Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious URL keeps poping up!


  • This topic is locked This topic is locked
18 replies to this topic

#1 thatsgr8

thatsgr8

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 07 June 2012 - 02:58 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jamil at 15:49:26 on 2012-06-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1603 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://emachines.msn.com
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Rim.DesktopHelper.exe] C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Google Update] "C:\Users\Jamil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll
BHO-X64: Swag Bucks - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jamil\AppData\Roaming\Mozilla\Firefox\Profiles\4fu8igb0.default\
FF - prefs.js: network.proxy.http - 213.197.182.78
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jamil\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jamil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jamil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-5-6 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-3-31 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-26 378984]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-18 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-18 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-07 19:24:59 20480 ----a-w- C:\Windows\svchost.exe
2012-06-07 19:17:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-07 19:17:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-06 23:46:16 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-06 23:46:16 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-06 22:43:47 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-06-06 22:43:46 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-06-06 22:43:45 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-06-06 20:02:39 -------- d-sh--w- C:\found.000
2012-06-06 19:48:42 -------- d-----w- C:\Users\Jamil\AppData\Roaming\Malwarebytes
2012-06-06 19:48:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-06 19:42:27 -------- d-----w- C:\Users\Jamil\AppData\Roaming\SpeedyPC Software
2012-06-06 19:42:27 -------- d-----w- C:\Users\Jamil\AppData\Roaming\DriverCure
2012-06-06 19:42:18 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-06-06 01:29:22 -------- d-----w- C:\New folder
2012-06-06 00:33:59 -------- d-----w- C:\Users\Jamil\AppData\Local\Apps
2012-06-06 00:33:58 -------- d-----w- C:\Users\Jamil\AppData\Local\Deployment
2012-06-03 19:34:39 -------- d-----w- C:\Users\Jamil\AppData\Local\Microsoft Games
2012-05-31 22:11:46 -------- d-----w- C:\Users\Jamil\jagexcache1
2012-05-11 22:55:25 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 22:55:24 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 22:55:23 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 22:55:06 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 22:55:05 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 22:55:04 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 22:55:04 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 22:54:54 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 22:54:51 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 22:54:51 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 22:54:51 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 22:54:50 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 22:54:50 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.
==================== Find3M ====================
.
2012-05-04 23:17:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 23:17:07 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 23:17:03 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
============= FINISH: 15:51:43.16 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 07 June 2012 - 11:43 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 thatsgr8

thatsgr8
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 08 June 2012 - 04:36 PM

Hi there, sorry for the late response, I was away, here is the info for:
security check

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

#4 thatsgr8

thatsgr8
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 08 June 2012 - 04:58 PM

combofix log:

ComboFix 12-06-08.02 - Jamil 06/08/2012 17:43:36.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1712 [GMT -4:00]
Running from: c:\users\Jamil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OX7ZOAA\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Jamil\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp63A0.tmp
c:\users\Jamil\Documents\~WRL1497.tmp
c:\users\Jamil\Documents\~WRL1621.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 21:48 . 2012-06-08 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-07 19:17 . 2012-06-07 19:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-07 19:17 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 23:46 . 2012-06-07 19:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-06 23:46 . 2012-06-07 19:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-06 22:43 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-06-06 22:43 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-06-06 22:43 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-06-06 20:02 . 2012-06-06 20:02 -------- d-----w- C:\found.000
2012-06-06 19:48 . 2012-06-06 19:48 -------- d-----w- c:\users\Jamil\AppData\Roaming\Malwarebytes
2012-06-06 19:48 . 2012-06-06 19:48 -------- d-----w- c:\programdata\Malwarebytes
2012-06-06 19:42 . 2012-06-06 19:42 -------- d-----w- c:\users\Jamil\AppData\Roaming\SpeedyPC Software
2012-06-06 19:42 . 2012-06-06 19:42 -------- d-----w- c:\users\Jamil\AppData\Roaming\DriverCure
2012-06-06 19:42 . 2012-06-06 19:44 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-06 01:29 . 2012-06-06 01:29 -------- d-----w- C:\New folder
2012-06-06 00:33 . 2012-06-06 00:33 -------- d-----w- c:\users\Jamil\AppData\Local\Apps
2012-06-06 00:33 . 2012-06-06 20:13 -------- d-----w- c:\users\Jamil\AppData\Local\Deployment
2012-06-03 19:34 . 2012-06-03 19:34 -------- d-----w- c:\users\Jamil\AppData\Local\Microsoft Games
2012-05-31 22:11 . 2012-05-31 22:11 -------- d-----w- c:\users\Jamil\jagexcache1
2012-05-11 22:55 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 22:55 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 22:55 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 22:55 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 22:55 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 22:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 22:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 22:54 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 22:54 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 22:54 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 22:54 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 22:54 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 22:54 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:17 . 2012-04-06 20:54 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 23:17 . 2011-08-06 16:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 23:17 . 2012-04-18 22:17 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Rim.DesktopHelper.exe"="c:\program files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe" [2011-06-07 744280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-27 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-27 378984]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:17]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 00:35]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 00:35]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841053538-3075487758-1358260949-1000Core.job
- c:\users\Jamil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 20:40]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841053538-3075487758-1358260949-1000UA.job
- c:\users\Jamil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://emachines.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Jamil\AppData\Roaming\Mozilla\Firefox\Profiles\4fu8igb0.default\
FF - prefs.js: network.proxy.http - 213.197.182.78
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-06-08 17:57:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 21:57
.
Pre-Run: 943,746,375,680 bytes free
Post-Run: 943,438,073,856 bytes free
.
- - End Of File - - 370ED859E4F96F9F4E2B696B8EA8F24B

#5 thatsgr8

thatsgr8
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 08 June 2012 - 05:02 PM

as for my computer, when trying to run combofix without AVAST, computer crashed, and had to restart, I ran it with avast running.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 08 June 2012 - 09:08 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thatsgr8

thatsgr8
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 09 June 2012 - 09:40 AM

After It cured the problem, and rebooted. the Malicious URL did not pop up!, will post aswMBR next post.


