

17:17:47.0996 1924 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

17:17:48.0011 1924 upnphost - ok

17:17:48.0042 1924 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

17:17:48.0042 1924 USBAAPL64 - ok

17:17:48.0074 1924 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

17:17:48.0089 1924 usbaudio - ok

17:17:48.0120 1924 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys

17:17:48.0120 1924 usbbus - ok

17:17:48.0136 1924 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

17:17:48.0136 1924 usbccgp - ok

17:17:48.0136 1924 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

17:17:48.0152 1924 usbcir - ok

17:17:48.0167 1924 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys

17:17:48.0167 1924 UsbDiag - ok

17:17:48.0183 1924 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

17:17:48.0183 1924 usbehci - ok

17:17:48.0198 1924 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

17:17:48.0214 1924 usbhub - ok

17:17:48.0214 1924 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys

17:17:48.0214 1924 USBModem - ok

17:17:48.0230 1924 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

17:17:48.0230 1924 usbohci - ok

17:17:48.0230 1924 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

17:17:48.0230 1924 usbprint - ok

17:17:48.0245 1924 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:17:48.0261 1924 USBSTOR - ok

17:17:48.0261 1924 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

17:17:48.0276 1924 usbuhci - ok

17:17:48.0308 1924 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

17:17:48.0308 1924 usbvideo - ok

17:17:48.0323 1924 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

17:17:48.0323 1924 UxSms - ok

17:17:48.0339 1924 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

17:17:48.0339 1924 VaultSvc - ok

17:17:48.0370 1924 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

17:17:48.0370 1924 vdrvroot - ok

17:17:48.0401 1924 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

17:17:48.0417 1924 vds - ok

17:17:48.0417 1924 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

17:17:48.0417 1924 vga - ok

17:17:48.0432 1924 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

17:17:48.0432 1924 VgaSave - ok

17:17:48.0464 1924 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

17:17:48.0464 1924 vhdmp - ok

17:17:48.0479 1924 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

17:17:48.0479 1924 viaide - ok

17:17:48.0495 1924 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

17:17:48.0495 1924 volmgr - ok

17:17:48.0526 1924 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

17:17:48.0526 1924 volmgrx - ok

17:17:48.0542 1924 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

17:17:48.0542 1924 volsnap - ok

17:17:48.0573 1924 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

17:17:48.0573 1924 vsmraid - ok

17:17:48.0620 1924 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

17:17:48.0666 1924 VSS - ok

17:17:48.0682 1924 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

17:17:48.0682 1924 vwifibus - ok

17:17:48.0698 1924 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

17:17:48.0698 1924 vwififlt - ok

17:17:48.0698 1924 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

17:17:48.0713 1924 vwifimp - ok

17:17:48.0729 1924 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

17:17:48.0744 1924 W32Time - ok

17:17:48.0760 1924 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

17:17:48.0760 1924 WacomPen - ok

17:17:48.0776 1924 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

17:17:48.0776 1924 WANARP - ok

17:17:48.0776 1924 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

17:17:48.0776 1924 Wanarpv6 - ok

17:17:48.0854 1924 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

17:17:48.0916 1924 WatAdminSvc - ok

17:17:48.0978 1924 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

17:17:49.0025 1924 wbengine - ok

17:17:49.0056 1924 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

17:17:49.0056 1924 WbioSrvc - ok

17:17:49.0088 1924 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

17:17:49.0103 1924 wcncsvc - ok

17:17:49.0119 1924 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:17:49.0119 1924 WcsPlugInService - ok

