Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware issue for months - please help!


  • This topic is locked This topic is locked
34 replies to this topic

#1 PuckMark

PuckMark

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 20 May 2012 - 03:13 PM

I have tried everything I know....and nothing has worked. I have followed the directions as best I could, and here are the logs that have been created. Please note: the GMER log didn't look like the screenshots in your instructions - I was unable to check any boxes besides Services, Registry, Files, C:\, and ADS.

Attached File  Attach.txt   11.04KB   1 downloads
Attached File  ark.txt   2.45KB   3 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 21 May 2012 - 12:14 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 PuckMark

PuckMark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 21 May 2012 - 07:14 PM

Thank you for your prompt reply. I believe I have followed the instructions as requested. Let me know if there is anything else you need.

Results of screen317's Security Check version 0.99.33
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java Web Start
Java™ 6 Update 24
Java 2 Runtime Environment, SE v1.4.1
Java version out of date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Owner at 20:08:36 on 2012-05-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1775 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\afasrv64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\lxdkcoms.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\USIM Editor\iconcs47587012.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\dplaysvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173612092206p0335v105r48n3s27o
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173612092206p0335v105r48n3s27o
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Lexmark 5300 Series] "C:\Program Files (x86)\Lexmark 5300 Series\fm3032.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs47587012.exe RunFromReg
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/plugins/activex/YoYo.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxps://carelink.minimed.com/plugin/jinstall-6u16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{9ABDC924-D1C1-4FA0-B1D8-43957103F039} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-X64: Conduit Engine - No File
BHO-X64: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Lexmark 5300 Series] "C:\Program Files (x86)\Lexmark 5300 Series\fm3032.exe" /s
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs47587012.exe RunFromReg
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AfaService;Afa Card Reader Service;C:\Windows\System32\afasrv64.exe [2011-7-12 73728]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 lxdk_device;lxdk_device;C:\Windows\system32\lxdkcoms.exe -service --> C:\Windows\system32\lxdkcoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-15 652360]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-14 240160]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 MHIKEY10;MHIKEY10;C:\Windows\system32\Drivers\MHIKEY10x64.sys --> C:\Windows\system32\Drivers\MHIKEY10x64.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-22 00:01:07 -------- d-----w- C:\Users\Owner\AppData\Local\{9DF19ED1-F460-4E31-A8E3-AEB6ECE5CDA0}
2012-05-22 00:00:55 -------- d-----w- C:\Users\Owner\AppData\Local\{F9C05F05-BE1D-4C03-B842-AD603F7339B9}
2012-05-22 00:00:43 -------- d-----w- C:\Users\Owner\AppData\Local\{8BE79CA6-3276-4021-AADF-80E3D4AF8063}
2012-05-22 00:00:06 -------- d-----w- C:\Users\Owner\AppData\Local\{4AF46F11-07E2-4E4D-928C-3D0DFB05FE43}
2012-05-20 18:52:39 -------- d-----w- C:\Users\Owner\AppData\Local\{DFAE2B83-7AB7-4D22-B612-014158317C27}
2012-05-20 18:52:28 -------- d-----w- C:\Users\Owner\AppData\Local\{CCE1A3A5-B6BE-40B9-9C32-1252643C50E1}
2012-05-20 18:52:08 -------- d-----w- C:\Users\Owner\AppData\Local\{1557549D-12AC-4CFC-9022-8204C84BC99B}
2012-05-11 18:21:57 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 18:21:57 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 18:21:36 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 18:21:30 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 18:21:28 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 18:21:28 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 18:21:28 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 18:21:27 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 18:21:27 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-05 07:00:45 -------- d-----w- C:\Users\Owner\AppData\Local\{AA8FFABB-7754-4945-B864-A5D3D5562479}
2012-05-04 02:12:17 302080 ----a-w- C:\ProgramData\EwuVKfxxdqQmdV.exe
2012-05-04 01:51:50 -------- d-----w- C:\Users\Owner\AppData\Local\{163347EF-0568-4BA9-887A-73D4E9890956}
2012-05-04 01:51:38 -------- d-----w- C:\Users\Owner\AppData\Local\{EC5726D0-34C6-4D8B-BA0A-5F5A625A0E8A}
2012-05-04 01:51:18 -------- d-----w- C:\Users\Owner\AppData\Local\{5613C5D9-3166-4CBD-87D6-8E9D8E099DAC}
2012-05-04 01:51:04 -------- d-----w- C:\Users\Owner\AppData\Local\{4D44708A-DAEB-4CFA-B42A-AC9B4B6323EF}
2012-04-29 17:25:57 -------- d-----w- C:\Users\Owner\AppData\Local\{EA3BB18F-AE29-47C9-BDD9-48833E62DA30}
2012-04-29 17:25:35 -------- d-----w- C:\Users\Owner\AppData\Local\{237EB4CC-3BA2-490E-B591-F81D80DB20C5}
2012-04-29 17:25:24 -------- d-----w- C:\Users\Owner\AppData\Local\{9C5F8743-444D-4249-BC48-43B7F8C43720}
2012-04-29 17:25:13 -------- d-----w- C:\Users\Owner\AppData\Local\{69206369-87C8-4DE7-951D-F50C9098D2F4}
2012-04-29 15:39:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-29 15:38:46 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-29 15:26:49 -------- d-----w- C:\Users\Owner\AppData\Local\{A8136FD3-EE23-40D6-96E5-843B8A65D457}
2012-04-29 15:26:38 -------- d-----w- C:\Users\Owner\AppData\Local\{E08FF319-0757-41DD-8943-834B957EFF79}
2012-04-29 15:26:27 -------- d-----w- C:\Users\Owner\AppData\Local\{5CBA15A1-C6D5-4110-B3F0-DEFA69A8BD37}
2012-04-29 15:26:15 -------- d-----w- C:\Users\Owner\AppData\Local\{58CD493D-6FD3-44DB-AB60-1C3AA03CA504}
.
==================== Find3M ====================
.
2012-04-15 23:01:00 711240 ----a-w- C:\Windows\isRS-000.tmp
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 20:10:39.13 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/14/2009 12:13:47 PM
System Uptime: 5/21/2012 7:58:04 PM (1 hours ago)
.
Motherboard: eMachines | | EMCP73VT-PM
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2603/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 685 GiB total, 555.656 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&EABE7E6&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&EABE7E6&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP377: 4/27/2012 3:00:21 AM - Windows Update
RP378: 4/28/2012 3:00:20 AM - Windows Update
RP379: 4/29/2012 11:29:31 AM - Windows Update
RP380: 4/29/2012 11:34:36 AM - Windows Update
RP381: 4/29/2012 1:28:11 PM - Windows Update
RP382: 5/1/2012 8:56:19 PM - Windows Update
RP383: 5/2/2012 3:00:21 AM - Windows Update
RP384: 5/2/2012 9:30:30 AM - Windows Update
RP385: 5/3/2012 3:00:21 AM - Windows Update
RP386: 5/4/2012 3:00:23 AM - Windows Update
RP387: 5/5/2012 3:00:21 AM - Windows Update
RP388: 5/6/2012 3:00:22 AM - Windows Update
RP389: 5/7/2012 3:00:20 AM - Windows Update
RP390: 5/8/2012 3:00:21 AM - Windows Update
RP391: 5/9/2012 3:00:44 AM - Windows Update
RP392: 5/12/2012 3:00:24 AM - Windows Update
RP393: 5/13/2012 3:00:30 AM - Windows Update
RP394: 5/14/2012 3:00:22 AM - Windows Update
RP395: 5/15/2012 3:00:21 AM - Windows Update
RP396: 5/16/2012 3:00:20 AM - Windows Update
RP397: 5/17/2012 3:00:20 AM - Windows Update
RP398: 5/18/2012 3:00:20 AM - Windows Update
RP399: 5/19/2012 3:00:20 AM - Windows Update
RP400: 5/20/2012 3:00:20 AM - Windows Update
RP401: 5/20/2012 3:17:19 PM - Installed Microsoft Fix it 50687
RP402: 5/21/2012 8:04:40 PM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.0 MUI
Adobe Shockwave Player
Advertising Center
AnswerWorks 5.0 English Runtime
Ask Toolbar
Backyard Baseball 2001
Backyard Basketball
Backyard Football
Backyard Hockey
Backyard Skateboarding
Barbie™ In The 12 Dancing Princesses
Bing Bar
Bing Rewards Client Installer
Cap'n Crunch's Crunchling Adventure™
Coby Media Manager
Comic Life
Compatibility Pack for the 2007 Office system
Conduit Engine
Coupon Printer for Windows
D3DX10
Docs Opener 0.1
Dora Fairytale Adventure
EA SPORTS online 2008
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Game Maker 7.0
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Gotcha!
Harry Potter - Quidditch World Cup
Hello Kitty Dream Carnival
HijackThis 2.0.2
Hot Wheels® Stunt Track Driver 2 - GET'N DIRTY™
HP Photo Creations
HP Photosmart Plus B210 series Help
HP Update
Identity Card
ImagXpress
Indeo® software
iSEEK AnswerWorks English Runtime
Java 2 Runtime Environment, SE v1.4.1
Java Auto Updater
Java Web Start
Java™ 6 Update 24
Junk Mail filter update
Learning Game Maker
LEGO® Stop Animation Studio
Lemmings Revolution
Lemony Snicket's A Series of Unfortunate Events
Madden NFL 08
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
Microsoft Works
Moneydance 2010
Moon Tycoon
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicnotes Software Suite 1.2
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
PageRage Toolbar
Quicken 2010
Quicken WillMaker Plus 2010
Rayman Raving Rabbids
Realtek High Definition Audio Driver
Robot Arena 2
RollerCoaster Tycoon Deluxe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SplashPhoto for PocketPC
SpongeBob SquarePants Typing
Stunt Track Driver
TrackMania Sunrise 1.4.6
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmiiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmiiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmiiper
TurboTax 2011 wrapper
Ultimate Ride
Uninstall Veggie Carnival
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USIM Editor 1.0.24.0
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zoombinis Logical Journey™
.
==== Event Viewer Messages From Past Week ========
.
5/21/2012 8:05:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).
5/21/2012 8:05:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).
5/21/2012 8:01:10 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
5/21/2012 7:58:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
5/21/2012 7:58:51 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
5/21/2012 7:58:48 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/20/2012 3:33:38 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/20/2012 3:32:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
5/20/2012 3:32:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/20/2012 3:32:02 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/20/2012 3:32:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/20/2012 3:32:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/20/2012 3:31:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/20/2012 3:31:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/20/2012 3:31:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6
5/20/2012 3:31:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/20/2012 1:54:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wcncsvc service.
5/20/2012 1:54:15 PM, Error: Service Control Manager [7000] - The Windows Connect Now - Config Registrar service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/20/2012 1:42:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
5/20/2012 1:41:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
5/14/2012 3:39:38 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 00-24-8D-19-6D-AF. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 21 May 2012 - 08:29 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 24 May 2012 - 05:54 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 PuckMark