TDSSKiller


10:32:19.0376 2584 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:32:19.0639 2584 ============================================================
10:32:19.0639 2584 Current date / time: 2012/06/09 10:32:19.0639
10:32:19.0639 2584 SystemInfo:
10:32:19.0639 2584
10:32:19.0640 2584 OS Version: 6.1.7601 ServicePack: 1.0
10:32:19.0640 2584 Product type: Workstation
10:32:19.0640 2584 ComputerName: JAMIL-PC
10:32:19.0640 2584 UserName: Jamil
10:32:19.0640 2584 Windows directory: C:\Windows
10:32:19.0640 2584 System windows directory: C:\Windows
10:32:19.0640 2584 Running under WOW64
10:32:19.0640 2584 Processor architecture: Intel x64
10:32:19.0640 2584 Number of processors: 2
10:32:19.0640 2584 Page size: 0x1000
10:32:19.0640 2584 Boot type: Normal boot
10:32:19.0640 2584 ============================================================
10:32:21.0360 2584 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:32:21.0373 2584 ============================================================
10:32:21.0373 2584 \Device\Harddisk0\DR0:
10:32:21.0373 2584 MBR partitions:
10:32:21.0373 2584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000
10:32:21.0373 2584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x723ABDB0
10:32:21.0373 2584 ============================================================
10:32:21.0413 2584 C: <-> \Device\Harddisk0\DR0\Partition1
10:32:21.0413 2584 ============================================================
10:32:21.0413 2584 Initialize success
10:32:21.0413 2584 ============================================================
10:32:38.0573 4744 ============================================================
10:32:38.0573 4744 Scan started
10:32:38.0573 4744 Mode: Manual;
10:32:38.0573 4744 ============================================================
10:32:40.0517 4744 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:32:40.0544 4744 1394ohci - ok
10:32:40.0814 4744 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:32:40.0834 4744 ACPI - ok
10:32:40.0865 4744 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:32:40.0880 4744 AcpiPmi - ok
10:32:41.0216 4744 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:32:41.0220 4744 AdobeFlashPlayerUpdateSvc - ok
10:32:41.0305 4744 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:32:41.0335 4744 adp94xx - ok
10:32:41.0441 4744 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:32:41.0449 4744 adpahci - ok
10:32:41.0493 4744 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:32:41.0496 4744 adpu320 - ok
10:32:41.0534 4744 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:32:41.0536 4744 AeLookupSvc - ok
10:32:41.0620 4744 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:32:41.0628 4744 AFD - ok
10:32:41.0666 4744 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:32:41.0681 4744 agp440 - ok
10:32:41.0732 4744 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:32:41.0735 4744 ALG - ok
10:32:41.0810 4744 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:32:41.0812 4744 aliide - ok
10:32:41.0853 4744 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:32:41.0864 4744 amdide - ok
10:32:41.0930 4744 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:32:41.0933 4744 AmdK8 - ok
10:32:41.0983 4744 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:32:42.0002 4744 AmdPPM - ok
10:32:42.0054 4744 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:32:42.0057 4744 amdsata - ok
10:32:42.0141 4744 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:32:42.0147 4744 amdsbs - ok
10:32:42.0184 4744 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:32:42.0186 4744 amdxata - ok
10:32:42.0222 4744 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:32:42.0225 4744 AppID - ok
10:32:42.0254 4744 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:32:42.0257 4744 AppIDSvc - ok
10:32:42.0282 4744 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:32:42.0284 4744 Appinfo - ok
10:32:42.0380 4744 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:32:42.0384 4744 Apple Mobile Device - ok
10:32:42.0424 4744 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:32:42.0427 4744 arc - ok
10:32:42.0436 4744 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:32:42.0440 4744 arcsas - ok
10:32:42.0480 4744 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
10:32:42.0481 4744 aswFsBlk - ok
10:32:42.0505 4744 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
10:32:42.0506 4744 aswMonFlt - ok
10:32:42.0536 4744 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
10:32:42.0537 4744 aswRdr - ok
10:32:42.0599 4744 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
10:32:42.0605 4744 aswSnx - ok
10:32:42.0636 4744 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
10:32:42.0638 4744 aswSP - ok
10:32:42.0653 4744 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
10:32:42.0654 4744 aswTdi - ok
10:32:42.0659 4744 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:32:42.0660 4744 AsyncMac - ok
10:32:42.0682 4744 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:32:42.0682 4744 atapi - ok
10:32:42.0746 4744 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:32:42.0783 4744 AudioEndpointBuilder - ok
10:32:42.0798 4744 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:32:42.0809 4744 AudioSrv - ok
10:32:42.0876 4744 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:32:42.0878 4744 avast! Antivirus - ok
10:32:42.0909 4744 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:32:42.0912 4744 AxInstSV - ok
10:32:42.0957 4744 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:32:42.0967 4744 b06bdrv - ok
10:32:42.0986 4744 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:32:42.0990 4744 b57nd60a - ok
10:32:43.0048 4744 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:32:43.0052 4744 BBSvc - ok
10:32:43.0068 4744 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:32:43.0072 4744 BDESVC - ok
10:32:43.0103 4744 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:32:43.0104 4744 Beep - ok
10:32:43.0201 4744 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:32:43.0226 4744 BFE - ok
10:32:43.0313 4744 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:32:43.0336 4744 BITS - ok
10:32:43.0374 4744 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
10:32:43.0376 4744 blbdrive - ok
10:32:43.0464 4744 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:32:43.0482 4744 Bonjour Service - ok
10:32:43.0518 4744 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:32:43.0522 4744 bowser - ok
10:32:43.0547 4744 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:32:43.0549 4744 BrFiltLo - ok
10:32:43.0553 4744 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:32:43.0557 4744 BrFiltUp - ok
10:32:43.0599 4744 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:32:43.0602 4744 BridgeMP - ok
10:32:43.0614 4744 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:32:43.0617 4744 Browser - ok
10:32:43.0636 4744 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:32:43.0640 4744 Brserid - ok
10:32:43.0646 4744 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:32:43.0647 4744 BrSerWdm - ok
10:32:43.0651 4744 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:32:43.0652 4744 BrUsbMdm - ok
10:32:43.0657 4744 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:32:43.0658 4744 BrUsbSer - ok
10:32:43.0679 4744 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:32:43.0680 4744 BTHMODEM - ok
10:32:43.0706 4744 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:32:43.0708 4744 bthserv - ok
10:32:43.0717 4744 catchme - ok
10:32:43.0738 4744 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:32:43.0740 4744 cdfs - ok
10:32:43.0760 4744 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:32:43.0762 4744 cdrom - ok
10:32:43.0801 4744 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:32:43.0803 4744 CertPropSvc - ok
10:32:43.0824 4744 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:32:43.0825 4744 circlass - ok
10:32:43.0888 4744 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:32:43.0897 4744 CLFS - ok
10:32:43.0957 4744 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:32:43.0962 4744 clr_optimization_v2.0.50727_32 - ok
10:32:43.0983 4744 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:32:43.0989 4744 clr_optimization_v2.0.50727_64 - ok
10:32:44.0078 4744 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:32:44.0109 4744 clr_optimization_v4.0.30319_32 - ok
10:32:44.0157 4744 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:32:44.0162 4744 clr_optimization_v4.0.30319_64 - ok
10:32:44.0176 4744 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:32:44.0178 4744 CmBatt - ok
10:32:44.0188 4744 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:32:44.0192 4744 cmdide - ok
10:32:44.0233 4744 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:32:44.0247 4744 CNG - ok
10:32:44.0262 4744 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:32:44.0264 4744 Compbatt - ok
10:32:44.0282 4744 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:32:44.0283 4744 CompositeBus - ok
10:32:44.0287 4744 COMSysApp - ok
10:32:44.0294 4744 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:32:44.0296 4744 crcdisk - ok
10:32:44.0334 4744 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:32:44.0338 4744 CryptSvc - ok
