Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32\ZAccess.ew


  • This topic is locked This topic is locked
12 replies to this topic

#1 Ridous

Ridous

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 31 August 2012 - 01:36 PM

I got this after visiting one of my regularly watched websites. I need this cleaned up fast, though I don't mind if it takes more than 2 days >.<
My TD has Q'd it 15 times in the last hour.
So far the only problems are that I can't use safe mode and an exe file keeps spamming itself
onto my desktop(13234594.exe) It showed up right after I got the notification about ZAccess.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by eMachines at 14:19:29 on 2012-08-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.542 [GMT -4:00]
.
AV: Total Defense Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\eMachines\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Users\eMachines\AppData\Local\Akamai\netsession_win.exe
C:\Users\eMachines\AppData\Local\{42A3DDE7-0E2C-0875-FF75-8F66DF289F8B}\syshost.exe
C:\Users\eMachines\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\cawsc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=er1401&r=17360511f307p0498v135r4721s20n
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=er1401&r=17360511f307p0498v135r4721s20n
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=er1401&r=17360511f307p0498v135r4721s20n
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=er1401&r=17360511f307p0498v135r4721s20n
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Bcool Class: {7fb6f8da-0d19-382f-05d2-3f04e93ae187} - C:\ProgramData\Bcool\bhoclass.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SansaDispatch] C:\Users\eMachines\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [Akamai NetSession Interface] "C:\Users\eMachines\AppData\Local\Akamai\netsession_win.exe"
uRun: [syshost32] C:\Users\eMachines\AppData\Local\{42A3DDE7-0E2C-0875-FF75-8F66DF289F8B}\syshost.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F951C84F-295E-4937-9382-335123701C8A} : DhcpNameServer = 10.0.0.1
Notify: PFW - UmxWnp.Dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Bcool Class: {7FB6F8DA-0D19-382F-05D2-3F04E93AE187} - C:\ProgramData\Bcool\bhoclass.dll
BHO-X64: Bcool - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\eMachines\AppData\Roaming\Mozilla\Firefox\Profiles\7zggp4h7.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\eMachines\AppData\Roaming\Mozilla\Firefox\Profiles\7zggp4h7.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;C:\Windows\system32\DRIVERS\KmxAMRT.sys --> C:\Windows\system32\DRIVERS\KmxAMRT.sys [?]
R1 KmxAgent;KmxAgent;C:\Windows\system32\DRIVERS\kmxagent.sys --> C:\Windows\system32\DRIVERS\kmxagent.sys [?]
R1 KmxCfg;KmxCfg;C:\Windows\system32\DRIVERS\kmxcfg.sys --> C:\Windows\system32\DRIVERS\kmxcfg.sys [?]
.
=============== Created Last 30 ================
.
2012-08-31 18:16:29 -------- d-sh--w- C:\found.000
2012-08-31 17:06:51 -------- d-----w- C:\Users\eMachines\AppData\Local\{42A3DDE7-0E2C-0875-FF75-8F66DF289F8B}
2012-08-31 13:40:35 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E27061D9-88DF-4601-8C2D-378589AEF2E2}\mpengine.dll
2012-08-29 17:15:53 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 23:51:58 -------- d-----w- C:\Users\eMachines\AppData\Roaming\Anvil Studio
2012-08-27 23:37:02 -------- d-----w- C:\Program Files (x86)\Anvil Studio 2012
2012-08-27 08:24:48 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-08-27 08:24:46 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-08-25 13:13:23 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-08-25 03:32:59 -------- d-----w- C:\Users\eMachines\AppData\Local\SoftGrid Client
2012-08-25 03:32:56 -------- d-----w- C:\Users\eMachines\AppData\Roaming\SoftGrid Client
2012-08-25 03:30:28 -------- d-----w- C:\Users\eMachines\AppData\Roaming\TP
2012-08-16 20:17:04 -------- d-----w- C:\Program Files (x86)\Game_Maker8
2012-08-15 10:31:59 754784 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2012-08-15 10:18:24 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 10:18:22 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 10:18:22 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 10:18:22 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 10:18:20 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 10:18:10 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 10:18:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 10:18:06 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 10:18:06 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 10:18:06 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 10:18:06 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 00:28:48 -------- d-----w- C:\Users\eMachines\AppData\Roaming\LibreOffice
2012-08-14 23:55:28 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.6
.
==================== Find3M ====================
.
2012-08-26 04:38:35 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-26 04:38:35 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
.
============= FINISH: 14:22:07.97 ===============

Attached Files


Edited by Ridous, 31 August 2012 - 03:23 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:51 AM

Posted 31 August 2012 - 04:10 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ridous

Ridous
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 31 August 2012 - 10:47 PM

After the first restart from ComboFix, I was amazed. I actually fell backwards thinking that this wasn't the same computer I had for 2 years xD
The entire boot process took less than 10 seconds.

So far -20 minutes from reciving log- I haven't seen a TD popup about ZAccess.

Log:

ComboFix 12-08-31.08 - eMachines 08/31/2012 23:12:15.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.761 [GMT -4:00]
Running from: c:\users\eMachines\Downloads\ComboFix.exe
AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-293259363-1654663863-2285660974-1000\$5cd87d073b9366c099d8e96b06c3d9c4\@
c:\$recycle.bin\S-1-5-21-293259363-1654663863-2285660974-1000\$5cd87d073b9366c099d8e96b06c3d9c4\n
c:\$recycle.bin\S-1-5-21-293259363-1654663863-2285660974-1000\$5cd87d073b9366c099d8e96b06c3d9c4\U\00000001.@
c:\$recycle.bin\S-1-5-21-293259363-1654663863-2285660974-1000\$5cd87d073b9366c099d8e96b06c3d9c4\U\80000000.@
c:\$recycle.bin\S-1-5-21-293259363-1654663863-2285660974-1000\$5cd87d073b9366c099d8e96b06c3d9c4\U\800000cb.@
c:\programdata\Bcool
c:\programdata\Bcool\background.html
c:\programdata\Bcool\bhoclass.dll
c:\programdata\Bcool\content.js
c:\programdata\Bcool\data\content.js
c:\programdata\Bcool\data\jsondb.js
c:\programdata\Bcool\dpgkoeinjnkgcieloaioiohencfcjjjc.crx
c:\programdata\Bcool\settings.ini
c:\programdata\Bcool\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 03:24 . 2012-09-01 03:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-31 18:16 . 2012-08-31 18:16 -------- d-----w- C:\found.000
2012-08-31 17:06 . 2012-08-31 17:06 -------- d-----w- c:\users\eMachines\AppData\Local\{42A3DDE7-0E2C-0875-FF75-8F66DF289F8B}
2012-08-31 13:40 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E27061D9-88DF-4601-8C2D-378589AEF2E2}\mpengine.dll
2012-08-29 17:15 . 2012-08-29 17:15 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 23:51 . 2012-08-28 00:02 -------- d-----w- c:\users\eMachines\AppData\Roaming\Anvil Studio
2012-08-27 23:37 . 2012-08-27 23:37 -------- d-----w- c:\program files (x86)\Anvil Studio 2012
2012-08-27 08:24 . 2012-08-27 08:24 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-08-27 08:24 . 2012-08-27 08:24 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\programdata\VirtualizedApplications
2012-08-25 03:32 . 2012-08-25 03:33 -------- d-----w- c:\users\eMachines\AppData\Local\SoftGrid Client
2012-08-25 03:32 . 2012-08-31 18:06 -------- d-----w- c:\users\eMachines\AppData\Roaming\SoftGrid Client
2012-08-25 03:30 . 2012-08-25 03:33 -------- d-----w- c:\users\eMachines\AppData\Roaming\TP
2012-08-16 20:17 . 2012-08-16 20:17 -------- d-----w- c:\program files (x86)\Game_Maker8
2012-08-15 10:31 . 2012-06-29 05:02 754784 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-08-15 10:18 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 10:18 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 10:18 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 10:18 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 10:18 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 10:18 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 10:18 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 10:18 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 10:18 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 10:18 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 10:18 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 10:18 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 00:28 . 2012-08-15 00:28 -------- d-----w- c:\users\eMachines\AppData\Roaming\LibreOffice
2012-08-14 23:55 . 2012-08-14 23:57 -------- d-----w- c:\program files (x86)\LibreOffice 3.6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 04:38 . 2012-04-03 02:56 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 04:38 . 2011-10-21 15:57 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 10:04 . 2011-10-24 13:23 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-09 05:43 . 2012-07-10 23:55 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 23:50 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 23:50 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 23:49 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 23:50 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 23:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 23:49 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-10 39408]
"SansaDispatch"="c:\users\eMachines\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-11-09 79872]
"Akamai NetSession Interface"="c:\users\eMachines\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"syshost32"="c:\users\eMachines\AppData\Local\{42A3DDE7-0E2C-0875-FF75-8F66DF289F8B}\syshost.exe" [2012-08-31 359936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 19:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 250568]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PCDSRVC{A368CD8C-E23638CA-06020101}_0;PCDSRVC{A368CD8C-E23638CA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\emachi~1\appdata\local\temp\6wx2enaiorwf\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\CA\PCPitstopScheduleService.exe [2010-09-29 90864]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
R3 X6va005;X6va005;c:\users\EMACHI~1\AppData\Local\Temp\0056D05.tmp [x]
R3 X6va006;X6va006;c:\users\EMACHI~1\AppData\Local\Temp\0063A3C.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [2011-10-27 182352]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2011-10-26 113744]
S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2011-09-07 365136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-12-21 291656]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2012-03-09 287280]
S2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-03-07 1353280]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-08 174184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 04:38]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 20:06]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 20:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2012-03-09 2698800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=er1401&r=17360511f307p0498v135r4721s20n
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=er1401&r=17360511f307p0498v135r4721s20n
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 10.0.0.1
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
FF - ProfilePath - c:\users\eMachines\AppData\Roaming\Mozilla\Firefox\Profiles\7zggp4h7.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
BHO-{7FB6F8DA-0D19-382F-05D2-3F04E93AE187} - c:\programdata\Bcool\bhoclass.dll
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Bcool\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{A368CD8C-E23638CA-06020101}_0]
"ImagePath"="\??\c:\users\emachi~1\appdata\local\temp\6wx2enaiorwf\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\EMACHI~1\AppData\Local\Temp\0056D05.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\EMACHI~1\AppData\Local\Temp\0063A3C.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-31 23:34:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-01 03:34
.
Pre-Run: 77,467,156,480 bytes free
Post-Run: 78,125,375,488 bytes free
.
- - End Of File - - 46B73E8C8860BFAB16E9C5D376E88418

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:51 AM

Posted 31 August 2012 - 10:56 PM

Greetings Ridous

That is great news!!

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ridous

Ridous
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 01 September 2012 - 12:32 AM

Here they are.

