Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Malware Redirect on Wife's PC - Can't Get RId Of


  • This topic is locked This topic is locked
17 replies to this topic

#1 jimmyz12

jimmyz12

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 15 October 2012 - 10:18 PM

After the great help I received on this forum removing malware from my own laptop, my wife has gotten a similar infection on her PC. Please help! I have run Defogger to disable any CD emulation software and have run DDS ..... the log is pasted below:

***************************************************

DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Kris at 22:12:45 on 2012-10-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2496 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\consent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://emachines.msn.com
uDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
mDefault_Page_URL = hxxp://emachines.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Kris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [UVS12 Preload] C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{068BA458-B45C-47FE-A520-7FA3691B0CDC} : DHCPNameServer = 192.168.1.1 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://emachines.msn.com
x64-mDefault_Page_URL = hxxp://emachines.msn.com
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kris\AppData\Local\Roblox\Versions\version-14148f7d00f24d47\NPRobloxProxy.dll
FF - plugin: C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Users\Kris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2010-12-29 472656]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-29 121936]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-29 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-29 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-29 40384]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-12-29 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-15 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-15 676936]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-12-26 11576]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-8-30 243232]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-29 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-29 40384]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-15 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-7 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-16 250808]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-7 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-20 115168]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-28 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-10-15 16:13:58 -------- d-----w- C:\Users\Kris\AppData\Roaming\Malwarebytes
2012-10-15 16:13:52 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-15 16:13:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-15 16:13:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-12 19:26:47 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CB51ADB-1E83-48E0-8A5D-975B5D520B4F}\mpengine.dll
2012-10-10 06:54:15 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 06:53:58 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 06:52:48 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 06:52:47 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 06:52:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 06:52:47 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 06:52:46 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 06:52:46 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-09-22 17:37:11 -------- d-----w- C:\Program Files (x86)\Coupons
2012-09-17 08:15:55 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-09-17 08:15:55 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-09-17 08:03:04 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-09-17 08:03:04 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-09-17 07:26:16 -------- d-----w- C:\Users\Kris\AppData\Local\Macromedia
2012-09-16 15:28:48 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-09-16 15:27:52 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-09-16 14:46:38 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-16 14:26:29 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-09-16 14:26:14 -------- d-----w- C:\Users\Kris\AppData\Local\Microsoft Help
.
==================== Find3M ====================
.
2012-10-09 16:49:02 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:53:01 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:54:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:55:04 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 17:05:42 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 22:13:32.25 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 15 October 2012 - 11:39 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 16 October 2012 - 05:16 AM

Gringo, thanks again for the help. I have run all three programs ... none of them required a reboot so I have not rebooted the machine. All three log files are below:


SECURITY CHECK:

Results of screen317's Security Check version 0.99.51
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
Mozilla Thunderbird (3.1.11) Thunderbird out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
software and drivers Anti-Virus Programs SecurityCheck.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````




_________________________________________________

AdwCleaner:


# AdwCleaner v2.005 - Logfile created 10/16/2012 at 05:07:32
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Kris - KRIS-PC
# Boot Mode : Normal
# Running from : C:\shares\software and drivers\Anti-Virus Programs\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Users\Kris\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-1378347193-2054418301-3286631809-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1086 octets] - [15/10/2012 22:00:34]
AdwCleaner[R2].txt - [1633 octets] - [16/10/2012 05:06:55]
AdwCleaner[R3].txt - [1568 octets] - [16/10/2012 05:07:32]

########## EOF - C:\AdwCleaner[R3].txt - [1628 octets] ##########


__________________________________________________________

RogueKiller:

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Kris [Admin rights]
Mode : Remove -- Date : 10/16/2012 05:09:32

Bad processes : 0

Registry Entries : 2
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

Extern Hives:
-> H:\Documents and Settings\Default User\NTUSER.DAT
-> H:\Documents and Settings\LocalService\NTUSER.DAT
-> H:\Documents and Settings\NetworkService\NTUSER.DAT
-> H:\Documents and Settings\Valued Customer\NTUSER.DAT