10:32:44.0476 4744 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:32:44.0493 4744 cvhsvc - ok
10:32:44.0552 4744 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:32:44.0563 4744 DcomLaunch - ok
10:32:44.0612 4744 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:32:44.0617 4744 defragsvc - ok
10:32:44.0638 4744 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:32:44.0640 4744 DfsC - ok
10:32:44.0673 4744 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:32:44.0679 4744 Dhcp - ok
10:32:44.0685 4744 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:32:44.0693 4744 discache - ok
10:32:44.0708 4744 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:32:44.0709 4744 Disk - ok
10:32:44.0740 4744 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:32:44.0743 4744 Dnscache - ok
10:32:44.0767 4744 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:32:44.0771 4744 dot3svc - ok
10:32:44.0789 4744 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:32:44.0792 4744 DPS - ok
10:32:44.0825 4744 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:32:44.0826 4744 drmkaud - ok
10:32:44.0898 4744 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:32:44.0907 4744 DXGKrnl - ok
10:32:44.0933 4744 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:32:44.0936 4744 EapHost - ok
10:32:45.0107 4744 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:32:45.0164 4744 ebdrv - ok
10:32:45.0269 4744 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:32:45.0276 4744 EFS - ok
10:32:45.0363 4744 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:32:45.0390 4744 ehRecvr - ok
10:32:45.0416 4744 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:32:45.0420 4744 ehSched - ok
10:32:45.0488 4744 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:32:45.0511 4744 elxstor - ok
10:32:45.0530 4744 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:32:45.0531 4744 ErrDev - ok
10:32:45.0590 4744 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:32:45.0604 4744 EventSystem - ok
10:32:45.0637 4744 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:32:45.0640 4744 exfat - ok
10:32:45.0669 4744 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:32:45.0672 4744 fastfat - ok
10:32:45.0732 4744 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:32:45.0772 4744 Fax - ok
10:32:45.0777 4744 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:32:45.0779 4744 fdc - ok
10:32:45.0792 4744 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:32:45.0794 4744 fdPHost - ok
10:32:45.0799 4744 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:32:45.0801 4744 FDResPub - ok
10:32:45.0823 4744 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:32:45.0825 4744 FileInfo - ok
10:32:45.0836 4744 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:32:45.0838 4744 Filetrace - ok
10:32:45.0843 4744 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:32:45.0845 4744 flpydisk - ok
10:32:45.0874 4744 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:32:45.0878 4744 FltMgr - ok
10:32:45.0960 4744 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:32:45.0980 4744 FontCache - ok
10:32:46.0061 4744 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:32:46.0064 4744 FontCache3.0.0.0 - ok
10:32:46.0194 4744 ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
10:32:46.0207 4744 ForceWare Intelligent Application Manager (IAM) - ok
10:32:46.0283 4744 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:32:46.0285 4744 FsDepends - ok
10:32:46.0310 4744 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:32:46.0311 4744 Fs_Rec - ok
10:32:46.0329 4744 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:32:46.0333 4744 fvevol - ok
10:32:46.0354 4744 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:32:46.0356 4744 gagp30kx - ok
10:32:46.0436 4744 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:32:46.0442 4744 GamesAppService - ok
10:32:46.0500 4744 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:32:46.0502 4744 GEARAspiWDM - ok
10:32:46.0662 4744 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:32:46.0687 4744 gpsvc - ok
10:32:46.0750 4744 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
10:32:46.0751 4744 GREGService - ok
10:32:46.0835 4744 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:32:46.0839 4744 gupdate - ok
10:32:46.0870 4744 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:32:46.0872 4744 gupdatem - ok
10:32:46.0897 4744 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:32:46.0898 4744 hcw85cir - ok
10:32:46.0931 4744 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:32:46.0935 4744 HdAudAddService - ok
10:32:46.0969 4744 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:32:46.0971 4744 HDAudBus - ok
10:32:46.0976 4744 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:32:46.0978 4744 HidBatt - ok
10:32:46.0986 4744 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:32:46.0988 4744 HidBth - ok
10:32:46.0994 4744 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:32:46.0995 4744 HidIr - ok
10:32:47.0026 4744 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:32:47.0028 4744 hidserv - ok
10:32:47.0036 4744 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:32:47.0037 4744 HidUsb - ok
10:32:47.0058 4744 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:32:47.0061 4744 hkmsvc - ok
10:32:47.0088 4744 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:32:47.0092 4744 HomeGroupListener - ok
10:32:47.0130 4744 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:32:47.0134 4744 HomeGroupProvider - ok
10:32:47.0142 4744 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:32:47.0144 4744 HpSAMD - ok
10:32:47.0182 4744 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:32:47.0190 4744 HTTP - ok
10:32:47.0198 4744 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:32:47.0199 4744 hwpolicy - ok
10:32:47.0215 4744 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:32:47.0217 4744 i8042prt - ok
10:32:47.0265 4744 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:32:47.0279 4744 iaStorV - ok
10:32:47.0413 4744 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:32:47.0436 4744 idsvc - ok
10:32:47.0448 4744 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:32:47.0450 4744 iirsp - ok
10:32:47.0643 4744 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:32:47.0657 4744 IKEEXT - ok
10:32:47.0850 4744 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
10:32:47.0869 4744 IntcAzAudAddService - ok
10:32:47.0944 4744 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:32:47.0946 4744 intelide - ok
10:32:47.0958 4744 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
10:32:47.0961 4744 intelppm - ok
10:32:47.0984 4744 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:32:47.0987 4744 IPBusEnum - ok
10:32:47.0996 4744 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:32:47.0998 4744 IpFilterDriver - ok
10:32:48.0082 4744 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:32:48.0094 4744 iphlpsvc - ok
10:32:48.0103 4744 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:32:48.0106 4744 IPMIDRV - ok
10:32:48.0117 4744 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:32:48.0120 4744 IPNAT - ok
10:32:48.0249 4744 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
10:32:48.0268 4744 iPod Service - ok
10:32:48.0283 4744 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:32:48.0285 4744 IRENUM - ok
10:32:48.0297 4744 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:32:48.0299 4744 isapnp - ok
10:32:48.0331 4744 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:32:48.0335 4744 iScsiPrt - ok
10:32:48.0363 4744 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:32:48.0364 4744 kbdclass - ok
10:32:48.0369 4744 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:32:48.0371 4744 kbdhid - ok
10:32:48.0391 4744 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:32:48.0394 4744 KeyIso - ok
10:32:48.0407 4744 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:32:48.0408 4744 KSecDD - ok
10:32:48.0428 4744 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:32:48.0430 4744 KSecPkg - ok
10:32:48.0434 4744 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:32:48.0436 4744 ksthunk - ok
10:32:48.0479 4744 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:32:48.0485 4744 KtmRm - ok
10:32:48.0518 4744 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:32:48.0523 4744 LanmanServer - ok
10:32:48.0558 4744 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:32:48.0562 4744 LanmanWorkstation - ok
10:32:48.0644 4744 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
10:32:48.0647 4744 Live Updater Service - ok
10:32:48.0667 4744 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:32:48.0670 4744 lltdio - ok
10:32:48.0712 4744 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:32:48.0719 4744 lltdsvc - ok
10:32:48.0745 4744 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:32:48.0748 4744 lmhosts - ok
10:32:48.0771 4744 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:32:48.0773 4744 LSI_FC - ok
10:32:48.0786 4744 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:32:48.0788 4744 LSI_SAS - ok
10:32:48.0795 4744 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:32:48.0796 4744 LSI_SAS2 - ok