00:36:58.0836 5116 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:36:59.0647 5116 ============================================================
00:36:59.0647 5116 Current date / time: 2012/09/01 00:36:59.0647
00:36:59.0647 5116 SystemInfo:
00:36:59.0647 5116
00:36:59.0647 5116 OS Version: 6.1.7601 ServicePack: 1.0
00:36:59.0647 5116 Product type: Workstation
00:36:59.0647 5116 ComputerName: 13THREALM
00:36:59.0647 5116 UserName: eMachines
00:36:59.0647 5116 Windows directory: C:\Windows
00:36:59.0647 5116 System windows directory: C:\Windows
00:36:59.0647 5116 Running under WOW64
00:36:59.0647 5116 Processor architecture: Intel x64
00:36:59.0647 5116 Number of processors: 1
00:36:59.0647 5116 Page size: 0x1000
00:36:59.0647 5116 Boot type: Normal boot
00:36:59.0647 5116 ============================================================
00:37:04.0444 5116 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:37:04.0454 5116 Drive \Device\Harddisk1\DR1 - Size: 0x1DDBF8000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:37:04.0454 5116 Drive \Device\Harddisk2\DR2 - Size: 0x1DB000000 (7.42 Gb), SectorSize: 0x200, Cylinders: 0x3C8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:37:04.0454 5116 ============================================================
00:37:04.0454 5116 \Device\Harddisk0\DR0:
00:37:04.0464 5116 MBR partitions:
00:37:04.0464 5116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
00:37:04.0464 5116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x10E8EEB0
00:37:04.0464 5116 \Device\Harddisk1\DR1:
00:37:04.0464 5116 MBR partitions:
00:37:04.0464 5116 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEEDD21
00:37:04.0464 5116 \Device\Harddisk2\DR2:
00:37:04.0464 5116 MBR partitions:
00:37:04.0464 5116 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xED6000
00:37:04.0464 5116 ============================================================
00:37:04.0514 5116 C: <-> \Device\Harddisk0\DR0\Partition2
00:37:04.0514 5116 ============================================================
00:37:04.0514 5116 Initialize success
00:37:04.0514 5116 ============================================================
00:37:17.0807 0952 ============================================================
00:37:17.0807 0952 Scan started
00:37:17.0807 0952 Mode: Manual;
00:37:17.0807 0952 ============================================================
00:37:18.0427 0952 ================ Scan system memory ========================
00:37:18.0427 0952 System memory - ok
00:37:18.0437 0952 ================ Scan services =============================
00:37:18.0717 0952 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:37:18.0757 0952 1394ohci - ok
00:37:18.0817 0952 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:37:18.0827 0952 ACPI - ok
00:37:18.0867 0952 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:37:18.0877 0952 AcpiPmi - ok
00:37:19.0127 0952 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:37:19.0127 0952 AdobeFlashPlayerUpdateSvc - ok
00:37:19.0247 0952 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:37:19.0277 0952 adp94xx - ok
00:37:19.0337 0952 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:37:19.0357 0952 adpahci - ok
00:37:19.0397 0952 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:37:19.0407 0952 adpu320 - ok
00:37:19.0447 0952 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:37:19.0457 0952 AeLookupSvc - ok
00:37:19.0537 0952 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:37:19.0577 0952 AFD - ok
00:37:19.0637 0952 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:37:19.0657 0952 agp440 - ok
00:37:19.0697 0952 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:37:19.0697 0952 ALG - ok
00:37:19.0727 0952 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:37:19.0747 0952 aliide - ok
00:37:19.0767 0952 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:37:19.0817 0952 amdide - ok
00:37:19.0977 0952 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:37:20.0047 0952 AmdK8 - ok
00:37:20.0077 0952 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:37:20.0087 0952 AmdPPM - ok
00:37:20.0127 0952 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:37:20.0137 0952 amdsata - ok
00:37:20.0177 0952 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:37:20.0207 0952 amdsbs - ok
00:37:20.0227 0952 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:37:20.0237 0952 amdxata - ok
00:37:20.0277 0952 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:37:20.0287 0952 AppID - ok
00:37:20.0337 0952 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:37:20.0347 0952 AppIDSvc - ok
00:37:20.0387 0952 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:37:20.0397 0952 Appinfo - ok
00:37:20.0657 0952 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:37:20.0667 0952 Apple Mobile Device - ok
00:37:20.0737 0952 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:37:20.0757 0952 arc - ok
00:37:20.0777 0952 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:37:20.0797 0952 arcsas - ok
00:37:20.0837 0952 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:37:20.0847 0952 AsyncMac - ok
00:37:20.0897 0952 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:37:20.0907 0952 atapi - ok
00:37:21.0007 0952 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:37:21.0047 0952 AudioEndpointBuilder - ok
00:37:21.0057 0952 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:37:21.0067 0952 AudioSrv - ok
00:37:21.0127 0952 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:37:21.0147 0952 AxInstSV - ok
00:37:21.0207 0952 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:37:21.0257 0952 b06bdrv - ok
00:37:21.0307 0952 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:37:21.0337 0952 b57nd60a - ok
00:37:21.0407 0952 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:37:21.0427 0952 BDESVC - ok
00:37:21.0437 0952 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:37:21.0477 0952 Beep - ok
00:37:21.0537 0952 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:37:21.0557 0952 BFE - ok
00:37:21.0597 0952 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
00:37:21.0667 0952 BITS - ok
00:37:21.0697 0952 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:37:21.0707 0952 blbdrive - ok
00:37:21.0807 0952 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:37:21.0827 0952 Bonjour Service - ok
00:37:21.0887 0952 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:37:21.0897 0952 bowser - ok
00:37:21.0957 0952 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:37:21.0967 0952 BrFiltLo - ok
00:37:21.0987 0952 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:37:21.0997 0952 BrFiltUp - ok
00:37:22.0067 0952 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
00:37:22.0087 0952 BridgeMP - ok
00:37:22.0157 0952 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:37:22.0167 0952 Browser - ok
00:37:22.0197 0952 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:37:22.0217 0952 Brserid - ok
00:37:22.0247 0952 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:37:22.0267 0952 BrSerWdm - ok
00:37:22.0287 0952 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:37:22.0297 0952 BrUsbMdm - ok
00:37:22.0327 0952 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:37:22.0347 0952 BrUsbSer - ok
00:37:22.0367 0952 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:37:22.0377 0952 BTHMODEM - ok
00:37:22.0487 0952 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:37:22.0497 0952 bthserv - ok
00:37:22.0677 0952 [ 51E0078586BF3AC6813CEDACFB220FEF ] CAAMSvc C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
00:37:22.0687 0952 CAAMSvc - ok
00:37:22.0757 0952 [ 6ECE8A5033D3788FEAF2BB37AEDBCE9B ] CaCCProvSP C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
00:37:22.0757 0952 CaCCProvSP - ok
00:37:22.0827 0952 [ E0F7E8B3EC79DB2A191B42FCC06F17E6 ] CAISafe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
00:37:22.0847 0952 CAISafe - ok
00:37:22.0897 0952 catchme - ok
00:37:22.0927 0952 [ 0194D2DBBD8A19B6B4BCD3FC21DEC978 ] ccSchedulerSVC C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
00:37:22.0937 0952 ccSchedulerSVC - ok
00:37:22.0967 0952 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:37:22.0977 0952 cdfs - ok
00:37:23.0047 0952 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:37:23.0067 0952 cdrom - ok
00:37:23.0117 0952 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:37:23.0127 0952 CertPropSvc - ok
00:37:23.0177 0952 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:37:23.0187 0952 circlass - ok
00:37:23.0247 0952 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:37:23.0277 0952 CLFS - ok
00:37:23.0427 0952 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:37:23.0457 0952 clr_optimization_v2.0.50727_32 - ok
00:37:23.0537 0952 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:37:23.0547 0952 clr_optimization_v2.0.50727_64 - ok
00:37:23.0677 0952 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:37:23.0757 0952 clr_optimization_v4.0.30319_32 - ok
00:37:23.0797 0952 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:37:23.0797 0952 clr_optimization_v4.0.30319_64 - ok
00:37:23.0897 0952 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:37:23.0907 0952 CmBatt - ok
00:37:23.0947 0952 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:37:23.0957 0952 cmdide - ok
00:37:24.0027 0952 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:37:24.0047 0952 CNG - ok
00:37:24.0067 0952 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:37:24.0087 0952 Compbatt - ok
00:37:24.0117 0952 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:37:24.0137 0952 CompositeBus - ok
00:37:24.0157 0952 COMSysApp - ok
00:37:24.0177 0952 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:37:24.0197 0952 crcdisk - ok
00:37:24.0257 0952 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:37:24.0257 0952 CryptSvc - ok
00:37:24.0317 0952 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:37:24.0357 0952 DcomLaunch - ok
00:37:24.0407 0952 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:37:24.0417 0952 defragsvc - ok
00:37:24.0457 0952 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:37:24.0467 0952 DfsC - ok
00:37:24.0547 0952 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:37:24.0557 0952 Dhcp - ok
00:37:24.0597 0952 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:37:24.0607 0952 discache - ok
00:37:24.0637 0952 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:37:24.0657 0952 Disk - ok
00:37:24.0697 0952 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:37:24.0707 0952 Dnscache - ok
00:37:24.0747 0952 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:37:24.0757 0952 dot3svc - ok
00:37:24.0797 0952 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:37:24.0797 0952 DPS - ok
00:37:24.0857 0952 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:37:24.0867 0952 drmkaud - ok
00:37:24.0939 0952 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:37:24.0985 0952 DXGKrnl - ok
00:37:25.0017 0952 EagleX64 - ok
00:37:25.0079 0952 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:37:25.0141 0952 EapHost - ok
00:37:25.0344 0952 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:37:25.0469 0952 ebdrv - ok
00:37:25.0500 0952 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:37:25.0500 0952 EFS - ok
00:37:25.0859 0952 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:37:25.0875 0952 ehRecvr - ok
00:37:25.0890 0952 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:37:25.0890 0952 ehSched - ok
00:37:25.0984 0952 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:37:26.0031 0952 elxstor - ok