17:17:49.0134 1924 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

17:17:49.0134 1924 Wd - ok

17:17:49.0181 1924 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

17:17:49.0181 1924 Wdf01000 - ok

17:17:49.0197 1924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

17:17:49.0197 1924 WdiServiceHost - ok

17:17:49.0197 1924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

17:17:49.0212 1924 WdiSystemHost - ok

17:17:49.0228 1924 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

17:17:49.0244 1924 WebClient - ok

17:17:49.0259 1924 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

17:17:49.0259 1924 Wecsvc - ok

17:17:49.0275 1924 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

17:17:49.0290 1924 wercplsupport - ok

17:17:49.0306 1924 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

17:17:49.0322 1924 WerSvc - ok

17:17:49.0322 1924 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

17:17:49.0322 1924 WfpLwf - ok

17:17:49.0337 1924 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

17:17:49.0337 1924 WIMMount - ok

17:17:49.0337 1924 WinDefend - ok

17:17:49.0353 1924 WinHttpAutoProxySvc - ok

17:17:49.0400 1924 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

17:17:49.0400 1924 Winmgmt - ok

17:17:49.0462 1924 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

17:17:49.0493 1924 WinRM - ok

17:17:49.0556 1924 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

17:17:49.0556 1924 WinUsb - ok

17:17:49.0587 1924 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

17:17:49.0602 1924 Wlansvc - ok

17:17:49.0649 1924 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

17:17:49.0649 1924 WmiAcpi - ok

17:17:49.0665 1924 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

17:17:49.0680 1924 wmiApSrv - ok

17:17:49.0696 1924 WMPNetworkSvc - ok

17:17:49.0712 1924 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

17:17:49.0712 1924 WPCSvc - ok

17:17:49.0727 1924 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

17:17:49.0743 1924 WPDBusEnum - ok

17:17:49.0758 1924 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

17:17:49.0758 1924 ws2ifsl - ok

17:17:49.0774 1924 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

17:17:49.0774 1924 wscsvc - ok

17:17:49.0774 1924 WSearch - ok

17:17:49.0883 1924 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

17:17:49.0930 1924 wuauserv - ok

17:17:49.0946 1924 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

17:17:49.0946 1924 WudfPf - ok

17:17:49.0961 1924 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

17:17:49.0977 1924 WUDFRd - ok

17:17:49.0992 1924 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

17:17:50.0008 1924 wudfsvc - ok

17:17:50.0024 1924 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

17:17:50.0039 1924 WwanSvc - ok

17:17:50.0086 1924 X6va006 - ok

17:17:50.0117 1924 X6va008 - ok

17:17:50.0180 1924 X6va010 - ok

17:17:50.0242 1924 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

17:17:50.0258 1924 YahooAUService - ok

17:17:50.0320 1924 ================ Scan global ===============================

17:17:50.0351 1924 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

17:17:50.0382 1924 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

17:17:50.0398 1924 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

17:17:50.0414 1924 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

17:17:50.0445 1924 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

17:17:50.0445 1924 [Global] - ok

17:17:50.0445 1924 ================ Scan MBR ==================================

17:17:50.0460 1924 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0

17:17:54.0033 1924 \Device\Harddisk0\DR0 - ok

17:17:54.0048 1924 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk6\DR6

17:18:06.0497 1924 \Device\Harddisk6\DR6 - ok

17:18:06.0497 1924 ================ Scan VBR ==================================

17:18:06.0513 1924 [ 8C6572A2430ADBB6A5E9BC9E89AF6A12 ] \Device\Harddisk0\DR0\Partition1

17:18:06.0513 1924 \Device\Harddisk0\DR0\Partition1 - ok

17:18:06.0544 1924 [ 8CE128768D6B9BE5085B6ED954584AFD ] \Device\Harddisk0\DR0\Partition2

17:18:06.0544 1924 \Device\Harddisk0\DR0\Partition2 - ok

17:18:06.0544 1924 [ C7A49919AA0F94CC709CA26219B01D5C ] \Device\Harddisk6\DR6\Partition1

17:18:06.0544 1924 \Device\Harddisk6\DR6\Partition1 - ok

17:18:06.0544 1924 ============================================================

17:18:06.0544 1924 Scan finished

17:18:06.0544 1924 ============================================================

17:18:06.0560 2340 Detected object count: 0

17:18:06.0560 2340 Actual detected object count: 0

17:18:27.0947 4032 Deinitialize success

< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >

C:\Program Files (x86)\1ClickDownload\uninstall.exe Win32/Adware.1ClickDownload application