10:32:48.0815 4744 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:32:48.0817 4744 LSI_SCSI - ok
10:32:48.0826 4744 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:32:48.0828 4744 luafv - ok
10:32:48.0878 4744 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:32:48.0881 4744 Mcx2Svc - ok
10:32:48.0886 4744 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:32:48.0888 4744 megasas - ok
10:32:48.0906 4744 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:32:48.0910 4744 MegaSR - ok
10:32:48.0941 4744 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:32:48.0944 4744 MMCSS - ok
10:32:48.0958 4744 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:32:48.0961 4744 Modem - ok
10:32:48.0968 4744 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:32:48.0969 4744 monitor - ok
10:32:48.0975 4744 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:32:48.0976 4744 mouclass - ok
10:32:48.0996 4744 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
10:32:48.0997 4744 mouhid - ok
10:32:49.0016 4744 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:32:49.0018 4744 mountmgr - ok
10:32:49.0103 4744 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:32:49.0108 4744 MozillaMaintenance - ok
10:32:49.0142 4744 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:32:49.0147 4744 mpio - ok
10:32:49.0170 4744 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:32:49.0173 4744 mpsdrv - ok
10:32:49.0283 4744 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:32:49.0292 4744 MpsSvc - ok
10:32:49.0303 4744 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:32:49.0305 4744 MRxDAV - ok
10:32:49.0343 4744 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:32:49.0346 4744 mrxsmb - ok
10:32:49.0378 4744 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:32:49.0381 4744 mrxsmb10 - ok
10:32:49.0404 4744 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:32:49.0406 4744 mrxsmb20 - ok
10:32:49.0412 4744 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:32:49.0414 4744 msahci - ok
10:32:49.0424 4744 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:32:49.0426 4744 msdsm - ok
10:32:49.0452 4744 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:32:49.0456 4744 MSDTC - ok
10:32:49.0478 4744 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:32:49.0479 4744 Msfs - ok
10:32:49.0502 4744 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:32:49.0503 4744 mshidkmdf - ok
10:32:49.0513 4744 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:32:49.0513 4744 msisadrv - ok
10:32:49.0538 4744 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:32:49.0542 4744 MSiSCSI - ok
10:32:49.0545 4744 msiserver - ok
10:32:49.0562 4744 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:32:49.0564 4744 MSKSSRV - ok
10:32:49.0572 4744 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:32:49.0574 4744 MSPCLOCK - ok
10:32:49.0579 4744 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:32:49.0580 4744 MSPQM - ok
10:32:49.0603 4744 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:32:49.0607 4744 MsRPC - ok
10:32:49.0613 4744 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:32:49.0614 4744 mssmbios - ok
10:32:49.0627 4744 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:32:49.0628 4744 MSTEE - ok
10:32:49.0632 4744 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:32:49.0633 4744 MTConfig - ok
10:32:49.0640 4744 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:32:49.0641 4744 Mup - ok
10:32:49.0686 4744 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:32:49.0709 4744 napagent - ok
10:32:49.0758 4744 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:32:49.0776 4744 NativeWifiP - ok
10:32:49.0909 4744 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
10:32:49.0917 4744 NAUpdate - ok
10:32:49.0994 4744 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:32:50.0019 4744 NDIS - ok
10:32:50.0040 4744 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:32:50.0042 4744 NdisCap - ok
10:32:50.0069 4744 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:32:50.0070 4744 NdisTapi - ok
10:32:50.0084 4744 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:32:50.0087 4744 Ndisuio - ok
10:32:50.0102 4744 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:32:50.0105 4744 NdisWan - ok
10:32:50.0113 4744 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:32:50.0114 4744 NDProxy - ok
10:32:50.0119 4744 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:32:50.0121 4744 NetBIOS - ok
10:32:50.0139 4744 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:32:50.0142 4744 NetBT - ok
10:32:50.0169 4744 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:32:50.0171 4744 Netlogon - ok
10:32:50.0217 4744 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:32:50.0222 4744 Netman - ok
10:32:50.0248 4744 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:32:50.0254 4744 netprofm - ok
10:32:50.0336 4744 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:32:50.0340 4744 NetTcpPortSharing - ok
10:32:50.0352 4744 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:32:50.0355 4744 nfrd960 - ok
10:32:50.0392 4744 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:32:50.0398 4744 NlaSvc - ok
10:32:50.0403 4744 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:32:50.0405 4744 Npfs - ok
10:32:50.0411 4744 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:32:50.0414 4744 nsi - ok
10:32:50.0424 4744 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:32:50.0426 4744 nsiproxy - ok
10:32:50.0513 4744 nSvcIp (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
10:32:50.0518 4744 nSvcIp - ok
10:32:50.0659 4744 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:32:50.0679 4744 Ntfs - ok
10:32:50.0795 4744 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:32:50.0797 4744 Null - ok
10:32:50.0843 4744 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
10:32:50.0877 4744 NVENETFD - ok
10:32:51.0501 4744 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:32:51.0570 4744 nvlddmkm - ok
10:32:51.0667 4744 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
10:32:51.0669 4744 NVNET - ok
10:32:51.0720 4744 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:32:51.0723 4744 nvraid - ok
10:32:51.0740 4744 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:32:51.0743 4744 nvstor - ok
10:32:51.0785 4744 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\drivers\nvstor64.sys
10:32:51.0787 4744 nvstor64 - ok
10:32:51.0828 4744 nvsvc (703f996312202d84663f7c8584acaf55) C:\Windows\system32\nvvsvc.exe
10:32:51.0831 4744 nvsvc - ok
10:32:51.0857 4744 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:32:51.0859 4744 nv_agp - ok
10:32:51.0866 4744 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:32:51.0868 4744 ohci1394 - ok
10:32:51.0931 4744 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:32:51.0936 4744 ose - ok
10:32:52.0262 4744 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:32:52.0356 4744 osppsvc - ok
10:32:52.0457 4744 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:32:52.0463 4744 p2pimsvc - ok
10:32:52.0504 4744 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:32:52.0518 4744 p2psvc - ok
10:32:52.0550 4744 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:32:52.0552 4744 Parport - ok
10:32:52.0577 4744 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:32:52.0579 4744 partmgr - ok
10:32:52.0599 4744 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:32:52.0603 4744 PcaSvc - ok
10:32:52.0627 4744 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:32:52.0629 4744 pci - ok
10:32:52.0636 4744 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:32:52.0637 4744 pciide - ok
10:32:52.0659 4744 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:32:52.0662 4744 pcmcia - ok
10:32:52.0668 4744 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:32:52.0669 4744 pcw - ok
10:32:52.0709 4744 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:32:52.0716 4744 PEAUTH - ok
10:32:52.0799 4744 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:32:52.0806 4744 PerfHost - ok
10:32:52.0911 4744 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:32:52.0952 4744 pla - ok
10:32:53.0000 4744 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:32:53.0015 4744 PlugPlay - ok
10:32:53.0026 4744 PnkBstrA - ok
10:32:53.0051 4744 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:32:53.0055 4744 PNRPAutoReg - ok
10:32:53.0080 4744 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:32:53.0085 4744 PNRPsvc - ok
10:32:53.0140 4744 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:32:53.0150 4744 PolicyAgent - ok
10:32:53.0178 4744 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:32:53.0184 4744 Power - ok
10:32:53.0240 4744 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:32:53.0244 4744 PptpMiniport - ok
10:32:53.0267 4744 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:32:53.0270 4744 Processor - ok
10:32:53.0308 4744 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:32:53.0314 4744 ProfSvc - ok
10:32:53.0336 4744 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:32:53.0339 4744 ProtectedStorage - ok
10:32:53.0356 4744 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:32:53.0359 4744 Psched - ok