PuckMark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 24 May 2012 - 01:47 PM

Gringo,

I have been out for a couple of days and have not had a chance to look at this. I will do so tonight or tomorrow. Thanks for your assistance.

Mark

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 24 May 2012 - 02:12 PM

no problem and hope to see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 PuckMark

PuckMark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 26 May 2012 - 12:43 PM

I finally had a chance to work on this. The first time I ran combofix, I got the blue screen of death only 2 minutes into the process. I ran it again a 2nd time, and it appears to have worked. I just tried some google searches, and they appear to be working fine for the moment. Here is my combofix log:

ComboFix 12-05-26.02 - Owner 05/26/2012 13:12:02.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2391 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\EwuVKfxxdqQmdV.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\users\Owner\Taskmgr.exe
c:\users\Owner\wevtapi.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\isRS-000.tmp
c:\windows\svchost.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
c:\windows\system32\consrv.dll
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\System64
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 17:20 . 2012-05-26 17:20 -------- d-----w- c:\users\Kid's Account\AppData\Local\temp
2012-05-26 17:20 . 2012-05-26 17:20 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-26 17:20 . 2012-05-26 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-20 17:49 . 2012-05-20 17:49 -------- d-----w- c:\users\Kid's Account\AppData\Roaming\Malwarebytes
2012-05-13 07:01 . 2012-05-13 07:01 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 07:01 . 2012-05-13 07:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-11 18:21 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 18:21 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 18:21 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 18:21 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 18:21 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 18:21 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 18:21 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 18:21 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 18:21 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-04-29 15:39 . 2012-04-29 21:13 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-29 15:38 . 2012-04-29 21:13 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-12-09 23:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 06:46 . 2012-04-12 07:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 07:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 07:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-29 00:52 . 2012-02-29 00:52 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-28 06:39 . 2012-04-11 07:10 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38 . 2012-04-11 07:10 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 04:31 . 2012-04-11 07:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 03:52 . 2012-04-11 07:10 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 21:40 1362320 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-02 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Lexmark 5300 Series"="c:\program files (x86)\Lexmark 5300 Series\fm3032.exe" [2007-06-22 307888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"USBestCR"="c:\program files (x86)\USIM Editor\iconcs47587012.exe" [2011-07-12 5138944]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [2012-04-29 56416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [2012-04-29 56416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe [2007-06-14 1053104]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 12:07]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 12:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]
"lxdkmon.exe"="c:\program files (x86)\Lexmark 5300 Series\lxdkmon.exe" [2007-06-22 455344]
"lxdkamon"="c:\program files (x86)\Lexmark 5300 Series\lxdkamon.exe" [2007-06-01 20480]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]
"USBestCR"="c:\program files (x86)\USIM Editor\iconcs47587012.exe" [2011-07-12 5138944]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"combofix"="c:\combofix\CF60.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173612092206p0335v105r48n3s27o
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/plugins/activex/YoYo.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-UnityWebPlayer - c:\users\Owner\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-890220680-997154576-1016447632-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**,*%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-890220680-997154576-1016447632-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-890220680-997154576-1016447632-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-890220680-997154576-1016447632-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4107E4FC-C414-350F-0F91-8E94ED4DE066}*]
"jamjbcdfffbolnmmncjl"=hex:6f,61,6e,69,6e,68,68,63,64,6f,65,6c,62,68,62,63,68,
68,6a,67,69,6c,6c,65,63,61,64,66,61,6e,00,00
"hapjgcbdmphbfbde"=hex:6f,61,63,6a,68,65,63,6a,6b,69,61,70,6a,70,66,69,6a,67,
61,6f,66,6a,6b,6f,6e,6c,64,6b,6a,68,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-05-26 13:35:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 17:35
.
Pre-Run: 596,900,499,456 bytes free
Post-Run: 597,837,774,848 bytes free
.
- - End Of File - - 6A0A1D9EDF11A500BAF9C4DC44532A33