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: Hitachi HDS721050CLA SCSI Disk Device +++++
--- User ---
[MBR] 0dcdef0d2764889fd79c4b3152f72aef
[BSP] dfb46a35880101f644a5ef424753ac96 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25372672 | Size: 464550 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: USB-HS SAMSUNG SP2514N USB Device +++++
--- User ---
[MBR] 9e89d0d1c229e3a143d318e9440d243e
[BSP] 840fb7e6580e4bfd860b7197fe0ebbae : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Seagate FreeAgent GoFlex USB Device +++++
--- User ---
[MBR] c4a306033ebf2fdbd235f6fbab48599d
[BSP] bf737db5b44a2ea2b20dea93c21bdab5 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 16 October 2012 - 06:02 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 16 October 2012 - 06:39 AM

I have run ComboFix ... the log is posted below. The program did reboot the PC. I launched Firefox and did a Google search and the redirect is still there, sending me, I think, to budlu.com before redirecting me to something I did not click on. Grrrrrrr ... let me know the next steps. THANKS! Jim

________________________________

ComboFix 12-10-16.02 - Kris 10/16/2012 6:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2448 [GMT -5:00]
Running from: c:\shares\software and drivers\Anti-Virus Programs\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\{119E7EC3-7AC5-41E3-983E-AEF6073AE9BC}.xps
c:\users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\{252DB798-0E18-44D4-A177-893AD821B575}.xps
c:\users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\{71921C16-BA80-499F-A5C7-36B6D44D6501}.xps
c:\users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72FFCBA1-4ED7-4C0A-9E89-63B783A99075}.xps
c:\users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BA81827A-DAAE-47C8-A1C7-778762209C04}.xps
c:\users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CD67250E-FD00-4B79-B1C6-939F8F249D33}.xps
c:\windows\SysWow64\msstdfmt.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 11:25 . 2012-10-16 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 06:56 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B962CEB-8929-4D81-A307-8253685ED62B}\mpengine.dll
2012-10-15 16:13 . 2012-10-15 16:13 -------- d-----w- c:\users\Kris\AppData\Roaming\Malwarebytes
2012-10-15 16:13 . 2012-10-15 16:13 -------- d-----w- c:\programdata\Malwarebytes
2012-10-15 16:13 . 2012-10-15 16:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-15 16:13 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-10 06:53 . 2012-08-18 11:09 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 06:52 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 06:52 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 06:52 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 06:52 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 06:52 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 06:52 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-22 17:37 . 2012-09-22 17:37 -------- d-----w- c:\program files (x86)\Coupons
2012-09-17 08:15 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-09-17 08:15 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-09-17 08:09 . 2012-09-17 08:09 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-09-17 08:03 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-09-17 08:03 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-09-17 07:26 . 2012-09-17 07:26 -------- d-----w- c:\users\Kris\AppData\Local\Macromedia
2012-09-16 15:28 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-09-16 15:27 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-09-16 14:46 . 2012-10-09 16:49 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-16 14:46 . 2012-09-16 14:46 -------- d-----w- c:\windows\system32\Macromed
2012-09-16 14:26 . 2012-09-16 14:26 -------- d-----w- c:\program files\Microsoft Office
2012-09-16 14:26 . 2012-09-16 14:26 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-09-16 14:26 . 2012-09-16 14:26 -------- d-----w- c:\users\Kris\AppData\Local\Microsoft Help
2012-09-16 14:26 . 2012-10-10 08:04 -------- d-----w- c:\programdata\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 16:49 . 2011-12-29 14:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-18 11:19 . 2012-10-10 06:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-18 17:31 . 2012-08-16 00:35 3146752 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
"UVS12 Preload"="c:\program files (x86)\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-28 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-14 11576]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 16:49]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 21:33]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 21:33]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1378347193-2054418301-3286631809-1000Core.job
- c:\users\Kris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 21:13]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1378347193-2054418301-3286631809-1000UA.job
- c:\users\Kris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 21:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:11 176904 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://emachines.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2012-10-16 06:33:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-16 11:33
.
Pre-Run: 396,918,554,624 bytes free
Post-Run: 397,057,982,464 bytes free
.
- - End Of File - - 07275F364FD0F593F89261C33B9420CE