10:32:53.0465 4744 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:32:53.0495 4744 ql2300 - ok
10:32:53.0609 4744 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:32:53.0614 4744 ql40xx - ok
10:32:53.0644 4744 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:32:53.0663 4744 QWAVE - ok
10:32:53.0686 4744 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:32:53.0695 4744 QWAVEdrv - ok
10:32:53.0703 4744 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:32:53.0706 4744 RasAcd - ok
10:32:53.0762 4744 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:32:53.0765 4744 RasAgileVpn - ok
10:32:53.0792 4744 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:32:53.0802 4744 RasAuto - ok
10:32:53.0820 4744 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:32:53.0825 4744 Rasl2tp - ok
10:32:53.0861 4744 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:32:53.0877 4744 RasMan - ok
10:32:53.0887 4744 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:32:53.0890 4744 RasPppoe - ok
10:32:53.0904 4744 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:32:53.0906 4744 RasSstp - ok
10:32:53.0940 4744 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:32:53.0943 4744 rdbss - ok
10:32:53.0954 4744 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:32:53.0956 4744 rdpbus - ok
10:32:53.0968 4744 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:32:53.0969 4744 RDPCDD - ok
10:32:53.0991 4744 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:32:53.0992 4744 RDPENCDD - ok
10:32:54.0007 4744 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:32:54.0008 4744 RDPREFMP - ok
10:32:54.0038 4744 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:32:54.0041 4744 RDPWD - ok
10:32:54.0057 4744 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:32:54.0059 4744 rdyboost - ok
10:32:54.0092 4744 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:32:54.0095 4744 RemoteAccess - ok
10:32:54.0106 4744 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:32:54.0111 4744 RemoteRegistry - ok
10:32:54.0153 4744 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
10:32:54.0154 4744 RimUsb - ok
10:32:54.0200 4744 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
10:32:54.0203 4744 RimVSerPort - ok
10:32:54.0221 4744 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
10:32:54.0223 4744 ROOTMODEM - ok
10:32:54.0250 4744 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:32:54.0255 4744 RpcEptMapper - ok
10:32:54.0279 4744 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:32:54.0282 4744 RpcLocator - ok
10:32:54.0330 4744 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
10:32:54.0338 4744 RpcSs - ok
10:32:54.0349 4744 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:32:54.0351 4744 rspndr - ok
10:32:54.0380 4744 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:32:54.0384 4744 SamSs - ok
10:32:54.0403 4744 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:32:54.0405 4744 sbp2port - ok
10:32:54.0422 4744 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:32:54.0427 4744 SCardSvr - ok
10:32:54.0445 4744 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:32:54.0447 4744 scfilter - ok
10:32:54.0519 4744 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:32:54.0541 4744 Schedule - ok
10:32:54.0569 4744 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:32:54.0570 4744 SCPolicySvc - ok
10:32:54.0583 4744 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:32:54.0588 4744 SDRSVC - ok
10:32:54.0652 4744 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:32:54.0654 4744 SeaPort - ok
10:32:54.0683 4744 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:32:54.0684 4744 secdrv - ok
10:32:54.0699 4744 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:32:54.0702 4744 seclogon - ok
10:32:54.0718 4744 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:32:54.0722 4744 SENS - ok
10:32:54.0734 4744 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:32:54.0737 4744 SensrSvc - ok
10:32:54.0742 4744 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:32:54.0744 4744 Serenum - ok
10:32:54.0785 4744 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:32:54.0788 4744 Serial - ok
10:32:54.0800 4744 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:32:54.0803 4744 sermouse - ok
10:32:54.0833 4744 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:32:54.0838 4744 SessionEnv - ok
10:32:54.0854 4744 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:32:54.0856 4744 sffdisk - ok
10:32:54.0860 4744 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:32:54.0862 4744 sffp_mmc - ok
10:32:54.0868 4744 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:32:54.0869 4744 sffp_sd - ok
10:32:54.0874 4744 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:32:54.0876 4744 sfloppy - ok
10:32:54.0986 4744 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:32:54.0998 4744 Sftfs - ok
10:32:55.0091 4744 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:32:55.0101 4744 sftlist - ok
10:32:55.0132 4744 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:32:55.0135 4744 Sftplay - ok
10:32:55.0158 4744 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:32:55.0159 4744 Sftredir - ok
10:32:55.0166 4744 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:32:55.0167 4744 Sftvol - ok
10:32:55.0193 4744 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:32:55.0196 4744 sftvsa - ok
10:32:55.0241 4744 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:32:55.0258 4744 SharedAccess - ok
10:32:55.0294 4744 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:32:55.0311 4744 ShellHWDetection - ok
10:32:55.0325 4744 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:32:55.0327 4744 SiSRaid2 - ok
10:32:55.0345 4744 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:32:55.0347 4744 SiSRaid4 - ok
10:32:55.0372 4744 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:32:55.0375 4744 Smb - ok
10:32:55.0408 4744 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:32:55.0411 4744 SNMPTRAP - ok
10:32:55.0423 4744 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:32:55.0423 4744 spldr - ok
10:32:55.0467 4744 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:32:55.0488 4744 Spooler - ok
10:32:55.0684 4744 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:32:55.0779 4744 sppsvc - ok
10:32:55.0883 4744 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:32:55.0893 4744 sppuinotify - ok
10:32:55.0973 4744 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:32:55.0980 4744 srv - ok
10:32:56.0016 4744 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:32:56.0029 4744 srv2 - ok
10:32:56.0057 4744 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:32:56.0061 4744 srvnet - ok
10:32:56.0098 4744 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:32:56.0105 4744 SSDPSRV - ok
10:32:56.0118 4744 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:32:56.0124 4744 SstpSvc - ok
10:32:56.0208 4744 Stereo Service (a52dda7f28ff685ad63d77fe0549707e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:32:56.0215 4744 Stereo Service - ok
10:32:56.0242 4744 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:32:56.0245 4744 stexstor - ok
10:32:56.0328 4744 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:32:56.0360 4744 stisvc - ok
10:32:56.0375 4744 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:32:56.0377 4744 swenum - ok
10:32:56.0419 4744 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:32:56.0438 4744 swprv - ok
10:32:56.0549 4744 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:32:56.0575 4744 SysMain - ok
10:32:56.0672 4744 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:32:56.0683 4744 TabletInputService - ok
10:32:56.0723 4744 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:32:56.0740 4744 TapiSrv - ok
10:32:56.0779 4744 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:32:56.0785 4744 TBS - ok
10:32:56.0999 4744 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:32:57.0022 4744 Tcpip - ok
10:32:57.0183 4744 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:32:57.0193 4744 TCPIP6 - ok
10:32:57.0257 4744 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:32:57.0259 4744 tcpipreg - ok
10:32:57.0276 4744 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:32:57.0277 4744 TDPIPE - ok
10:32:57.0294 4744 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:32:57.0295 4744 TDTCP - ok
10:32:57.0320 4744 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:32:57.0322 4744 tdx - ok
10:32:57.0328 4744 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:32:57.0329 4744 TermDD - ok
10:32:57.0377 4744 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:32:57.0390 4744 TermService - ok
10:32:57.0396 4744 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:32:57.0400 4744 Themes - ok
10:32:57.0419 4744 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:32:57.0421 4744 THREADORDER - ok
10:32:57.0436 4744 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:32:57.0440 4744 TrkWks - ok
10:32:57.0481 4744 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:32:57.0484 4744 TrustedInstaller - ok
10:32:57.0501 4744 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:32:57.0502 4744 tssecsrv - ok