#9 PuckMark

PuckMark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 26 May 2012 - 12:48 PM

Perhaps I posted a few minutes too soon. I rebooted my PC, and my Malwarebytes Anti-Malware protection keeps popping up with a window in the lower right hand corner of my screen that says:

Successfully blocked access to a potentially malicious website: 206.161.121.6
Type: outgoing
Port: 56946, Process: svchost.exe

This has happened 4 times in just about 5 minutes.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 26 May 2012 - 01:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 28 May 2012 - 11:17 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 PuckMark

PuckMark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 29 May 2012 - 08:04 AM

I have been out of town for the holiday weekend, but will be home tonight to work on this. Will let you know how it goes.

Thanks again for your help.

Mark

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 29 May 2012 - 10:54 AM

ok see you then


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 01 June 2012 - 12:26 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 PuckMark

PuckMark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 03 June 2012 - 05:12 PM

Ok, here are the logs finally. TDSS did find something, I hit cure, and then the pc was forced to reboot.

18:04:40.0241 3244 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:04:40.0256 3244 ============================================================
18:04:40.0256 3244 Current date / time: 2012/06/03 18:04:40.0256
18:04:40.0256 3244 SystemInfo:
18:04:40.0256 3244
18:04:40.0256 3244 OS Version: 6.1.7601 ServicePack: 1.0
18:04:40.0256 3244 Product type: Workstation
18:04:40.0256 3244 ComputerName: OWNER-PC
18:04:40.0256 3244 UserName: Owner
18:04:40.0256 3244 Windows directory: C:\Windows
18:04:40.0256 3244 System windows directory: C:\Windows
18:04:40.0256 3244 Running under WOW64
18:04:40.0256 3244 Processor architecture: Intel x64
18:04:40.0256 3244 Number of processors: 2
18:04:40.0256 3244 Page size: 0x1000
18:04:40.0256 3244 Boot type: Normal boot
18:04:40.0256 3244 ============================================================
18:04:43.0096 3244 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:04:43.0127 3244 Drive \Device\Harddisk6\DR6 - Size: 0x79100000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:04:43.0127 3244 ============================================================
18:04:43.0127 3244 \Device\Harddisk0\DR0:
18:04:43.0127 3244 MBR partitions:
18:04:43.0127 3244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
18:04:43.0127 3244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x55913000
18:04:43.0127 3244 \Device\Harddisk6\DR6:
18:04:43.0127 3244 MBR partitions:
18:04:43.0127 3244 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x6, StartLBA 0x1F80, BlocksNum 0x3C6880
18:04:43.0127 3244 ============================================================
18:04:43.0142 3244 C: <-> \Device\Harddisk0\DR0\Partition1
18:04:43.0142 3244 ============================================================
18:04:43.0142 3244 Initialize success
18:04:43.0142 3244 ============================================================
18:04:48.0290 0108 ============================================================
18:04:48.0290 0108 Scan started
18:04:48.0290 0108 Mode: Manual;
18:04:48.0290 0108 ============================================================
18:04:49.0960 0108 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:04:49.0960 0108 !SASCORE - ok
18:04:50.0116 0108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:04:50.0116 0108 1394ohci - ok
18:04:50.0178 0108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:04:50.0194 0108 ACPI - ok
18:04:50.0209 0108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:04:50.0209 0108 AcpiPmi - ok
18:04:50.0240 0108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:04:50.0256 0108 adp94xx - ok
18:04:50.0287 0108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:04:50.0287 0108 adpahci - ok
18:04:50.0318 0108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:04:50.0318 0108 adpu320 - ok
18:04:50.0350 0108 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:04:50.0350 0108 AeLookupSvc - ok
18:04:50.0350 0108 AfaService - ok
18:04:50.0459 0108 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:04:50.0474 0108 AFD - ok
18:04:50.0568 0108 AgereSoftModem (2173e070647ac68c16b8214fe5c05ec3) C:\Windows\system32\DRIVERS\agrsm64.sys
18:04:50.0599 0108 AgereSoftModem - ok
18:04:50.0615 0108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:04:50.0615 0108 agp440 - ok
18:04:50.0630 0108 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:04:50.0630 0108 ALG - ok
18:04:50.0662 0108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:04:50.0662 0108 aliide - ok
18:04:50.0662 0108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:04:50.0677 0108 amdide - ok
18:04:50.0693 0108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:04:50.0693 0108 AmdK8 - ok
18:04:50.0708 0108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:04:50.0708 0108 AmdPPM - ok
18:04:50.0724 0108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:04:50.0724 0108 amdsata - ok
18:04:50.0755 0108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:04:50.0755 0108 amdsbs - ok
18:04:50.0771 0108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:04:50.0771 0108 amdxata - ok
18:04:50.0818 0108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:04:50.0818 0108 AppID - ok
18:04:50.0833 0108 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:04:50.0833 0108 AppIDSvc - ok
18:04:50.0880 0108 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:04:50.0880 0108 Appinfo - ok
18:04:50.0927 0108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:04:50.0927 0108 arc - ok
18:04:50.0927 0108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:04:50.0927 0108 arcsas - ok
18:04:50.0958 0108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:50.0958 0108 AsyncMac - ok
18:04:50.0974 0108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:04:50.0974 0108 atapi - ok
18:04:51.0020 0108 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:04:51.0036 0108 AudioEndpointBuilder - ok
18:04:51.0036 0108 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:04:51.0036 0108 AudioSrv - ok
18:04:51.0052 0108 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:04:51.0067 0108 AxInstSV - ok
18:04:51.0083 0108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:04:51.0098 0108 b06bdrv - ok
18:04:51.0114 0108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:04:51.0130 0108 b57nd60a - ok
18:04:51.0254 0108 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:04:51.0270 0108 BBSvc - ok
18:04:51.0301 0108 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:04:51.0301 0108 BDESVC - ok
18:04:51.0317 0108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:04:51.0317 0108 Beep - ok
18:04:51.0395 0108 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:04:51.0410 0108 BFE - ok
18:04:51.0457 0108 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:04:51.0473 0108 BITS - ok
18:04:51.0504 0108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:04:51.0504 0108 blbdrive - ok
18:04:51.0535 0108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:04:51.0535 0108 bowser - ok
18:04:51.0551 0108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:04:51.0566 0108 BrFiltLo - ok
18:04:51.0582 0108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:04:51.0582 0108 BrFiltUp - ok
18:04:51.0613 0108 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:04:51.0613 0108 BridgeMP - ok
18:04:51.0676 0108 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:04:51.0676 0108 Browser - ok
18:04:51.0691 0108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:04:51.0707 0108 Brserid - ok
18:04:51.0722 0108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:04:51.0722 0108 BrSerWdm - ok
18:04:51.0738 0108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:04:51.0738 0108 BrUsbMdm - ok
18:04:51.0754 0108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:04:51.0754 0108 BrUsbSer - ok