00:37:26.0046 0952 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:37:26.0062 0952 ErrDev - ok
00:37:26.0109 0952 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:37:26.0124 0952 EventSystem - ok
00:37:26.0171 0952 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:37:26.0187 0952 exfat - ok
00:37:26.0218 0952 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:37:26.0233 0952 fastfat - ok
00:37:26.0452 0952 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:37:26.0467 0952 Fax - ok
00:37:26.0483 0952 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:37:26.0499 0952 fdc - ok
00:37:26.0561 0952 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:37:26.0561 0952 fdPHost - ok
00:37:26.0592 0952 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:37:26.0592 0952 FDResPub - ok
00:37:26.0608 0952 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:37:26.0639 0952 FileInfo - ok
00:37:26.0655 0952 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:37:26.0670 0952 Filetrace - ok
00:37:26.0701 0952 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:37:26.0717 0952 flpydisk - ok
00:37:26.0779 0952 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:37:26.0811 0952 FltMgr - ok
00:37:26.0857 0952 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:37:26.0920 0952 FontCache - ok
00:37:26.0998 0952 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:37:27.0013 0952 FontCache3.0.0.0 - ok
00:37:27.0138 0952 [ 52B58A46BEEFB238C580B69FD051CB5B ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
00:37:27.0154 0952 ForceWare Intelligent Application Manager (IAM) - ok
00:37:27.0185 0952 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:37:27.0201 0952 FsDepends - ok
00:37:27.0247 0952 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:37:27.0263 0952 Fs_Rec - ok
00:37:27.0357 0952 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:37:27.0388 0952 fvevol - ok
00:37:27.0419 0952 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:37:27.0435 0952 gagp30kx - ok
00:37:27.0544 0952 [ 6858C318E8DAA40E747E6FB9B214E104 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
00:37:27.0559 0952 GameConsoleService - ok
00:37:27.0622 0952 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:37:27.0637 0952 GEARAspiWDM - ok
00:37:27.0731 0952 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:37:27.0778 0952 gpsvc - ok
00:37:27.0871 0952 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
00:37:28.0012 0952 Greg_Service - ok
00:37:28.0137 0952 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:37:28.0137 0952 gupdate - ok
00:37:28.0168 0952 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:37:28.0168 0952 gupdatem - ok
00:37:28.0199 0952 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:37:28.0230 0952 gusvc - ok
00:37:28.0277 0952 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:37:28.0293 0952 hcw85cir - ok
00:37:28.0355 0952 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:37:28.0402 0952 HdAudAddService - ok
00:37:28.0449 0952 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:37:28.0449 0952 HDAudBus - ok
00:37:28.0480 0952 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:37:28.0495 0952 HidBatt - ok
00:37:28.0527 0952 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:37:28.0542 0952 HidBth - ok
00:37:28.0573 0952 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:37:28.0589 0952 HidIr - ok
00:37:28.0620 0952 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
00:37:28.0620 0952 hidserv - ok
00:37:28.0667 0952 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:37:28.0683 0952 HidUsb - ok
00:37:28.0714 0952 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:37:28.0729 0952 hkmsvc - ok
00:37:28.0761 0952 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:37:28.0776 0952 HomeGroupListener - ok
00:37:28.0807 0952 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:37:28.0807 0952 HomeGroupProvider - ok
00:37:28.0839 0952 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:37:28.0854 0952 HpSAMD - ok
00:37:28.0917 0952 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:37:28.0948 0952 HTTP - ok
00:37:28.0979 0952 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:37:28.0995 0952 hwpolicy - ok
00:37:29.0041 0952 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:37:29.0073 0952 i8042prt - ok
00:37:29.0119 0952 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:37:29.0151 0952 iaStorV - ok
00:37:29.0213 0952 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:37:29.0275 0952 idsvc - ok
00:37:29.0322 0952 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:37:29.0338 0952 iirsp - ok
00:37:29.0463 0952 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:37:29.0478 0952 IKEEXT - ok
00:37:29.0712 0952 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:37:29.0806 0952 IntcAzAudAddService - ok
00:37:29.0853 0952 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:37:29.0868 0952 intelide - ok
00:37:29.0931 0952 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:37:29.0931 0952 intelppm - ok
00:37:29.0977 0952 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:37:29.0993 0952 IPBusEnum - ok
00:37:30.0040 0952 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:37:30.0055 0952 IpFilterDriver - ok
00:37:30.0118 0952 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:37:30.0149 0952 iphlpsvc - ok
00:37:30.0196 0952 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:37:30.0211 0952 IPMIDRV - ok
00:37:30.0227 0952 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:37:30.0243 0952 IPNAT - ok
00:37:30.0336 0952 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:37:30.0367 0952 iPod Service - ok
00:37:30.0414 0952 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:37:30.0430 0952 IRENUM - ok
00:37:30.0461 0952 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:37:30.0477 0952 isapnp - ok
00:37:30.0523 0952 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:37:30.0555 0952 iScsiPrt - ok
00:37:30.0586 0952 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:37:30.0601 0952 kbdclass - ok
00:37:30.0633 0952 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:37:30.0664 0952 kbdhid - ok
00:37:30.0679 0952 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:37:30.0679 0952 KeyIso - ok
00:37:30.0757 0952 [ 77481D3753F6DCB0A499C3A01460DC00 ] KmxAgent C:\Windows\system32\DRIVERS\kmxagent.sys
00:37:30.0789 0952 KmxAgent - ok
00:37:30.0820 0952 [ C30A499E4A05FA7C1B2B1325953F12D4 ] KmxAMRT C:\Windows\system32\DRIVERS\KmxAMRT.sys
00:37:30.0851 0952 KmxAMRT - ok
00:37:30.0913 0952 [ 2FA4CB9DCA3ED83583659670F3B40916 ] KmxCfg C:\Windows\system32\DRIVERS\kmxcfg.sys
00:37:30.0929 0952 KmxCfg - ok
00:37:30.0976 0952 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:37:30.0991 0952 KSecDD - ok
00:37:31.0054 0952 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:37:31.0069 0952 KSecPkg - ok
00:37:31.0132 0952 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:37:31.0132 0952 ksthunk - ok
00:37:31.0210 0952 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:37:31.0225 0952 KtmRm - ok
00:37:31.0288 0952 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
00:37:31.0303 0952 LanmanServer - ok
00:37:31.0381 0952 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:37:31.0397 0952 LanmanWorkstation - ok
00:37:31.0444 0952 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:37:31.0459 0952 lltdio - ok
00:37:31.0506 0952 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:37:31.0522 0952 lltdsvc - ok
00:37:31.0553 0952 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:37:31.0569 0952 lmhosts - ok
00:37:31.0615 0952 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:37:31.0631 0952 LSI_FC - ok
00:37:31.0693 0952 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:37:31.0693 0952 LSI_SAS - ok
00:37:31.0740 0952 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:37:31.0756 0952 LSI_SAS2 - ok
00:37:31.0771 0952 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:37:31.0803 0952 LSI_SCSI - ok
00:37:31.0849 0952 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:37:31.0849 0952 luafv - ok
00:37:31.0912 0952 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:37:31.0912 0952 Mcx2Svc - ok
00:37:31.0943 0952 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:37:31.0959 0952 megasas - ok
00:37:31.0990 0952 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:37:32.0021 0952 MegaSR - ok
00:37:32.0068 0952 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:37:32.0068 0952 MMCSS - ok
00:37:32.0099 0952 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:37:32.0115 0952 Modem - ok
00:37:32.0146 0952 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:37:32.0146 0952 monitor - ok
00:37:32.0193 0952 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:37:32.0208 0952 mouclass - ok
00:37:32.0239 0952 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:37:32.0255 0952 mouhid - ok
00:37:32.0302 0952 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:37:32.0302 0952 mountmgr - ok
00:37:32.0427 0952 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:37:32.0442 0952 MozillaMaintenance - ok
00:37:32.0473 0952 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:37:32.0489 0952 mpio - ok
00:37:32.0520 0952 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:37:32.0536 0952 mpsdrv - ok
00:37:32.0583 0952 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:37:32.0614 0952 MpsSvc - ok
00:37:32.0661 0952 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:37:32.0676 0952 MRxDAV - ok
00:37:32.0754 0952 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:37:32.0770 0952 mrxsmb - ok
00:37:32.0817 0952 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:37:32.0848 0952 mrxsmb10 - ok
00:37:32.0879 0952 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:37:32.0895 0952 mrxsmb20 - ok
00:37:32.0941 0952 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:37:32.0957 0952 msahci - ok
00:37:32.0988 0952 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:37:33.0019 0952 msdsm - ok
00:37:33.0035 0952 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:37:33.0051 0952 MSDTC - ok
00:37:33.0097 0952 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:37:33.0113 0952 Msfs - ok
00:37:33.0144 0952 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:37:33.0160 0952 mshidkmdf - ok
00:37:33.0207 0952 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:37:33.0222 0952 msisadrv - ok
00:37:33.0253 0952 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:37:33.0269 0952 MSiSCSI - ok
00:37:33.0285 0952 msiserver - ok
00:37:33.0316 0952 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:37:33.0331 0952 MSKSSRV - ok
00:37:33.0347 0952 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:37:33.0363 0952 MSPCLOCK - ok
00:37:33.0394 0952 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:37:33.0409 0952 MSPQM - ok
00:37:33.0472 0952 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:37:33.0503 0952 MsRPC - ok
00:37:33.0581 0952 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:37:33.0581 0952 mssmbios - ok
00:37:33.0597 0952 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:37:33.0612 0952 MSTEE - ok
00:37:33.0643 0952 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:37:33.0659 0952 MTConfig - ok
00:37:33.0690 0952 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:37:33.0706 0952 Mup - ok
00:37:33.0753 0952 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:37:33.0768 0952 napagent - ok
00:37:33.0815 0952 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:37:33.0846 0952 NativeWifiP - ok
00:37:33.0924 0952 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
00:37:33.0971 0952 NDIS - ok