10:32:57.0534 4744 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:32:57.0536 4744 TsUsbFlt - ok
10:32:57.0549 4744 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:32:57.0551 4744 TsUsbGD - ok
10:32:57.0581 4744 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:32:57.0583 4744 tunnel - ok
10:32:57.0590 4744 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:32:57.0592 4744 uagp35 - ok
10:32:57.0617 4744 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:32:57.0621 4744 udfs - ok
10:32:57.0631 4744 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:32:57.0635 4744 UI0Detect - ok
10:32:57.0661 4744 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:32:57.0664 4744 uliagpkx - ok
10:32:57.0674 4744 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:32:57.0675 4744 umbus - ok
10:32:57.0679 4744 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:32:57.0680 4744 UmPass - ok
10:32:57.0719 4744 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:32:57.0736 4744 upnphost - ok
10:32:57.0772 4744 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:32:57.0776 4744 USBAAPL64 - ok
10:32:57.0810 4744 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:32:57.0812 4744 usbccgp - ok
10:32:57.0827 4744 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:32:57.0830 4744 usbcir - ok
10:32:57.0860 4744 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:32:57.0862 4744 usbehci - ok
10:32:57.0905 4744 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:32:57.0919 4744 usbhub - ok
10:32:57.0960 4744 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:32:57.0962 4744 usbohci - ok
10:32:58.0004 4744 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:32:58.0007 4744 usbprint - ok
10:32:58.0036 4744 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:32:58.0039 4744 usbscan - ok
10:32:58.0061 4744 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:32:58.0063 4744 USBSTOR - ok
10:32:58.0081 4744 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:32:58.0083 4744 usbuhci - ok
10:32:58.0096 4744 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:32:58.0101 4744 UxSms - ok
10:32:58.0125 4744 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:32:58.0128 4744 VaultSvc - ok
10:32:58.0148 4744 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:32:58.0149 4744 vdrvroot - ok
10:32:58.0192 4744 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:32:58.0210 4744 vds - ok
10:32:58.0226 4744 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:32:58.0228 4744 vga - ok
10:32:58.0236 4744 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:32:58.0238 4744 VgaSave - ok
10:32:58.0256 4744 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:32:58.0260 4744 vhdmp - ok
10:32:58.0266 4744 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:32:58.0268 4744 viaide - ok
10:32:58.0275 4744 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:32:58.0276 4744 volmgr - ok
10:32:58.0298 4744 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:32:58.0302 4744 volmgrx - ok
10:32:58.0319 4744 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:32:58.0323 4744 volsnap - ok
10:32:58.0347 4744 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:32:58.0349 4744 vsmraid - ok
10:32:58.0448 4744 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:32:58.0468 4744 VSS - ok
10:32:58.0569 4744 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:32:58.0573 4744 vwifibus - ok
10:32:58.0612 4744 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:32:58.0625 4744 W32Time - ok
10:32:58.0636 4744 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:32:58.0638 4744 WacomPen - ok
10:32:58.0659 4744 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:32:58.0661 4744 WANARP - ok
10:32:58.0665 4744 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:32:58.0666 4744 Wanarpv6 - ok
10:32:58.0820 4744 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:32:58.0856 4744 WatAdminSvc - ok
10:32:58.0958 4744 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:32:58.0982 4744 wbengine - ok
10:32:59.0057 4744 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:32:59.0062 4744 WbioSrvc - ok
10:32:59.0090 4744 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:32:59.0107 4744 wcncsvc - ok
10:32:59.0114 4744 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:32:59.0118 4744 WcsPlugInService - ok
10:32:59.0135 4744 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:32:59.0136 4744 Wd - ok
10:32:59.0180 4744 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:32:59.0199 4744 Wdf01000 - ok
10:32:59.0216 4744 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:32:59.0220 4744 WdiServiceHost - ok
10:32:59.0223 4744 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:32:59.0227 4744 WdiSystemHost - ok
10:32:59.0256 4744 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:32:59.0262 4744 WebClient - ok
10:32:59.0288 4744 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:32:59.0294 4744 Wecsvc - ok
10:32:59.0314 4744 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:32:59.0318 4744 wercplsupport - ok
10:32:59.0355 4744 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:32:59.0359 4744 WerSvc - ok
10:32:59.0398 4744 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:32:59.0400 4744 WfpLwf - ok
10:32:59.0405 4744 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:32:59.0406 4744 WIMMount - ok
10:32:59.0467 4744 WinDefend - ok
10:32:59.0482 4744 WinHttpAutoProxySvc - ok
10:32:59.0560 4744 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:32:59.0579 4744 Winmgmt - ok
10:32:59.0725 4744 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:32:59.0756 4744 WinRM - ok
10:32:59.0876 4744 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:32:59.0879 4744 WinUsb - ok
10:32:59.0964 4744 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:32:59.0983 4744 Wlansvc - ok
10:33:00.0048 4744 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:33:00.0052 4744 wlcrasvc - ok
10:33:00.0235 4744 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:33:00.0257 4744 wlidsvc - ok
10:33:00.0334 4744 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:33:00.0336 4744 WmiAcpi - ok
10:33:00.0418 4744 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:33:00.0424 4744 wmiApSrv - ok
10:33:00.0456 4744 WMPNetworkSvc - ok
10:33:00.0502 4744 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:33:00.0508 4744 WPCSvc - ok
10:33:00.0531 4744 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:33:00.0538 4744 WPDBusEnum - ok
10:33:00.0554 4744 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:33:00.0556 4744 ws2ifsl - ok
10:33:00.0589 4744 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:33:00.0595 4744 wscsvc - ok
10:33:00.0600 4744 WSearch - ok
10:33:00.0751 4744 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:33:00.0816 4744 wuauserv - ok
10:33:00.0917 4744 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:33:00.0922 4744 WudfPf - ok
10:33:00.0953 4744 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:33:00.0959 4744 WUDFRd - ok
10:33:00.0973 4744 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:33:00.0989 4744 wudfsvc - ok
10:33:01.0030 4744 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:33:01.0045 4744 WwanSvc - ok
10:33:01.0077 4744 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
10:33:01.0097 4744 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:33:01.0097 4744 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:33:01.0125 4744 Boot (0x1200) (4831db8892bb992461affe3a7b8ae636) \Device\Harddisk0\DR0\Partition0
10:33:01.0126 4744 \Device\Harddisk0\DR0\Partition0 - ok
10:33:01.0141 4744 Boot (0x1200) (41c06862c6f136d3a8e5e5c3fc3cbb01) \Device\Harddisk0\DR0\Partition1
10:33:01.0143 4744 \Device\Harddisk0\DR0\Partition1 - ok
10:33:01.0143 4744 ============================================================
10:33:01.0143 4744 Scan finished
10:33:01.0143 4744 ============================================================
10:33:01.0161 1880 Detected object count: 1
10:33:01.0161 1880 Actual detected object count: 1
10:33:17.0244 1880 \Device\Harddisk0\DR0\# - copied to quarantine
10:33:17.0245 1880 \Device\Harddisk0\DR0 - copied to quarantine
10:33:17.0332 1880 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:33:21.0641 1880 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:33:21.0660 1880 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:33:21.0688 1880 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:33:21.0707 1880 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:33:21.0720 1880 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:33:21.0722 1880 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:33:21.0724 1880 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:33:21.0745 1880 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:33:21.0770 1880 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:33:21.0771 1880 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:33:21.0772 1880 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:33:21.0798 1880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:33:21.0798 1880 \Device\Harddisk0\DR0 - ok
10:33:22.0210 1880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:33:45.0502 1384 Deinitialize success