18:04:51.0769 0108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:04:51.0769 0108 BTHMODEM - ok
18:04:51.0800 0108 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:04:51.0800 0108 bthserv - ok
18:04:51.0800 0108 catchme - ok
18:04:51.0816 0108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:04:51.0816 0108 cdfs - ok
18:04:51.0878 0108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:04:51.0878 0108 cdrom - ok
18:04:51.0910 0108 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:04:51.0910 0108 CertPropSvc - ok
18:04:51.0925 0108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:04:51.0925 0108 circlass - ok
18:04:51.0956 0108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:04:51.0956 0108 CLFS - ok
18:04:52.0034 0108 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:52.0034 0108 clr_optimization_v2.0.50727_32 - ok
18:04:52.0066 0108 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:04:52.0066 0108 clr_optimization_v2.0.50727_64 - ok
18:04:52.0175 0108 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:52.0206 0108 clr_optimization_v4.0.30319_32 - ok
18:04:52.0253 0108 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:04:52.0253 0108 clr_optimization_v4.0.30319_64 - ok
18:04:52.0268 0108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:04:52.0268 0108 CmBatt - ok
18:04:52.0315 0108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:04:52.0315 0108 cmdide - ok
18:04:52.0362 0108 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:04:52.0362 0108 CNG - ok
18:04:52.0362 0108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:04:52.0378 0108 Compbatt - ok
18:04:52.0393 0108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:04:52.0393 0108 CompositeBus - ok
18:04:52.0409 0108 COMSysApp - ok
18:04:52.0424 0108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:04:52.0424 0108 crcdisk - ok
18:04:52.0487 0108 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:04:52.0487 0108 CryptSvc - ok
18:04:52.0534 0108 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:04:52.0549 0108 DcomLaunch - ok
18:04:52.0580 0108 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:04:52.0580 0108 defragsvc - ok
18:04:52.0627 0108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:04:52.0627 0108 DfsC - ok
18:04:52.0658 0108 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:04:52.0658 0108 Dhcp - ok
18:04:52.0674 0108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:04:52.0674 0108 discache - ok
18:04:52.0736 0108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:04:52.0736 0108 Disk - ok
18:04:52.0783 0108 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:04:52.0783 0108 Dnscache - ok
18:04:52.0892 0108 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:04:52.0892 0108 dot3svc - ok
18:04:52.0924 0108 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:04:52.0924 0108 DPS - ok
18:04:52.0955 0108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:04:52.0955 0108 drmkaud - ok
18:04:53.0033 0108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:04:53.0048 0108 DXGKrnl - ok
18:04:53.0064 0108 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:04:53.0064 0108 EapHost - ok
18:04:53.0173 0108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:04:53.0236 0108 ebdrv - ok
18:04:53.0376 0108 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:04:53.0392 0108 EFS - ok
18:04:53.0454 0108 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:04:53.0470 0108 ehRecvr - ok
18:04:53.0485 0108 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:04:53.0485 0108 ehSched - ok
18:04:53.0548 0108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:04:53.0563 0108 elxstor - ok
18:04:53.0594 0108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:04:53.0594 0108 ErrDev - ok
18:04:53.0626 0108 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:04:53.0641 0108 EventSystem - ok
18:04:53.0657 0108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:04:53.0657 0108 exfat - ok
18:04:53.0688 0108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:04:53.0688 0108 fastfat - ok
18:04:53.0719 0108 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:04:53.0735 0108 Fax - ok
18:04:53.0750 0108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:04:53.0750 0108 fdc - ok
18:04:53.0766 0108 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:04:53.0766 0108 fdPHost - ok
18:04:53.0782 0108 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:04:53.0782 0108 FDResPub - ok
18:04:53.0797 0108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:04:53.0797 0108 FileInfo - ok
18:04:53.0813 0108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:04:53.0813 0108 Filetrace - ok
18:04:53.0828 0108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:53.0828 0108 flpydisk - ok
18:04:53.0860 0108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:04:53.0860 0108 FltMgr - ok
18:04:53.0938 0108 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:04:53.0969 0108 FontCache - ok
18:04:54.0094 0108 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:04:54.0094 0108 FontCache3.0.0.0 - ok
18:04:54.0156 0108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:04:54.0156 0108 FsDepends - ok
18:04:54.0218 0108 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
18:04:54.0218 0108 fssfltr - ok
18:04:54.0421 0108 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:04:54.0452 0108 fsssvc - ok
18:04:54.0546 0108 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:04:54.0546 0108 Fs_Rec - ok
18:04:54.0640 0108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:04:54.0640 0108 fvevol - ok
18:04:54.0671 0108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:04:54.0671 0108 gagp30kx - ok
18:04:54.0733 0108 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
18:04:54.0733 0108 GameConsoleService - ok
18:04:54.0796 0108 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:04:54.0811 0108 gpsvc - ok
18:04:55.0030 0108 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
18:04:55.0061 0108 Greg_Service - ok
18:04:55.0154 0108 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:04:55.0170 0108 gupdate - ok
18:04:55.0186 0108 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:04:55.0186 0108 gupdatem - ok
18:04:55.0201 0108 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:04:55.0201 0108 gusvc - ok
18:04:55.0279 0108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:04:55.0295 0108 hcw85cir - ok
18:04:55.0326 0108 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:04:55.0326 0108 HdAudAddService - ok
18:04:55.0357 0108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:04:55.0357 0108 HDAudBus - ok
18:04:55.0373 0108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:04:55.0373 0108 HidBatt - ok
18:04:55.0388 0108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:04:55.0404 0108 HidBth - ok
18:04:55.0420 0108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:04:55.0420 0108 HidIr - ok
18:04:55.0435 0108 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:04:55.0435 0108 hidserv - ok
18:04:55.0451 0108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:04:55.0451 0108 HidUsb - ok
18:04:55.0529 0108 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:04:55.0529 0108 hkmsvc - ok
18:04:55.0560 0108 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:04:55.0576 0108 HomeGroupListener - ok
18:04:55.0622 0108 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:04:55.0622 0108 HomeGroupProvider - ok
18:04:55.0654 0108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:04:55.0654 0108 HpSAMD - ok
18:04:55.0732 0108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:04:55.0747 0108 HTTP - ok
18:04:55.0763 0108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:04:55.0763 0108 hwpolicy - ok
18:04:55.0794 0108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:04:55.0810 0108 i8042prt - ok
18:04:55.0825 0108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:04:55.0841 0108 iaStorV - ok
18:04:55.0981 0108 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:04:55.0981 0108 idsvc - ok