C:\ProgramData\wxDownload\50b3e6f662612.ocx Win32/Adware.MultiPlug.D application

C:\Qoobox\Quarantine\C\torrent.exe.vir Win32/BundleInstaller.A application

C:\Qoobox\Quarantine\C\Users\Entregan\AppData\Local\Macromedia\Google\bgwkitdpx.dll.vir a variant of Win32/Kryptik.AOWX trojan

C:\Qoobox\Quarantine\C\Users\Entregan\AppData\Local\{f4d6444e-f1ad-a31d-d6dd-392bece63f36}\n.vir Win64/Sirefef.W trojan

C:\Users\All Users\wxDownload\50b3e6f662612.ocx Win32/Adware.MultiPlug.D application

C:\Users\Entregan\AppData\Local\Temp\fhNZ4irv.exe.part a variant of Win32/SoftonicDownloader.E application

C:\Users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\36152302-733eefef a variant of Win32/Kryptik.AJFC trojan

C:\Users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6eba7426-493cb52f multiple threats

C:\Users\Entregan\Downloads\boarding_school_babes_teachers_pet.exe Win32/BundleInstaller.A application

C:\Users\Entregan\Downloads\cnet2_ComicViewer_exe.exe a variant of Win32/InstallCore.D application

C:\Users\Entregan\Downloads\cnet2_flash_movie_player_exe.exe a variant of Win32/InstallCore.D application

C:\Users\Entregan\Downloads\DTLite4451-0236.exe Win32/OpenCandy application

C:\Users\Entregan\Downloads\PC_Tools_Performance_Toolkit__.exe multiple threats

C:\Users\Entregan\Downloads\SoftonicDownloader_for_flash-movie-player.exe Win32/SoftonicDownloader application

C:\Users\Entregan\Downloads\SoftonicDownloader_for_startup-doctor.exe Win32/SoftonicDownloader.D application

C:\Users\Entregan\Downloads\SoftonicDownloader_for_steam.exe Win32/SoftonicDownloader application

C:\Users\Entregan\Downloads\The_Avengers_[2012]_CAM_H264_elite-pirates.exe Win32/Adware.1ClickDownload.C application

C:\Users\Entregan\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application

C:\Users\Entregan\Music\Collective_Soul_-_Collective_Soul_[blue]_(1995).exe multiple threats

[CatByte]

Please do the following:

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files (x86)\1ClickDownload\uninstall.exe 
C:\ProgramData\wxDownload\50b3e6f662612.ocx 
C:\Users\All Users\wxDownload\50b3e6f662612.ocx 
C:\Users\Entregan\AppData\Local\Temp\fhNZ4irv.exe.part 
C:\Users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\36152302-733eefef 
C:\Users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6eba7426-493cb52f 
C:\Users\Entregan\Downloads\boarding_school_babes_teachers_pet.exe 
C:\Users\Entregan\Downloads\cnet2_ComicViewer_exe.exe 
C:\Users\Entregan\Downloads\cnet2_flash_movie_player_exe.exe 
C:\Users\Entregan\Downloads\DTLite4451-0236.exe 
C:\Users\Entregan\Downloads\PC_Tools_Performance_Toolkit__.exe 
C:\Users\Entregan\Downloads\SoftonicDownloader_for_flash-movie-player.exe 
C:\Users\Entregan\Downloads\SoftonicDownloader_for_startup-doctor.exe 
C:\Users\Entregan\Downloads\SoftonicDownloader_for_steam.exe 
C:\Users\Entregan\Downloads\The_Avengers_[2012]_CAM_H264_elite-pirates.exe 
C:\Users\Entregan\Downloads\vlcmediaplayer-setup.exe 
C:\Users\Entregan\Music\Collective_Soul_-_Collective_Soul_[Blue]_(1995).exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix may request an update; please allow it.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you.
  