#8 thatsgr8

thatsgr8
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 09 June 2012 - 09:51 AM

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-09 10:41:17
-----------------------------
10:41:17.713 OS Version: Windows x64 6.1.7601 Service Pack 1
10:41:17.714 Number of processors: 2 586 0x603
10:41:17.715 ComputerName: JAMIL-PC UserName: Jamil
10:41:19.517 Initialize success
10:41:19.715 AVAST engine defs: 12060900
10:41:22.056 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
10:41:22.061 Disk 0 Vendor: WDC_WD10 77.0 Size: 953869MB BusType: 3
10:41:22.074 Disk 0 MBR read successfully
10:41:22.079 Disk 0 MBR scan
10:41:22.087 Disk 0 unknown MBR code
10:41:22.095 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18000 MB offset 2048
10:41:22.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 36866048
10:41:22.117 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 935767 MB offset 37070848
10:41:22.141 Disk 0 scanning C:\Windows\system32\drivers
10:41:29.670 Service scanning
10:41:42.243 Modules scanning
10:41:42.254 Disk 0 trace - called modules:
10:41:42.273 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
10:41:42.354 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032c04d0]
10:41:42.359 3 CLASSPNP.SYS[fffff8800195743f] -> nt!IofCallDriver -> [0xfffffa8002cac3e0]
10:41:42.366 5 ACPI.sys[fffff88000ee97a1] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa8002cac820]
10:41:44.107 AVAST engine scan C:\Windows
10:41:47.596 AVAST engine scan C:\Windows\system32
10:44:04.877 AVAST engine scan C:\Windows\system32\drivers
10:44:11.378 AVAST engine scan C:\Users\Jamil
10:46:54.583 AVAST engine scan C:\ProgramData
10:47:43.676 Scan finished successfully
10:49:55.635 Disk 0 MBR has been saved successfully to "C:\Users\Jamil\Desktop\MBR.dat"
10:49:55.643 The log file has been saved successfully to "C:\Users\Jamil\Desktop\aswMBR.txt"
10:50:49.073 Disk 0 MBR has been saved successfully to "C:\Users\Jamil\Desktop\MBR.dat"
10:50:49.077 The log file has been saved successfully to "C:\Users\Jamil\Desktop\aswMBR.txt"








Thanks for the help! I am really happy that you are able to help.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 09 June 2012 - 01:55 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Swag_Bucks

Firefox::
FF - ProfilePath - c:\users\Jamil\AppData\Roaming\Mozilla\Firefox\Profiles\4fu8igb0.default\
FF - prefs.js: network.proxy.http - 213.197.182.78
FF - prefs.js: network.proxy.http_port - 3128

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 thatsgr8

thatsgr8
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 09 June 2012 - 02:36 PM

After combofix rebooted my computer, it started again saying "creating Log" I let it sit there for 20 minutes, and nothing happened, Computer is running faster, and much smoother than before, thanks.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 09 June 2012 - 03:04 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 thatsgr8

thatsgr8
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 09 June 2012 - 03:08 PM

Will do, as soon as I come back from running some errands.