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 16 October 2012 - 12:55 PM

Greetings jimmyz12

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 16 October 2012 - 10:30 PM

Gringo, I have run both programs. TDSSKiller found nothing and so it gave me no opportunity to clean anything. I then ran aswMBR .... both logs are posted below:




22:27:10.0793 2676 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:27:11.0417 2676 ============================================================
22:27:11.0417 2676 Current date / time: 2012/10/16 22:27:11.0417
22:27:11.0417 2676 SystemInfo:
22:27:11.0417 2676
22:27:11.0417 2676 OS Version: 6.1.7600 ServicePack: 0.0
22:27:11.0417 2676 Product type: Workstation
22:27:11.0417 2676 ComputerName: KRIS-PC
22:27:11.0417 2676 UserName: Kris
22:27:11.0417 2676 Windows directory: C:\Windows
22:27:11.0417 2676 System windows directory: C:\Windows
22:27:11.0417 2676 Running under WOW64
22:27:11.0417 2676 Processor architecture: Intel x64
22:27:11.0417 2676 Number of processors: 2
22:27:11.0417 2676 Page size: 0x1000
22:27:11.0417 2676 Boot type: Normal boot
22:27:11.0417 2676 ============================================================
22:27:12.0275 2676 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:27:12.0322 2676 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:27:12.0322 2676 Drive \Device\Harddisk4\DR4 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:27:12.0338 2676 Drive \Device\Harddisk5\DR5 - Size: 0x98ABA0000 (38.17 Gb), SectorSize: 0x200, Cylinders: 0x1376, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:27:12.0338 2676 ============================================================
22:27:12.0338 2676 \Device\Harddisk0\DR0:
22:27:12.0338 2676 MBR partitions:
22:27:12.0353 2676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
22:27:12.0353 2676 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x38B53030
22:27:12.0353 2676 \Device\Harddisk1\DR1:
22:27:12.0353 2676 MBR partitions:
22:27:12.0353 2676 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
22:27:12.0353 2676 \Device\Harddisk4\DR4:
22:27:12.0353 2676 MBR partitions:
22:27:12.0353 2676 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
22:27:12.0353 2676 \Device\Harddisk5\DR5:
22:27:12.0353 2676 MBR partitions:
22:27:12.0353 2676 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C500F6
22:27:12.0353 2676 ============================================================
22:27:12.0400 2676 C: <-> \Device\Harddisk0\DR0\Partition2
22:27:12.0400 2676 E: <-> \Device\Harddisk1\DR1\Partition1
22:27:12.0431 2676 H: <-> \Device\Harddisk5\DR5\Partition1
22:27:12.0790 2676 I: <-> \Device\Harddisk4\DR4\Partition1
22:27:12.0790 2676 ============================================================
22:27:12.0790 2676 Initialize success
22:27:12.0790 2676 ============================================================
22:27:16.0128 3372 ============================================================
22:27:16.0128 3372 Scan started
22:27:16.0128 3372 Mode: Manual;
22:27:16.0128 3372 ============================================================
22:27:17.0236 3372 ================ Scan system memory ========================
22:27:17.0236 3372 System memory - ok
22:27:17.0236 3372 ================ Scan services =============================
22:27:17.0376 3372 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:27:17.0376 3372 1394ohci - ok
22:27:17.0423 3372 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:27:17.0423 3372 ACPI - ok
22:27:17.0439 3372 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:27:17.0439 3372 AcpiPmi - ok
22:27:17.0548 3372 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:27:17.0564 3372 AdobeFlashPlayerUpdateSvc - ok
22:27:17.0595 3372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:27:17.0610 3372 adp94xx - ok
22:27:17.0642 3372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:27:17.0642 3372 adpahci - ok
22:27:17.0673 3372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:27:17.0673 3372 adpu320 - ok
22:27:17.0688 3372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:27:17.0688 3372 AeLookupSvc - ok