• Copy and paste the contents of the log in your next reply.
  

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

[Entregan]

Alright. Here's the logs from ComboFix. As it stands, I'm still not optimal. However, everything does seem to be in good working order.

< - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >

ComboFix 12-12-02.01 - Entregan 12/02/2012 22:13:03.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4228 [GMT -6:00]

Running from: c:\users\Entregan\Desktop\ComboFix.exe

Command switches used :: c:\users\Entregan\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files (x86)\1ClickDownload\uninstall.exe"

"c:\programdata\wxDownload\50b3e6f662612.ocx"

"c:\users\All Users\wxDownload\50b3e6f662612.ocx"

"c:\users\Entregan\AppData\Local\Temp\fhNZ4irv.exe.part"

"c:\users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\36152302-733eefef"

"c:\users\Entregan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6eba7426-493cb52f"

"c:\users\Entregan\Downloads\boarding_school_babes_teachers_pet.exe"

"c:\users\Entregan\Downloads\cnet2_ComicViewer_exe.exe"

"c:\users\Entregan\Downloads\cnet2_flash_movie_player_exe.exe"

"c:\users\Entregan\Downloads\DTLite4451-0236.exe"

"c:\users\Entregan\Downloads\PC_Tools_Performance_Toolkit__.exe"

"c:\users\Entregan\Downloads\SoftonicDownloader_for_flash-movie-player.exe"

"c:\users\Entregan\Downloads\SoftonicDownloader_for_startup-doctor.exe"

"c:\users\Entregan\Downloads\SoftonicDownloader_for_steam.exe"

"c:\users\Entregan\Downloads\The_Avengers_[2012]_CAM_H264_elite-pirates.exe"

"c:\users\Entregan\Downloads\vlcmediaplayer-setup.exe"

"c:\users\Entregan\Music\Collective_Soul_-_Collective_Soul_[blue]_(1995).exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\1ClickDownload\uninstall.exe

c:\programdata\wxDownload\50b3e6f662612.ocx

c:\users\All Users\wxDownload\50b3e6f662612.ocx

c:\users\Entregan\Downloads\boarding_school_babes_teachers_pet.exe

c:\users\Entregan\Downloads\cnet2_ComicViewer_exe.exe

c:\users\Entregan\Downloads\cnet2_flash_movie_player_exe.exe

c:\users\Entregan\Downloads\DTLite4451-0236.exe

c:\users\Entregan\Downloads\PC_Tools_Performance_Toolkit__.exe

c:\users\Entregan\Downloads\SoftonicDownloader_for_flash-movie-player.exe

c:\users\Entregan\Downloads\SoftonicDownloader_for_startup-doctor.exe

c:\users\Entregan\Downloads\SoftonicDownloader_for_steam.exe

c:\users\Entregan\Downloads\The_Avengers_[2012]_CAM_H264_elite-pirates.exe

c:\users\Entregan\Downloads\vlcmediaplayer-setup.exe

c:\users\Entregan\Music\Collective_Soul_-_Collective_Soul_[blue]_(1995).exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))

.

.

2012-12-03 04:24 . 2012-12-03 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-02 23:20 . 2012-12-02 23:20 -------- d-----w- c:\program files (x86)\ESET

2012-12-02 22:14 . 2012-12-02 22:14 -------- d-----w- c:\windows\ERUNT

2012-12-02 22:14 . 2012-12-02 22:14 -------- d-----w- C:\JRT

2012-12-01 07:41 . 2010-04-29 21:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2012-12-01 07:41 . 2010-04-29 21:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-01 01:01 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C799154-D873-460D-B987-398221FAE0A1}\mpengine.dll

2012-11-30 15:25 . 2012-11-30 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-11-28 18:20 . 2012-11-28 18:21 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcD2D3.tmp