18:04:56.0028 0108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:04:56.0028 0108 iirsp - ok
18:04:56.0090 0108 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:04:56.0106 0108 IKEEXT - ok
18:04:56.0184 0108 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
18:04:56.0200 0108 IntcAzAudAddService - ok
18:04:56.0293 0108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:04:56.0293 0108 intelide - ok
18:04:56.0324 0108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:04:56.0324 0108 intelppm - ok
18:04:56.0418 0108 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
18:04:56.0418 0108 IntuitUpdateService - ok
18:04:56.0512 0108 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:04:56.0512 0108 IntuitUpdateServiceV4 - ok
18:04:56.0543 0108 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:04:56.0543 0108 IPBusEnum - ok
18:04:56.0590 0108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:56.0590 0108 IpFilterDriver - ok
18:04:56.0636 0108 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:04:56.0652 0108 iphlpsvc - ok
18:04:56.0683 0108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:04:56.0683 0108 IPMIDRV - ok
18:04:56.0714 0108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:04:56.0730 0108 IPNAT - ok
18:04:56.0746 0108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:04:56.0746 0108 IRENUM - ok
18:04:56.0761 0108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:04:56.0761 0108 isapnp - ok
18:04:56.0777 0108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:04:56.0792 0108 iScsiPrt - ok
18:04:56.0808 0108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:04:56.0808 0108 kbdclass - ok
18:04:56.0824 0108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:04:56.0824 0108 kbdhid - ok
18:04:56.0855 0108 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:04:56.0855 0108 KeyIso - ok
18:04:56.0870 0108 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:04:56.0870 0108 KSecDD - ok
18:04:56.0886 0108 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:04:56.0886 0108 KSecPkg - ok
18:04:56.0902 0108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:04:56.0902 0108 ksthunk - ok
18:04:56.0933 0108 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:04:56.0933 0108 KtmRm - ok
18:04:56.0980 0108 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:04:56.0980 0108 LanmanServer - ok
18:04:56.0995 0108 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:04:57.0011 0108 LanmanWorkstation - ok
18:04:57.0026 0108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:04:57.0026 0108 lltdio - ok
18:04:57.0042 0108 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:04:57.0042 0108 lltdsvc - ok
18:04:57.0089 0108 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:04:57.0089 0108 lmhosts - ok
18:04:57.0104 0108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:04:57.0104 0108 LSI_FC - ok
18:04:57.0120 0108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:04:57.0120 0108 LSI_SAS - ok
18:04:57.0136 0108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:04:57.0136 0108 LSI_SAS2 - ok
18:04:57.0167 0108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:04:57.0167 0108 LSI_SCSI - ok
18:04:57.0198 0108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:04:57.0198 0108 luafv - ok
18:04:57.0214 0108 lxdk_device - ok
18:04:57.0276 0108 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
18:04:57.0276 0108 MBAMProtector - ok
18:04:57.0338 0108 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:04:57.0354 0108 MBAMService - ok
18:04:57.0385 0108 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:04:57.0385 0108 Mcx2Svc - ok
18:04:57.0401 0108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:04:57.0401 0108 megasas - ok
18:04:57.0432 0108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:04:57.0432 0108 MegaSR - ok
18:04:57.0479 0108 MHIKEY10 (ba7e071e855d4c502916164a31b05d4d) C:\Windows\system32\Drivers\MHIKEY10x64.sys
18:04:57.0479 0108 MHIKEY10 - ok
18:04:57.0494 0108 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:04:57.0510 0108 MMCSS - ok
18:04:57.0510 0108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:04:57.0510 0108 Modem - ok
18:04:57.0526 0108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:04:57.0526 0108 monitor - ok
18:04:57.0588 0108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:04:57.0588 0108 mouclass - ok
18:04:57.0619 0108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:04:57.0635 0108 mouhid - ok
18:04:57.0666 0108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:04:57.0666 0108 mountmgr - ok
18:04:57.0682 0108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:04:57.0682 0108 mpio - ok
18:04:57.0713 0108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:04:57.0713 0108 mpsdrv - ok
18:04:57.0791 0108 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:04:57.0806 0108 MpsSvc - ok
18:04:57.0994 0108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:04:57.0994 0108 MRxDAV - ok
18:04:58.0040 0108 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:58.0040 0108 mrxsmb - ok
18:04:58.0103 0108 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:58.0103 0108 mrxsmb10 - ok
18:04:58.0134 0108 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:58.0134 0108 mrxsmb20 - ok
18:04:58.0150 0108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:04:58.0150 0108 msahci - ok
18:04:58.0165 0108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:04:58.0181 0108 msdsm - ok
18:04:58.0196 0108 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:04:58.0212 0108 MSDTC - ok
18:04:58.0259 0108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:04:58.0259 0108 Msfs - ok
18:04:58.0290 0108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:04:58.0290 0108 mshidkmdf - ok
18:04:58.0321 0108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:04:58.0321 0108 msisadrv - ok
18:04:58.0352 0108 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:04:58.0352 0108 MSiSCSI - ok
18:04:58.0352 0108 msiserver - ok
18:04:58.0384 0108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:04:58.0384 0108 MSKSSRV - ok
18:04:58.0399 0108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:58.0399 0108 MSPCLOCK - ok
18:04:58.0399 0108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:04:58.0399 0108 MSPQM - ok
18:04:58.0430 0108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:04:58.0430 0108 MsRPC - ok
18:04:58.0446 0108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:04:58.0446 0108 mssmbios - ok
18:04:58.0462 0108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:04:58.0462 0108 MSTEE - ok
18:04:58.0462 0108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:04:58.0462 0108 MTConfig - ok
18:04:58.0508 0108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:04:58.0508 0108 Mup - ok
18:04:58.0555 0108 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:04:58.0555 0108 napagent - ok
18:04:58.0618 0108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:04:58.0618 0108 NativeWifiP - ok
18:04:58.0696 0108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:04:58.0711 0108 NDIS - ok
18:04:58.0742 0108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:04:58.0742 0108 NdisCap - ok
18:04:58.0758 0108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:58.0758 0108 NdisTapi - ok
18:04:58.0836 0108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:58.0836 0108 Ndisuio - ok
18:04:58.0883 0108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:58.0883 0108 NdisWan - ok
18:04:58.0914 0108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:04:58.0930 0108 NDProxy - ok
18:04:59.0257 0108 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:04:59.0288 0108 Nero BackItUp Scheduler 4.0 - ok
18:04:59.0320 0108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:04:59.0320 0108 NetBIOS - ok
18:04:59.0366 0108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:04:59.0366 0108 NetBT - ok
18:04:59.0398 0108 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:04:59.0398 0108 Netlogon - ok