00:37:33.0987 0952 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:37:34.0002 0952 NdisCap - ok
00:37:34.0049 0952 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:37:34.0065 0952 NdisTapi - ok
00:37:34.0111 0952 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:37:34.0127 0952 Ndisuio - ok
00:37:34.0174 0952 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:37:34.0189 0952 NdisWan - ok
00:37:34.0236 0952 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:37:34.0252 0952 NDProxy - ok
00:37:34.0361 0952 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
00:37:34.0408 0952 Nero BackItUp Scheduler 4.0 - ok
00:37:34.0455 0952 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:37:34.0470 0952 NetBIOS - ok
00:37:34.0517 0952 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:37:34.0548 0952 NetBT - ok
00:37:34.0564 0952 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:37:34.0564 0952 Netlogon - ok
00:37:34.0626 0952 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:37:34.0642 0952 Netman - ok
00:37:34.0720 0952 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:37:34.0735 0952 netprofm - ok
00:37:34.0829 0952 [ 813B7C722BA97E703D375ABA170E16CC ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
00:37:34.0907 0952 netr28x - ok
00:37:34.0938 0952 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:37:34.0954 0952 NetTcpPortSharing - ok
00:37:34.0985 0952 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:37:35.0001 0952 nfrd960 - ok
00:37:35.0047 0952 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:37:35.0063 0952 NlaSvc - ok
00:37:35.0079 0952 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:37:35.0094 0952 Npfs - ok
00:37:35.0110 0952 npggsvc - ok
00:37:35.0125 0952 NPPTNT2 - ok
00:37:35.0172 0952 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:37:35.0172 0952 nsi - ok
00:37:35.0188 0952 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:37:35.0219 0952 nsiproxy - ok
00:37:35.0266 0952 [ 20E179A7FE78B37A02D30C4D34C870E7 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
00:37:35.0266 0952 nSvcIp - ok
00:37:35.0344 0952 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:37:35.0453 0952 Ntfs - ok
00:37:35.0500 0952 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:37:35.0515 0952 Null - ok
00:37:35.0593 0952 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
00:37:35.0609 0952 NVENETFD - ok
00:37:35.0656 0952 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
00:37:35.0687 0952 NVHDA - ok
00:37:36.0249 0952 [ 4628FA8F0CC0D509BC14A223E99D36F3 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:37:36.0654 0952 nvlddmkm - ok
00:37:36.0748 0952 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
00:37:36.0795 0952 NVNET - ok
00:37:36.0826 0952 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:37:36.0841 0952 nvraid - ok
00:37:36.0904 0952 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
00:37:36.0904 0952 nvsmu - ok
00:37:36.0951 0952 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:37:36.0966 0952 nvstor - ok
00:37:36.0997 0952 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
00:37:37.0013 0952 nvstor64 - ok
00:37:37.0075 0952 [ 703F996312202D84663F7C8584ACAF55 ] nvsvc C:\Windows\system32\nvvsvc.exe
00:37:37.0075 0952 nvsvc - ok
00:37:37.0122 0952 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:37:37.0153 0952 nv_agp - ok
00:37:37.0185 0952 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:37:37.0200 0952 ohci1394 - ok
00:37:37.0247 0952 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:37:37.0263 0952 p2pimsvc - ok
00:37:37.0309 0952 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:37:37.0325 0952 p2psvc - ok
00:37:37.0372 0952 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:37:37.0387 0952 Parport - ok
00:37:37.0434 0952 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:37:37.0434 0952 partmgr - ok
00:37:37.0465 0952 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:37:37.0497 0952 PcaSvc - ok
00:37:37.0590 0952 PcdrNdisuio - ok
00:37:37.0715 0952 PCDSRVC{A368CD8C-E23638CA-06020101}_0 - ok
00:37:37.0762 0952 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:37:37.0793 0952 pci - ok
00:37:37.0824 0952 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:37:37.0840 0952 pciide - ok
00:37:37.0871 0952 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:37:37.0902 0952 pcmcia - ok
00:37:37.0996 0952 [ 4AFDDA6ADEB0DF8A1AA0268FFB838649 ] PCPitstop Scheduling C:\Program Files (x86)\CA\PCPitstopScheduleService.exe
00:37:38.0011 0952 PCPitstop Scheduling - ok
00:37:38.0027 0952 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:37:38.0043 0952 pcw - ok
00:37:38.0074 0952 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:37:38.0121 0952 PEAUTH - ok
00:37:38.0167 0952 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:37:38.0183 0952 PerfHost - ok
00:37:38.0277 0952 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:37:38.0355 0952 pla - ok
00:37:38.0401 0952 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:37:38.0417 0952 PlugPlay - ok
00:37:38.0448 0952 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:37:38.0448 0952 PNRPAutoReg - ok
00:37:38.0479 0952 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:37:38.0495 0952 PNRPsvc - ok
00:37:38.0526 0952 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:37:38.0557 0952 PolicyAgent - ok
00:37:38.0589 0952 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:37:38.0604 0952 Power - ok
00:37:38.0635 0952 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:37:38.0651 0952 PptpMiniport - ok
00:37:38.0682 0952 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:37:38.0713 0952 Processor - ok
00:37:38.0760 0952 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:37:38.0760 0952 ProfSvc - ok
00:37:38.0791 0952 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:37:38.0791 0952 ProtectedStorage - ok
00:37:38.0838 0952 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:37:38.0854 0952 Psched - ok
00:37:38.0932 0952 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:37:39.0010 0952 ql2300 - ok
00:37:39.0041 0952 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:37:39.0057 0952 ql40xx - ok
00:37:39.0088 0952 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:37:39.0103 0952 QWAVE - ok
00:37:39.0135 0952 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:37:39.0150 0952 QWAVEdrv - ok
00:37:39.0166 0952 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:37:39.0181 0952 RasAcd - ok
00:37:39.0244 0952 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:37:39.0259 0952 RasAgileVpn - ok
00:37:39.0275 0952 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:37:39.0291 0952 RasAuto - ok
00:37:39.0337 0952 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:37:39.0353 0952 Rasl2tp - ok
00:37:39.0400 0952 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:37:39.0431 0952 RasMan - ok
00:37:39.0462 0952 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:37:39.0478 0952 RasPppoe - ok
00:37:39.0493 0952 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:37:39.0509 0952 RasSstp - ok
00:37:39.0556 0952 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:37:39.0587 0952 rdbss - ok
00:37:39.0618 0952 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:37:39.0634 0952 rdpbus - ok
00:37:39.0665 0952 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:37:39.0681 0952 RDPCDD - ok
00:37:39.0727 0952 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:37:39.0743 0952 RDPENCDD - ok
00:37:39.0759 0952 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:37:39.0774 0952 RDPREFMP - ok
00:37:39.0805 0952 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:37:39.0837 0952 RDPWD - ok
00:37:39.0868 0952 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:37:39.0899 0952 rdyboost - ok
00:37:39.0930 0952 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:37:39.0946 0952 RemoteAccess - ok
00:37:39.0977 0952 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:37:39.0993 0952 RemoteRegistry - ok
00:37:40.0024 0952 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:37:40.0024 0952 RpcEptMapper - ok
00:37:40.0071 0952 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:37:40.0071 0952 RpcLocator - ok
00:37:40.0117 0952 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:37:40.0117 0952 RpcSs - ok
00:37:40.0149 0952 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:37:40.0164 0952 rspndr - ok
00:37:40.0195 0952 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:37:40.0195 0952 SamSs - ok
00:37:40.0242 0952 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:37:40.0258 0952 sbp2port - ok
00:37:40.0305 0952 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:37:40.0305 0952 SCardSvr - ok
00:37:40.0351 0952 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:37:40.0367 0952 scfilter - ok
00:37:40.0414 0952 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:37:40.0461 0952 Schedule - ok
00:37:40.0507 0952 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:37:40.0507 0952 SCPolicySvc - ok
00:37:40.0554 0952 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:37:40.0570 0952 SDRSVC - ok
00:37:40.0601 0952 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:37:40.0617 0952 secdrv - ok
00:37:40.0648 0952 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:37:40.0663 0952 seclogon - ok
00:37:40.0695 0952 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
00:37:40.0710 0952 SENS - ok
00:37:40.0741 0952 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:37:40.0741 0952 SensrSvc - ok
00:37:40.0773 0952 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:37:40.0788 0952 Serenum - ok
00:37:40.0819 0952 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:37:40.0835 0952 Serial - ok
00:37:40.0866 0952 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:37:40.0883 0952 sermouse - ok
00:37:40.0945 0952 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:37:40.0961 0952 SessionEnv - ok
00:37:40.0992 0952 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:37:41.0008 0952 sffdisk - ok
00:37:41.0039 0952 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:37:41.0054 0952 sffp_mmc - ok
00:37:41.0101 0952 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:37:41.0117 0952 sffp_sd - ok
00:37:41.0148 0952 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:37:41.0164 0952 sfloppy - ok
00:37:41.0226 0952 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:37:41.0257 0952 SharedAccess - ok
00:37:41.0304 0952 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:37:41.0320 0952 ShellHWDetection - ok
00:37:41.0351 0952 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:37:41.0382 0952 SiSRaid2 - ok
00:37:41.0398 0952 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:37:41.0413 0952 SiSRaid4 - ok
00:37:41.0444 0952 sj - ok
00:37:41.0476 0952 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:37:41.0491 0952 Smb - ok
00:37:41.0569 0952 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:37:41.0585 0952 SNMPTRAP - ok
00:37:41.0616 0952 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:37:41.0632 0952 spldr - ok
00:37:41.0694 0952 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:37:41.0710 0952 Spooler - ok
00:37:41.0929 0952 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:37:42.0023 0952 sppsvc - ok
00:37:42.0069 0952 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:37:42.0085 0952 sppuinotify - ok
00:37:42.0116 0952 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:37:42.0147 0952 srv - ok
00:37:42.0210 0952 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:37:42.0241 0952 srv2 - ok