2012-11-28 18:18 . 2012-12-02 16:14 -------- d-----w- c:\users\Entregan\Tracing

2012-11-26 22:01 . 2012-11-26 22:01 -------- d-----w- c:\program files (x86)\wxDownload Fast

2012-11-26 22:00 . 2012-11-26 22:00 -------- d-----w- c:\program files (x86)\WxDownload

2012-11-26 22:00 . 2012-12-03 04:23 -------- d-----w- c:\programdata\wxDownload

2012-11-21 21:55 . 2012-11-21 21:55 -------- d-----w- C:\gOYNuoGr9r1xSBK

2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files\Microsoft Silverlight

2012-11-21 07:30 . 2012-11-21 07:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-11-16 09:13 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 09:13 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 09:13 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 09:13 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 09:04 . 2012-10-08 11:26 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-11-16 09:04 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-16 09:04 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-16 09:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 09:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 09:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-16 09:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-16 09:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 09:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 09:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-16 09:01 . 2011-12-07 23:51 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-16 08:38 . 2012-11-28 13:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 13:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 13:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-08 20:57 . 2012-09-01 20:22 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 20:57 . 2011-12-13 21:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-14 19:19 . 2012-10-09 20:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-09 20:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-14 04:45 . 2012-09-14 04:45 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-14 04:45 . 2012-09-14 04:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-14 04:45 . 2012-02-20 06:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976]

"Spotify"="c:\users\Entregan\AppData\Roaming\Spotify\Spotify.exe" [2012-11-12 7880664]

"Spotify Web Helper"="c:\users\Entregan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-12 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103904]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

.

c:\users\Entregan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-10-25 0]

Dropbox.lnk - c:\users\Entregan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-12-12 1038304]

R3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-12-12 1030112]

R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-12-07 716800]

R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-12-12 163440]

R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-12-12 191104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]

R3 X6va006;X6va006;c:\users\Entregan\AppData\Local\Temp\00644A2.tmp [x]

R3 X6va008;X6va008;c:\users\Entregan\AppData\Local\Temp\008F928.tmp [x]

R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-20 279616]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]

S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793056]

S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 45201805

*Deregistered* - 45201805

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 20:57]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58]

.

2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 19:58]

.

2012-12-02 c:\windows\Tasks\PTSchedule.job

- c:\program files (x86)\PC Tools\PC Tools Utilities\pt.exe [2012-03-31 17:16]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Entregan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361211g216p04c5v145r4421s244

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Entregan\AppData\Roaming\Mozilla\Firefox\Profiles\x0v0e92r.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage - netflix.com

FF - prefs.js: network.proxy.type - 4

FF - ExtSQL: !HIDDEN! 2012-03-31 02:19; fbphotozoom@installdaddy.com; c:\program files (x86)\fbphotozoom\fbphotozoom15.xpi

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{058F3854-AE44-8D10-5FBA-9FA9BD92DB29} - c:\programdata\wxDownload\50b3e6f662612.ocx

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\00644A2.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]

"ImagePath"="\??\c:\users\Entregan\AppData\Local\Temp\008F928.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va010]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,

36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:70,7b,e5,0b,15,c6,cd,01

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-02 22:26:43

ComboFix-quarantined-files.txt 2012-12-03 04:26

ComboFix2.txt 2012-12-02 17:51

.

Pre-Run: 520,530,472,960 bytes free

Post-Run: 520,485,888,000 bytes free

.

- - End Of File - - FD818AAAFF845AD05A994543D1D8BE95

[CatByte]

please navigate to the following folder > right click and delete it

C:\gOYNuoGr9r1xSBK

As it stands, I'm still not optimal

please advise in as much detail as possible how the computer is running

[Entregan]

>>> Deleted.

>>> Computer operates at sub-par speeds.

>>> Possible Defrag?

[CatByte]

yes, try a defrag, if it makes no difference, then try the following:

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Once that is done then go to step 3 and allow it to run SFC

On the the Start Repairs tab => Click the Start

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know if that makes any difference

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!