18:04:59.0444 0108 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:04:59.0460 0108 Netman - ok
18:04:59.0476 0108 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:04:59.0491 0108 netprofm - ok
18:04:59.0538 0108 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:59.0538 0108 NetTcpPortSharing - ok
18:04:59.0554 0108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:04:59.0554 0108 nfrd960 - ok
18:04:59.0585 0108 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:04:59.0585 0108 NlaSvc - ok
18:04:59.0663 0108 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
18:04:59.0663 0108 nosGetPlusHelper - ok
18:04:59.0678 0108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:04:59.0678 0108 Npfs - ok
18:04:59.0694 0108 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:04:59.0694 0108 nsi - ok
18:04:59.0710 0108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:04:59.0710 0108 nsiproxy - ok
18:04:59.0912 0108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:04:59.0944 0108 Ntfs - ok
18:04:59.0990 0108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:05:00.0006 0108 Null - ok
18:05:00.0958 0108 nvlddmkm (d7a2cd1d76e6cc996a0852d566af2f73) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:05:01.0036 0108 nvlddmkm - ok
18:05:01.0504 0108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:05:01.0519 0108 nvraid - ok
18:05:01.0550 0108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:05:01.0566 0108 nvstor - ok
18:05:01.0660 0108 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
18:05:01.0660 0108 nvstor64 - ok
18:05:01.0909 0108 nvsvc (59dd481e0063f8f7ea8b9f149fcacf32) C:\Windows\system32\nvvsvc.exe
18:05:01.0925 0108 nvsvc - ok
18:05:01.0972 0108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:05:01.0972 0108 nv_agp - ok
18:05:02.0549 0108 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:05:02.0564 0108 odserv - ok
18:05:02.0642 0108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:05:02.0658 0108 ohci1394 - ok
18:05:02.0720 0108 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:05:02.0720 0108 ose - ok
18:05:03.0110 0108 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:05:03.0126 0108 p2pimsvc - ok
18:05:03.0734 0108 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:05:03.0750 0108 p2psvc - ok
18:05:04.0327 0108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:05:04.0327 0108 Parport - ok
18:05:04.0436 0108 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:05:04.0436 0108 partmgr - ok
18:05:04.0514 0108 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:05:04.0514 0108 PcaSvc - ok
18:05:04.0561 0108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:05:04.0561 0108 pci - ok
18:05:04.0655 0108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:05:04.0655 0108 pciide - ok
18:05:04.0686 0108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:05:04.0702 0108 pcmcia - ok
18:05:04.0733 0108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:05:04.0748 0108 pcw - ok
18:05:04.0764 0108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:05:04.0780 0108 PEAUTH - ok
18:05:04.0842 0108 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:05:04.0842 0108 PerfHost - ok
18:05:04.0936 0108 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:05:04.0951 0108 pla - ok
18:05:05.0014 0108 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:05:05.0029 0108 PlugPlay - ok
18:05:05.0045 0108 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:05:05.0045 0108 PNRPAutoReg - ok
18:05:05.0060 0108 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:05:05.0060 0108 PNRPsvc - ok
18:05:05.0107 0108 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:05:05.0123 0108 PolicyAgent - ok
18:05:05.0154 0108 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:05:05.0154 0108 Power - ok
18:05:05.0216 0108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:05:05.0232 0108 PptpMiniport - ok
18:05:05.0248 0108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:05:05.0248 0108 Processor - ok
18:05:05.0263 0108 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:05:05.0279 0108 ProfSvc - ok
18:05:05.0310 0108 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:05:05.0310 0108 ProtectedStorage - ok
18:05:05.0357 0108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:05:05.0357 0108 Psched - ok
18:05:06.0371 0108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:05:06.0464 0108 ql2300 - ok
18:05:07.0697 0108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:05:07.0697 0108 ql40xx - ok
18:05:07.0978 0108 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:05:07.0993 0108 QWAVE - ok
18:05:08.0056 0108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:05:08.0056 0108 QWAVEdrv - ok
18:05:08.0087 0108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:05:08.0087 0108 RasAcd - ok
18:05:08.0118 0108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:05:08.0134 0108 RasAgileVpn - ok
18:05:08.0149 0108 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:05:08.0149 0108 RasAuto - ok
18:05:08.0336 0108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:08.0336 0108 Rasl2tp - ok
18:05:08.0368 0108 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:05:08.0383 0108 RasMan - ok
18:05:08.0399 0108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:08.0399 0108 RasPppoe - ok
18:05:08.0414 0108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:05:08.0414 0108 RasSstp - ok
18:05:08.0446 0108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:05:08.0446 0108 rdbss - ok
18:05:08.0461 0108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:05:08.0477 0108 rdpbus - ok
18:05:08.0492 0108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:08.0492 0108 RDPCDD - ok
18:05:08.0508 0108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:05:08.0508 0108 RDPENCDD - ok
18:05:08.0524 0108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:05:08.0524 0108 RDPREFMP - ok
18:05:08.0555 0108 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:05:08.0570 0108 RDPWD - ok
18:05:08.0602 0108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:05:08.0602 0108 rdyboost - ok
18:05:08.0633 0108 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:05:08.0633 0108 RemoteAccess - ok
18:05:08.0664 0108 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:05:08.0664 0108 RemoteRegistry - ok
18:05:08.0680 0108 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:05:08.0680 0108 RpcEptMapper - ok
18:05:08.0680 0108 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:05:08.0680 0108 RpcLocator - ok
18:05:08.0758 0108 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:05:08.0758 0108 RpcSs - ok
18:05:08.0773 0108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:05:08.0773 0108 rspndr - ok
18:05:08.0804 0108 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:05:08.0804 0108 RTL8167 - ok
18:05:08.0836 0108 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:05:08.0836 0108 SamSs - ok
18:05:08.0992 0108 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:05:08.0992 0108 SASDIFSV - ok
18:05:09.0054 0108 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:05:09.0054 0108 SASKUTIL - ok
18:05:09.0163 0108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:05:09.0194 0108 sbp2port - ok
18:05:09.0319 0108 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:05:09.0335 0108 SCardSvr - ok
18:05:09.0382 0108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:05:09.0382 0108 scfilter - ok
18:05:09.0647 0108 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:05:09.0678 0108 Schedule - ok
18:05:09.0725 0108 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:05:09.0725 0108 SCPolicySvc - ok
18:05:09.0772 0108 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:05:09.0772 0108 SDRSVC - ok
18:05:10.0037 0108 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:05:10.0052 0108 SeaPort - ok
18:05:10.0224 0108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:05:10.0224 0108 secdrv - ok
18:05:10.0271 0108 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:05:10.0271 0108 seclogon - ok