00:37:42.0272 0952 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:37:42.0303 0952 srvnet - ok
00:37:42.0335 0952 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:37:42.0350 0952 SSDPSRV - ok
00:37:42.0366 0952 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:37:42.0381 0952 SstpSvc - ok
00:37:42.0428 0952 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:37:42.0444 0952 stexstor - ok
00:37:42.0491 0952 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:37:42.0506 0952 stisvc - ok
00:37:42.0537 0952 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:37:42.0569 0952 swenum - ok
00:37:42.0615 0952 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:37:42.0647 0952 swprv - ok
00:37:42.0725 0952 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:37:42.0803 0952 SysMain - ok
00:37:42.0834 0952 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:37:42.0849 0952 TabletInputService - ok
00:37:42.0896 0952 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:37:42.0896 0952 TapiSrv - ok
00:37:42.0927 0952 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:37:42.0927 0952 TBS - ok
00:37:43.0286 0952 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:37:43.0380 0952 Tcpip - ok
00:37:43.0442 0952 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:37:43.0458 0952 TCPIP6 - ok
00:37:43.0505 0952 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:37:43.0520 0952 tcpipreg - ok
00:37:43.0551 0952 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:37:43.0567 0952 TDPIPE - ok
00:37:43.0598 0952 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:37:43.0629 0952 TDTCP - ok
00:37:43.0676 0952 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:37:43.0692 0952 tdx - ok
00:37:43.0739 0952 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:37:43.0754 0952 TermDD - ok
00:37:43.0879 0952 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:37:43.0895 0952 TermService - ok
00:37:43.0941 0952 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:37:43.0941 0952 Themes - ok
00:37:43.0988 0952 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:37:43.0988 0952 THREADORDER - ok
00:37:44.0019 0952 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:37:44.0019 0952 TrkWks - ok
00:37:44.0097 0952 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:37:44.0113 0952 TrustedInstaller - ok
00:37:44.0160 0952 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:37:44.0175 0952 tssecsrv - ok
00:37:44.0238 0952 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:37:44.0253 0952 TsUsbFlt - ok
00:37:44.0316 0952 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:37:44.0331 0952 tunnel - ok
00:37:44.0363 0952 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:37:44.0378 0952 uagp35 - ok
00:37:44.0472 0952 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:37:44.0503 0952 udfs - ok
00:37:44.0550 0952 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:37:44.0550 0952 UI0Detect - ok
00:37:44.0597 0952 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:37:44.0612 0952 uliagpkx - ok
00:37:44.0659 0952 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:37:44.0675 0952 umbus - ok
00:37:44.0706 0952 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:37:44.0721 0952 UmPass - ok
00:37:44.0815 0952 [ AF950F62E5FC72FFDB7363F72600B21C ] UmxEngine C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
00:37:44.0846 0952 UmxEngine - ok
00:37:44.0924 0952 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
00:37:44.0955 0952 Updater Service - ok
00:37:45.0002 0952 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:37:45.0018 0952 upnphost - ok
00:37:45.0080 0952 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
00:37:45.0127 0952 USBAAPL64 - ok
00:37:45.0158 0952 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:37:45.0174 0952 usbccgp - ok
00:37:45.0221 0952 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:37:45.0236 0952 usbcir - ok
00:37:45.0267 0952 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:37:45.0283 0952 usbehci - ok
00:37:45.0377 0952 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:37:45.0392 0952 usbhub - ok
00:37:45.0423 0952 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
00:37:45.0439 0952 usbohci - ok
00:37:45.0470 0952 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:37:45.0486 0952 usbprint - ok
00:37:45.0501 0952 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:37:45.0533 0952 USBSTOR - ok
00:37:45.0564 0952 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:37:45.0579 0952 usbuhci - ok
00:37:45.0611 0952 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:37:45.0626 0952 UxSms - ok
00:37:45.0642 0952 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:37:45.0657 0952 VaultSvc - ok
00:37:45.0689 0952 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:37:45.0704 0952 vdrvroot - ok
00:37:45.0751 0952 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:37:45.0782 0952 vds - ok
00:37:45.0813 0952 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:37:45.0829 0952 vga - ok
00:37:45.0845 0952 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:37:45.0860 0952 VgaSave - ok
00:37:45.0907 0952 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:37:45.0938 0952 vhdmp - ok
00:37:45.0954 0952 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:37:45.0969 0952 viaide - ok
00:37:46.0001 0952 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:37:46.0026 0952 volmgr - ok
00:37:46.0056 0952 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:37:46.0086 0952 volmgrx - ok
00:37:46.0126 0952 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:37:46.0156 0952 volsnap - ok
00:37:46.0176 0952 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:37:46.0206 0952 vsmraid - ok
00:37:46.0326 0952 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:37:46.0366 0952 VSS - ok
00:37:46.0396 0952 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:37:46.0406 0952 vwifibus - ok
00:37:46.0466 0952 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:37:46.0486 0952 vwififlt - ok
00:37:46.0536 0952 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:37:46.0546 0952 W32Time - ok
00:37:46.0586 0952 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:37:46.0596 0952 WacomPen - ok
00:37:46.0659 0952 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:37:46.0674 0952 WANARP - ok
00:37:46.0705 0952 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:37:46.0705 0952 Wanarpv6 - ok
00:37:47.0017 0952 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:37:47.0049 0952 WatAdminSvc - ok
00:37:47.0298 0952 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:37:47.0392 0952 wbengine - ok
00:37:47.0454 0952 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:37:47.0470 0952 WbioSrvc - ok
00:37:47.0517 0952 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:37:47.0563 0952 wcncsvc - ok
00:37:47.0595 0952 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:37:47.0595 0952 WcsPlugInService - ok
00:37:47.0641 0952 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:37:47.0657 0952 Wd - ok
00:37:47.0704 0952 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:37:47.0735 0952 Wdf01000 - ok
00:37:47.0751 0952 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:37:47.0766 0952 WdiServiceHost - ok
00:37:47.0766 0952 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:37:47.0782 0952 WdiSystemHost - ok
00:37:47.0813 0952 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:37:47.0844 0952 WebClient - ok
00:37:47.0907 0952 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:37:47.0922 0952 Wecsvc - ok
00:37:47.0938 0952 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:37:47.0938 0952 wercplsupport - ok
00:37:47.0985 0952 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:37:47.0985 0952 WerSvc - ok
00:37:48.0047 0952 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:37:48.0047 0952 WfpLwf - ok
00:37:48.0078 0952 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:37:48.0094 0952 WIMMount - ok
00:37:48.0125 0952 WinDefend - ok
00:37:48.0141 0952 WinHttpAutoProxySvc - ok
00:37:48.0250 0952 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:37:48.0265 0952 Winmgmt - ok
00:37:48.0359 0952 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:37:48.0453 0952 WinRM - ok
00:37:48.0519 0952 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:37:48.0539 0952 WinUsb - ok
00:37:48.0589 0952 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:37:48.0619 0952 Wlansvc - ok
00:37:48.0659 0952 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:37:48.0659 0952 WmiAcpi - ok
00:37:48.0722 0952 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:37:48.0737 0952 wmiApSrv - ok
00:37:48.0784 0952 WMPNetworkSvc - ok
00:37:48.0815 0952 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:37:48.0815 0952 WPCSvc - ok
00:37:48.0862 0952 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:37:48.0862 0952 WPDBusEnum - ok
00:37:48.0909 0952 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:37:48.0925 0952 ws2ifsl - ok
00:37:48.0956 0952 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
00:37:48.0956 0952 wscsvc - ok
00:37:48.0971 0952 WSearch - ok
00:37:49.0283 0952 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:37:49.0377 0952 wuauserv - ok
00:37:49.0393 0952 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:37:49.0408 0952 WudfPf - ok
00:37:49.0471 0952 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:37:49.0471 0952 WUDFRd - ok
00:37:49.0517 0952 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:37:49.0533 0952 wudfsvc - ok
00:37:49.0580 0952 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:37:49.0595 0952 WwanSvc - ok
00:37:49.0751 0952 X6va005 - ok
00:37:49.0798 0952 X6va006 - ok
00:37:49.0923 0952 X6va008 - ok
00:37:49.0954 0952 X6va009 - ok
00:37:49.0970 0952 ================ Scan global ===============================
00:37:50.0032 0952 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:37:50.0079 0952 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:37:50.0095 0952 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:37:50.0126 0952 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:37:50.0173 0952 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:37:50.0188 0952 [Global] - ok
00:37:50.0188 0952 ================ Scan MBR ==================================
00:37:50.0219 0952 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:37:50.0469 0952 \Device\Harddisk0\DR0 - ok
00:37:50.0485 0952 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
00:37:50.0500 0952 \Device\Harddisk1\DR1 - ok
00:37:50.0516 0952 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
00:37:50.0563 0952 \Device\Harddisk2\DR2 - ok
00:37:50.0563 0952 ================ Scan VBR ==================================
00:37:50.0578 0952 [ 2B73B44CD2EF0D9B534DB59EDF0E41C7 ] \Device\Harddisk0\DR0\Partition1
00:37:50.0578 0952 \Device\Harddisk0\DR0\Partition1 - ok
00:37:50.0594 0952 [ C2F9EDF903F0BC05A921272D905F66D1 ] \Device\Harddisk0\DR0\Partition2
00:37:50.0594 0952 \Device\Harddisk0\DR0\Partition2 - ok
00:37:50.0609 0952 [ C477612E7384A408309CEB721D3BB392 ] \Device\Harddisk1\DR1\Partition1
00:37:50.0609 0952 \Device\Harddisk1\DR1\Partition1 - ok
00:37:50.0625 0952 [ 38A7F9C347188B9FE91DEB89F824B1D3 ] \Device\Harddisk2\DR2\Partition1
00:37:50.0625 0952 \Device\Harddisk2\DR2\Partition1 - ok
00:37:50.0625 0952 ============================================================
00:37:50.0625 0952 Scan finished
00:37:50.0625 0952 ============================================================
00:37:50.0641 4436 Detected object count: 0
00:37:50.0641 4436 Actual detected object count: 0
00:39:32.0047 1080 Deinitialize success