#13 thatsgr8

thatsgr8
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 09 June 2012 - 04:05 PM

here is the latest combofix report:


ComboFix 12-06-09.02 - Jamil 06/09/2012 16:56:18.3.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1701 [GMT -4:00]
Running from: c:\users\Jamil\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\Swag_Bucks\GottenAppsContextMenu.xml
c:\program files (x86)\Swag_Bucks\ldrtbSwa0.dll
c:\program files (x86)\Swag_Bucks\ldrtbSwa2.dll
c:\program files (x86)\Swag_Bucks\ldrtbSwag.dll
c:\program files (x86)\Swag_Bucks\OtherAppsContextMenu.xml
c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll
c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll
c:\program files (x86)\Swag_Bucks\prxtbSwag.dll
c:\program files (x86)\Swag_Bucks\SharedAppsContextMenu.xml
c:\program files (x86)\Swag_Bucks\Swag_BucksToolbarHelper.exe
c:\program files (x86)\Swag_Bucks\Swag_BucksToolbarHelper1.exe
c:\program files (x86)\Swag_Bucks\tbSwa0.dll
c:\program files (x86)\Swag_Bucks\tbSwa2.dll
c:\program files (x86)\Swag_Bucks\tbSwag.dll
c:\program files (x86)\Swag_Bucks\toolbar.cfg
c:\program files (x86)\Swag_Bucks\ToolbarContextMenu.xml
c:\program files (x86)\Swag_Bucks\uninstall.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 20:59 . 2012-06-09 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-09 18:09 . 2012-05-15 05:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E898BE8-DDFF-41E5-B8AC-BC9654AE3761}\mpengine.dll
2012-06-09 15:54 . 2012-06-09 15:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-09 15:53 . 2012-06-09 15:53 -------- d-----w- c:\program files (x86)\Oracle
2012-06-09 15:52 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-09 14:33 . 2012-06-09 14:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-06 23:46 . 2012-06-07 19:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-06 23:46 . 2012-06-07 19:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-06 22:43 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-06-06 22:43 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-06-06 22:43 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-06-06 20:02 . 2012-06-06 20:02 -------- d-----w- C:\found.000
2012-06-06 19:48 . 2012-06-06 19:48 -------- d-----w- c:\users\Jamil\AppData\Roaming\Malwarebytes
2012-06-06 19:48 . 2012-06-06 19:48 -------- d-----w- c:\programdata\Malwarebytes
2012-06-06 19:42 . 2012-06-06 19:42 -------- d-----w- c:\users\Jamil\AppData\Roaming\SpeedyPC Software
2012-06-06 19:42 . 2012-06-06 19:42 -------- d-----w- c:\users\Jamil\AppData\Roaming\DriverCure
2012-06-06 19:42 . 2012-06-06 19:44 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-06 01:29 . 2012-06-06 01:29 -------- d-----w- C:\New folder
2012-06-06 00:33 . 2012-06-06 00:33 -------- d-----w- c:\users\Jamil\AppData\Local\Apps
2012-06-06 00:33 . 2012-06-06 20:13 -------- d-----w- c:\users\Jamil\AppData\Local\Deployment
2012-06-03 19:34 . 2012-06-03 19:34 -------- d-----w- c:\users\Jamil\AppData\Local\Microsoft Games
2012-05-31 22:11 . 2012-05-31 22:11 -------- d-----w- c:\users\Jamil\jagexcache1
2012-05-11 22:55 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 22:55 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 22:55 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 22:55 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 22:55 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 22:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 22:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 22:54 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 22:54 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 22:54 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 22:54 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 22:54 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 22:54 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:17 . 2012-04-06 20:54 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 23:17 . 2011-08-06 16:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 23:17 . 2012-04-18 22:17 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 22:47 . 2011-08-06 18:44 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-08_21.51.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-08 21:51 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-09 21:00 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-21 03:09 . 2012-06-09 14:36 70658 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-09 19:23 40110 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-06 16:10 . 2012-06-09 19:23 13692 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-841053538-3075487758-1358260949-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-06-09 14:56 95984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-09 21:00 . 2012-06-09 21:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-08 21:50 . 2012-06-08 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-08 21:50 . 2012-06-08 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-09 21:00 . 2012-06-09 21:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-09 15:52 . 2012-04-04 22:47 227720 c:\windows\SysWOW64\javaws.exe
+ 2011-11-29 00:24 . 2012-06-09 15:52 174024 c:\windows\SysWOW64\javaw.exe
+ 2011-11-29 00:24 . 2012-06-09 15:52 174024 c:\windows\SysWOW64\java.exe
+ 2012-06-06 00:33 . 2012-06-09 14:30 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-06-06 00:33 . 2012-06-08 21:51 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-06-09 21:00 589824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-08 21:51 589824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2012-06-09 19:26 624606 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-08 21:36 624606 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-08 21:36 106724 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-09 19:26 106724 c:\windows\system32\perfc009.dat
+ 2010-11-21 03:27 . 2012-02-23 14:18 279656 c:\windows\system32\MpSigStub.exe
+ 2009-07-14 05:01 . 2012-06-09 20:51 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-08 21:49 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-06 00:40 . 2012-06-09 14:33 350220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-06-06 00:40 . 2012-06-07 22:02 350220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-06-09 15:54 . 2012-06-09 15:54 179200 c:\windows\Installer\47352f.msi
+ 2012-06-09 15:52 . 2012-06-09 15:52 461312 c:\windows\Installer\47351f.msi
+ 2009-07-14 04:54 . 2012-06-09 21:00 2179072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-08 21:51 2179072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-16 21:08 . 2012-06-09 20:51 24673476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-841053538-3075487758-1358260949-1000-12288.dat
- 2011-10-16 21:08 . 2012-06-08 21:49 24673476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-841053538-3075487758-1358260949-1000-12288.dat
+ 2012-06-09 15:51 . 2012-06-09 15:51 17379840 c:\windows\Installer\47351b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Rim.DesktopHelper.exe"="c:\program files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe" [2011-06-07 744280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-27 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-27 378984]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:17]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 00:35]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 00:35]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841053538-3075487758-1358260949-1000Core.job
- c:\users\Jamil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 20:40]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841053538-3075487758-1358260949-1000UA.job
- c:\users\Jamil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://emachines.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Jamil\AppData\Roaming\Mozilla\Firefox\Profiles\4fu8igb0.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll
BHO-{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll
Toolbar-Locked - (no file)
Toolbar-{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
AddRemove-Swag_Bucks Toolbar - c:\program files (x86)\Swag_Bucks\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-06-09 17:04:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-09 21:04
ComboFix2.txt 2012-06-08 21:57
.
Pre-Run: 941,662,797,824 bytes free
Post-Run: 941,324,230,656 bytes free
.
- - End Of File - - 4BA4A7F8A2D88EA3C13FC71B7596397C

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 09 June 2012 - 05:53 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 thatsgr8

thatsgr8
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 10 June 2012 - 07:17 AM

Acrobat.com
Adobe AIR
Adobe Reader 9.5.1 MUI
Agatha Christie - 4:50 from Paddington
Apple Application Support
Apple Software Update
Audacity 1.3.13 (Unicode)
avast! Free Antivirus
Battlelog Web Plugins
Bejeweled 2 Deluxe
Bing Bar
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
Build-a-lot 2
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.0
Canon MP280 series User Registration
Canon My Printer
Canon Solution Menu EX
Chuzzle Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
ESN Sonar
Final Drive: Nitro
Galerie de photos Windows Live
Google Chrome
Google Talk Plugin
Google Update Helper
Hotkey Utility
Identity Card
Java Auto Updater
Java™ 6 Update 29
Java™ 7 Update 4
JavaFX 2.1.0
Jewel Quest Heritage
Junk Mail filter update
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
NVIDIA ForceWare Network Access Manager
NVIDIA Stereoscopic 3D Driver
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users