18:05:10.0349 0108 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:05:10.0349 0108 SENS - ok
18:05:10.0411 0108 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:05:10.0411 0108 SensrSvc - ok
18:05:10.0442 0108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:05:10.0458 0108 Serenum - ok
18:05:10.0474 0108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:05:10.0474 0108 Serial - ok
18:05:10.0520 0108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:05:10.0520 0108 sermouse - ok
18:05:10.0614 0108 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:05:10.0614 0108 SessionEnv - ok
18:05:10.0676 0108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:05:10.0676 0108 sffdisk - ok
18:05:10.0692 0108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:05:10.0692 0108 sffp_mmc - ok
18:05:10.0708 0108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:05:10.0723 0108 sffp_sd - ok
18:05:10.0739 0108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:05:10.0739 0108 sfloppy - ok
18:05:10.0832 0108 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:05:10.0848 0108 SharedAccess - ok
18:05:10.0895 0108 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:05:10.0910 0108 ShellHWDetection - ok
18:05:10.0926 0108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:05:10.0926 0108 SiSRaid2 - ok
18:05:10.0957 0108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:05:10.0957 0108 SiSRaid4 - ok
18:05:10.0973 0108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:05:10.0973 0108 Smb - ok
18:05:11.0066 0108 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:05:11.0066 0108 SNMPTRAP - ok
18:05:11.0098 0108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:05:11.0098 0108 spldr - ok
18:05:11.0176 0108 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:05:11.0207 0108 Spooler - ok
18:05:11.0909 0108 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:05:11.0971 0108 sppsvc - ok
18:05:12.0158 0108 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:05:12.0158 0108 sppuinotify - ok
18:05:12.0252 0108 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:05:12.0268 0108 srv - ok
18:05:12.0330 0108 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:05:12.0346 0108 srv2 - ok
18:05:12.0408 0108 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:05:12.0408 0108 srvnet - ok
18:05:12.0439 0108 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:05:12.0439 0108 SSDPSRV - ok
18:05:12.0455 0108 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:05:12.0455 0108 SstpSvc - ok
18:05:12.0486 0108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:05:12.0502 0108 stexstor - ok
18:05:12.0548 0108 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:05:12.0548 0108 StillCam - ok
18:05:12.0673 0108 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:05:12.0689 0108 stisvc - ok
18:05:12.0736 0108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:05:12.0736 0108 swenum - ok
18:05:12.0782 0108 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:05:12.0782 0108 swprv - ok
18:05:12.0907 0108 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:05:12.0954 0108 SysMain - ok
18:05:13.0110 0108 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:05:13.0110 0108 TabletInputService - ok
18:05:13.0157 0108 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:05:13.0157 0108 TapiSrv - ok
18:05:13.0204 0108 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:05:13.0219 0108 TBS - ok
18:05:13.0469 0108 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:05:13.0500 0108 Tcpip - ok
18:05:13.0906 0108 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:05:13.0906 0108 TCPIP6 - ok
18:05:14.0140 0108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:05:14.0155 0108 tcpipreg - ok
18:05:14.0186 0108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:05:14.0186 0108 TDPIPE - ok
18:05:14.0264 0108 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:05:14.0264 0108 TDTCP - ok
18:05:14.0342 0108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:05:14.0358 0108 tdx - ok
18:05:14.0405 0108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:05:14.0405 0108 TermDD - ok
18:05:14.0467 0108 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:05:14.0483 0108 TermService - ok
18:05:14.0530 0108 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:05:14.0545 0108 Themes - ok
18:05:14.0561 0108 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:05:14.0561 0108 THREADORDER - ok
18:05:14.0592 0108 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:05:14.0592 0108 TrkWks - ok
18:05:14.0654 0108 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:05:14.0654 0108 TrustedInstaller - ok
18:05:14.0732 0108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:14.0732 0108 tssecsrv - ok
18:05:14.0779 0108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:05:14.0779 0108 TsUsbFlt - ok
18:05:14.0842 0108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:05:14.0842 0108 tunnel - ok
18:05:14.0888 0108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:05:14.0888 0108 uagp35 - ok
18:05:14.0935 0108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:05:14.0951 0108 udfs - ok
18:05:14.0998 0108 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:05:14.0998 0108 UI0Detect - ok
18:05:15.0060 0108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:05:15.0060 0108 uliagpkx - ok
18:05:15.0076 0108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:05:15.0076 0108 umbus - ok
18:05:15.0091 0108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:05:15.0091 0108 UmPass - ok
18:05:15.0169 0108 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
18:05:15.0185 0108 Updater Service - ok
18:05:15.0278 0108 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:05:15.0294 0108 upnphost - ok
18:05:15.0325 0108 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:15.0325 0108 usbccgp - ok
18:05:15.0356 0108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:05:15.0372 0108 usbcir - ok
18:05:15.0388 0108 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:05:15.0388 0108 usbehci - ok
18:05:15.0403 0108 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:05:15.0419 0108 usbhub - ok
18:05:15.0434 0108 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:05:15.0434 0108 usbohci - ok
18:05:15.0481 0108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:05:15.0481 0108 usbprint - ok
18:05:15.0544 0108 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:05:15.0544 0108 usbscan - ok
18:05:15.0590 0108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:15.0590 0108 USBSTOR - ok
18:05:15.0606 0108 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:05:15.0606 0108 usbuhci - ok
18:05:15.0668 0108 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:05:15.0668 0108 UxSms - ok
18:05:15.0731 0108 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:05:15.0746 0108 VaultSvc - ok
18:05:15.0793 0108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:05:15.0793 0108 vdrvroot - ok
18:05:15.0840 0108 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:05:15.0856 0108 vds - ok
18:05:15.0856 0108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:15.0871 0108 vga - ok
18:05:15.0902 0108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:05:15.0902 0108 VgaSave - ok
18:05:16.0012 0108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:05:16.0012 0108 vhdmp - ok
18:05:16.0027 0108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:05:16.0027 0108 viaide - ok
18:05:16.0090 0108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:05:16.0090 0108 volmgr - ok
18:05:16.0230 0108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:05:16.0246 0108 volmgrx - ok
18:05:16.0292 0108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:05:16.0292 0108 volsnap - ok
18:05:16.0324 0108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:05:16.0339 0108 vsmraid - ok
18:05:16.0433 0108 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:05:16.0480 0108 VSS - ok
18:05:16.0558 0108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:05:16.0573 0108 vwifibus - ok