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-01 00:39:43
-----------------------------
00:39:43.871 OS Version: Windows x64 6.1.7601 Service Pack 1
00:39:43.871 Number of processors: 1 586 0x603
00:39:43.871 ComputerName: 13THREALM UserName: eMachines
00:39:44.831 Initialize success
00:57:36.730 AVAST engine defs: 12083102
00:57:45.224 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
00:57:45.227 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
00:57:45.247 Disk 0 MBR read successfully
00:57:45.250 Disk 0 MBR scan
00:57:45.453 Disk 0 Windows 7 default MBR code
00:57:45.487 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
00:57:45.577 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28674048
00:57:45.620 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 138525 MB offset 28878848
00:57:45.747 Disk 0 scanning C:\Windows\system32\drivers
00:58:13.544 Service scanning
00:59:10.924 Modules scanning
00:59:10.935 Disk 0 trace - called modules:
00:59:10.980 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
00:59:11.395 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80026d6060]
00:59:11.401 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8001f92e40]
00:59:11.408 5 ACPI.sys[fffff88000f247a1] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa8001f8a9c0]
00:59:13.194 AVAST engine scan C:\Windows
00:59:21.715 AVAST engine scan C:\Windows\system32
01:08:39.857 AVAST engine scan C:\Windows\system32\drivers
01:09:15.158 AVAST engine scan C:\Users\eMachines
01:24:42.074 AVAST engine scan C:\ProgramData
01:28:33.330 Scan finished successfully
01:30:13.981 Disk 0 MBR has been saved successfully to "C:\Users\eMachines\Desktop\MBR.dat"
01:30:13.981 The log file has been saved successfully to "C:\Users\eMachines\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:51 AM