18:05:16.0604 0108 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:05:16.0620 0108 W32Time - ok
18:05:16.0667 0108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:05:16.0667 0108 WacomPen - ok
18:05:16.0745 0108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:05:16.0745 0108 WANARP - ok
18:05:16.0760 0108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:05:16.0760 0108 Wanarpv6 - ok
18:05:16.0854 0108 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:05:16.0885 0108 WatAdminSvc - ok
18:05:16.0994 0108 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:05:17.0072 0108 wbengine - ok
18:05:17.0104 0108 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:05:17.0104 0108 WbioSrvc - ok
18:05:17.0135 0108 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:05:17.0135 0108 wcncsvc - ok
18:05:17.0150 0108 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:05:17.0166 0108 WcsPlugInService - ok
18:05:17.0228 0108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:05:17.0228 0108 Wd - ok
18:05:17.0868 0108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:05:17.0899 0108 Wdf01000 - ok
18:05:17.0977 0108 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:05:17.0993 0108 WdiServiceHost - ok
18:05:17.0993 0108 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:05:17.0993 0108 WdiSystemHost - ok
18:05:18.0617 0108 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:05:18.0632 0108 WebClient - ok
18:05:18.0710 0108 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:05:18.0726 0108 Wecsvc - ok
18:05:18.0804 0108 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:05:18.0804 0108 wercplsupport - ok
18:05:19.0116 0108 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:05:19.0116 0108 WerSvc - ok
18:05:19.0459 0108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:05:19.0459 0108 WfpLwf - ok
18:05:19.0490 0108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:05:19.0490 0108 WIMMount - ok
18:05:19.0537 0108 WinDefend - ok
18:05:19.0646 0108 WinDriver6 (4de7d61cf51f4c8261d119cfbdb70243) C:\Windows\system32\drivers\windrvr6.sys
18:05:19.0646 0108 WinDriver6 - ok
18:05:19.0662 0108 WinHttpAutoProxySvc - ok
18:05:19.0693 0108 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:05:19.0709 0108 Winmgmt - ok
18:05:19.0865 0108 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:05:19.0896 0108 WinRM - ok
18:05:19.0990 0108 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
18:05:19.0990 0108 WinUSB - ok
18:05:20.0036 0108 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:05:20.0052 0108 Wlansvc - ok
18:05:20.0161 0108 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:05:20.0161 0108 wlcrasvc - ok
18:05:20.0754 0108 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:05:20.0801 0108 wlidsvc - ok
18:05:20.0957 0108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:05:20.0957 0108 WmiAcpi - ok
18:05:21.0082 0108 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:05:21.0082 0108 wmiApSrv - ok
18:05:21.0113 0108 WMPNetworkSvc - ok
18:05:21.0347 0108 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
18:05:21.0347 0108 WMZuneComm - ok
18:05:21.0394 0108 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:05:21.0394 0108 WPCSvc - ok
18:05:21.0440 0108 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:05:21.0440 0108 WPDBusEnum - ok
18:05:21.0534 0108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:05:21.0534 0108 ws2ifsl - ok
18:05:21.0643 0108 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:05:21.0643 0108 wscsvc - ok
18:05:21.0706 0108 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:05:21.0721 0108 WSDPrintDevice - ok
18:05:21.0721 0108 WSearch - ok
18:05:22.0220 0108 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:05:22.0267 0108 wuauserv - ok
18:05:22.0501 0108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:05:22.0517 0108 WudfPf - ok
18:05:22.0532 0108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:22.0548 0108 WUDFRd - ok
18:05:22.0610 0108 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:05:22.0626 0108 wudfsvc - ok
18:05:22.0751 0108 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:05:22.0751 0108 WwanSvc - ok
18:05:24.0732 0108 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
18:05:24.0872 0108 ZuneNetworkSvc - ok
18:05:25.0138 0108 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
18:05:25.0153 0108 ZuneWlanCfgSvc - ok
18:05:25.0169 0108 MBR (0x1B8) (98c463cba70ed23d2549b17f914eb467) \Device\Harddisk0\DR0
18:05:25.0200 0108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:05:25.0200 0108 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:05:25.0200 0108 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk6\DR6
18:05:25.0652 0108 \Device\Harddisk6\DR6 - ok
18:05:25.0668 0108 Boot (0x1200) (dc41f0a1b6b9d19b03db70d4eff06dad) \Device\Harddisk0\DR0\Partition0
18:05:25.0746 0108 \Device\Harddisk0\DR0\Partition0 - ok
18:05:25.0746 0108 Boot (0x1200) (3b0e1aa48d0a5852c474f52538572c76) \Device\Harddisk0\DR0\Partition1
18:05:25.0746 0108 \Device\Harddisk0\DR0\Partition1 - ok
18:05:25.0762 0108 Boot (0x1200) (49c68cbb7c7ca8d74f5db2d0f07446e2) \Device\Harddisk6\DR6\Partition0
18:05:25.0762 0108 \Device\Harddisk6\DR6\Partition0 - ok
18:05:25.0762 0108 ============================================================
18:05:25.0762 0108 Scan finished
18:05:25.0762 0108 ============================================================
18:05:25.0793 1116 Detected object count: 1
18:05:25.0793 1116 Actual detected object count: 1
18:05:36.0463 1116 \Device\Harddisk0\DR0\# - copied to quarantine
18:05:36.0463 1116 \Device\Harddisk0\DR0 - copied to quarantine
18:05:36.0666 1116 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:05:36.0666 1116 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:05:36.0682 1116 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:05:36.0697 1116 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:05:36.0744 1116 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:05:36.0869 1116 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:05:36.0947 1116 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:05:37.0040 1116 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:05:37.0087 1116 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:05:37.0134 1116 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:05:37.0243 1116 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
18:05:37.0274 1116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:05:37.0290 1116 \Device\Harddisk0\DR0 - ok
18:05:37.0945 1116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:05:42.0516 2476 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-03 18:10:03
-----------------------------
18:10:03.056 OS Version: Windows x64 6.1.7601 Service Pack 1
18:10:03.056 Number of processors: 2 586 0x170A
18:10:03.056 ComputerName: OWNER-PC UserName: Owner
18:10:06.832 Initialize success
18:10:21.887 AVAST engine download error: 0
18:10:25.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
18:10:25.132 Disk 0 Vendor: ST375052 CC44 Size: 715404MB BusType: 3
18:10:25.163 Disk 0 MBR read successfully
18:10:25.163 Disk 0 MBR scan
18:10:25.179 Disk 0 unknown MBR code
18:10:25.194 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
18:10:25.210 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
18:10:25.226 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 700966 MB offset 29566976
18:10:25.241 Disk 0 scanning C:\Windows\system32\drivers
18:10:39.094 Service scanning
18:11:03.087 Modules scanning
18:11:03.087 Disk 0 trace - called modules:
18:11:03.118 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
18:11:03.118 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bf9060]
18:11:03.134 3 CLASSPNP.SYS[fffff88001b9443f] -> nt!IofCallDriver -> [0xfffffa8003c95710]
18:11:03.134 5 ACPI.sys[fffff88000f6b7a1] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8003c95060]
18:11:03.134 Scan finished successfully
18:11:27.345 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
18:11:27.360 The log file has been saved successfully to "J:\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users