Posted 01 September 2012 - 12:44 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\eMachines\AppData\Roaming\Mozilla\Firefox\Profiles\7zggp4h7.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ridous

Ridous
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 01 September 2012 - 01:58 AM

From what I can tell, there's nothing much different from the last run of ComboFix.

Log:

ComboFix 12-08-31.08 - eMachines 09/01/2012 2:11.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.870 [GMT -4:00]
Running from: c:\users\eMachines\Downloads\ComboFix.exe
Command switches used :: c:\users\eMachines\Desktop\CFScript.txt
AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 06:23 . 2012-09-01 06:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-31 18:16 . 2012-08-31 18:16 -------- d-----w- C:\found.000
2012-08-31 17:06 . 2012-08-31 17:06 -------- d-----w- c:\users\eMachines\AppData\Local\{42A3DDE7-0E2C-0875-FF75-8F66DF289F8B}
2012-08-31 13:40 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E27061D9-88DF-4601-8C2D-378589AEF2E2}\mpengine.dll
2012-08-29 17:15 . 2012-08-29 17:15 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 23:51 . 2012-08-28 00:02 -------- d-----w- c:\users\eMachines\AppData\Roaming\Anvil Studio
2012-08-27 23:37 . 2012-08-27 23:37 -------- d-----w- c:\program files (x86)\Anvil Studio 2012
2012-08-27 08:24 . 2012-08-27 08:24 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-08-27 08:24 . 2012-08-27 08:24 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\programdata\VirtualizedApplications
2012-08-25 03:32 . 2012-08-25 03:33 -------- d-----w- c:\users\eMachines\AppData\Local\SoftGrid Client
2012-08-25 03:32 . 2012-08-31 18:06 -------- d-----w- c:\users\eMachines\AppData\Roaming\SoftGrid Client
2012-08-25 03:30 . 2012-08-25 03:33 -------- d-----w- c:\users\eMachines\AppData\Roaming\TP
2012-08-16 20:17 . 2012-08-16 20:17 -------- d-----w- c:\program files (x86)\Game_Maker8
2012-08-15 10:31 . 2012-06-29 05:02 754784 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-08-15 10:18 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 10:18 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 10:18 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 10:18 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 10:18 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 10:18 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 10:18 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 10:18 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 10:18 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 10:18 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 10:18 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 10:18 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 00:28 . 2012-08-15 00:28 -------- d-----w- c:\users\eMachines\AppData\Roaming\LibreOffice
2012-08-14 23:55 . 2012-08-14 23:57 -------- d-----w- c:\program files (x86)\LibreOffice 3.6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 04:38 . 2012-04-03 02:56 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 04:38 . 2011-10-21 15:57 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 10:04 . 2011-10-24 13:23 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-09 05:43 . 2012-07-10 23:55 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 23:50 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 23:50 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 23:49 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 23:50 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 23:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 23:49 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-01_03.27.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-10 18:58 . 2012-09-01 03:41 52220 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-01 03:41 45640 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-31 17:14 . 2012-09-01 03:41 18538 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-293259363-1654663863-2285660974-1000_UserData.bin
- 2012-09-01 03:26 . 2012-09-01 03:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-01 06:25 . 2012-09-01 06:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-01 03:26 . 2012-09-01 03:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-01 06:25 . 2012-09-01 06:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-09-01 03:25 293308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-01 06:24 293308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-21 20:26 . 2012-09-01 06:24 3810452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-293259363-1654663863-2285660974-1000-8192.dat
- 2011-10-21 20:26 . 2012-09-01 03:25 3810452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-293259363-1654663863-2285660974-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7FB6F8DA-0D19-382F-05D2-3F04E93AE187}]
c:\programdata\Bcool\bhoclass.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-10 39408]
"SansaDispatch"="c:\users\eMachines\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-11-09 79872]
"Akamai NetSession Interface"="c:\users\eMachines\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"syshost32"="c:\users\eMachines\AppData\Local\{42A3DDE7-0E2C-0875-FF75-8F66DF289F8B}\syshost.exe" [2012-08-31 359936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 19:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 250568]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PCDSRVC{A368CD8C-E23638CA-06020101}_0;PCDSRVC{A368CD8C-E23638CA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\emachi~1\appdata\local\temp\6wx2enaiorwf\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\CA\PCPitstopScheduleService.exe [2010-09-29 90864]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
R3 X6va005;X6va005;c:\users\EMACHI~1\AppData\Local\Temp\0056D05.tmp [x]
R3 X6va006;X6va006;c:\users\EMACHI~1\AppData\Local\Temp\0063A3C.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [2011-10-27 182352]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2011-10-26 113744]
S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2011-09-07 365136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-12-21 291656]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2012-03-09 287280]
S2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-03-07 1353280]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-08 174184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 04:38]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 20:06]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 20:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2012-03-09 2698800]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=er1401&r=17360511f307p0498v135r4721s20n
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=er1401&r=17360511f307p0498v135r4721s20n
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 10.0.0.1
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
FF - ProfilePath - c:\users\eMachines\AppData\Roaming\Mozilla\Firefox\Profiles\7zggp4h7.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{A368CD8C-E23638CA-06020101}_0]
"ImagePath"="\??\c:\users\emachi~1\appdata\local\temp\6wx2enaiorwf\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\EMACHI~1\AppData\Local\Temp\0056D05.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\EMACHI~1\AppData\Local\Temp\0063A3C.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-09-01 02:47:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-01 06:47
ComboFix2.txt 2012-09-01 03:34
.
Pre-Run: 78,783,426,560 bytes free
Post-Run: 78,587,543,552 bytes free
.
- - End Of File - - 57C2B43578240DA544E9196FFD3A94E1

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:51 AM

Posted 01 September 2012 - 02:16 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.2 MUI
Java™ 6 Update 30
Java™ 7 Update 5
JavaFX 2.1.1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ridous

Ridous
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 01 September 2012 - 09:01 AM

My computer is taking less time to load most of my things now.

mbam Log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
eMachines :: 13THREALM [administrator]

Protection: Enabled

9/1/2012 9:32:03 AM
mbam-log-2012-09-01 (09-32-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203568
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Detected: 1
C:\Users\eMachines\AppData\Local\{42A3DDE7-0E2C-0875-FF75-8F66DF289F8B}\syshost.exe (Trojan.Phex.THAGen6) -> 2924 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Trojan.Phex.THAGen6) -> Data: C:\Users\eMachines\AppData\Local\{42A3DDE7-0E2C-0875-FF75-8F66DF289F8B}\syshost.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\eMachines\AppData\Local\{42A3DDE7-0E2C-0875-FF75-8F66DF289F8B}\syshost.exe (Trojan.Phex.THAGen6) -> Delete on reboot.

(end)


HT Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:59 AM, on 9/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\eMachines\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Users\eMachines\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Users\eMachines\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\eMachines\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=er1401&r=17360511f307p0498v135r4721s20n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=er1401&r=17360511f307p0498v135r4721s20n
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Bcool - {7FB6F8DA-0D19-382F-05D2-3F04E93AE187} - C:\ProgramData\Bcool\bhoclass.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\eMachines\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\eMachines\AppData\Local\Akamai\netsession_win.exe"
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} (VersionControl Class) - http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\CA\PCPitstopScheduleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: TM Engine (UmxEngine) - CA - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9913 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:51 AM

Posted 01 September 2012 - 12:03 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [SansaDispatch] C:\Users\eMachines\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\eMachines\AppData\Local\Akamai\netsession_win.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ridous

Ridous
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 01 September 2012 - 03:12 PM

This scan took 3 hours :X

Log:


C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-293259363-1654663863-2285660974-1000\$5cd87d073b9366c099d8e96b06c3d9c4\n.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-293259363-1654663863-2285660974-1000\$5cd87d073b9366c099d8e96b06c3d9c4\U\80000000.@.vir Win64/Sirefef.AL trojan
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-293259363-1654663863-2285660974-1000\$5cd87d073b9366c099d8e96b06c3d9c4\U\800000cb.@.vir Win64/Sirefef.AH trojan
C:\Qoobox\Quarantine\C\ProgramData\Bcool\bhoclass.dll.vir Win32/Adware.MultiPlug.A application
C:\Qoobox\Quarantine\C\ProgramData\Bcool\uninstall.exe.vir Win32/Adware.MultiPlug.A application
C:\Users\eMachines\Downloads\avc-free.exe Win32/OpenCandy application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:51 AM

Posted 01 September 2012 - 03:29 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\eMachines\Downloads\avc-free.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:51 AM

Posted 03 September 2012 - 11:20 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users