22:27:17.0735 3372 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:27:17.0751 3372 AFD - ok
22:27:17.0782 3372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:27:17.0782 3372 agp440 - ok
22:27:17.0813 3372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:27:17.0813 3372 ALG - ok
22:27:17.0829 3372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:27:17.0829 3372 aliide - ok
22:27:17.0844 3372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:27:17.0844 3372 amdide - ok
22:27:17.0860 3372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:27:17.0860 3372 AmdK8 - ok
22:27:17.0891 3372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:27:17.0891 3372 AmdPPM - ok
22:27:17.0922 3372 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:27:17.0922 3372 amdsata - ok
22:27:17.0938 3372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:27:17.0938 3372 amdsbs - ok
22:27:17.0954 3372 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:27:17.0954 3372 amdxata - ok
22:27:17.0985 3372 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:27:17.0985 3372 AppID - ok
22:27:18.0000 3372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:27:18.0000 3372 AppIDSvc - ok
22:27:18.0016 3372 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:27:18.0016 3372 Appinfo - ok
22:27:18.0063 3372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:27:18.0063 3372 arc - ok
22:27:18.0078 3372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:27:18.0094 3372 arcsas - ok
22:27:18.0125 3372 [ B76182F203E0BD5EB6A5F6538F0FAEE4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:27:18.0125 3372 aswFsBlk - ok
22:27:18.0141 3372 [ A88E9544EDDA1CE83825DD22D6A8B5F9 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:27:18.0141 3372 aswMonFlt - ok
22:27:18.0156 3372 [ CFAD2FB33B22E7039C9DC233BAACBF8B ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
22:27:18.0156 3372 aswRdr - ok
22:27:18.0172 3372 [ 9638A3064B642410011B43A210276F55 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:27:18.0188 3372 aswSnx - ok
22:27:18.0188 3372 [ 594365E887F4A5AD3970870B352EB887 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:27:18.0203 3372 aswSP - ok
22:27:18.0219 3372 [ 4BA0A0E1D36F88F536180FFE5EFD8B7C ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:27:18.0219 3372 aswTdi - ok
22:27:18.0234 3372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:27:18.0234 3372 AsyncMac - ok
22:27:18.0266 3372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:27:18.0266 3372 atapi - ok
22:27:18.0312 3372 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:27:18.0328 3372 AudioEndpointBuilder - ok
22:27:18.0328 3372 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:27:18.0344 3372 AudioSrv - ok
22:27:18.0390 3372 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:27:18.0390 3372 avast! Antivirus - ok
22:27:18.0406 3372 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:27:18.0406 3372 avast! Mail Scanner - ok
22:27:18.0422 3372 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Web Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:27:18.0422 3372 avast! Web Scanner - ok
22:27:18.0437 3372 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:27:18.0437 3372 AxInstSV - ok
22:27:18.0468 3372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:27:18.0484 3372 b06bdrv - ok
22:27:18.0500 3372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:27:18.0500 3372 b57nd60a - ok
22:27:18.0531 3372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:27:18.0531 3372 BDESVC - ok
22:27:18.0546 3372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:27:18.0546 3372 Beep - ok
22:27:18.0593 3372 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:27:18.0593 3372 BFE - ok
22:27:18.0624 3372 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
22:27:18.0640 3372 BITS - ok
22:27:18.0671 3372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:27:18.0671 3372 blbdrive - ok
22:27:18.0734 3372 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:27:18.0734 3372 Bonjour Service - ok
22:27:18.0780 3372 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:27:18.0780 3372 bowser - ok
22:27:18.0827 3372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:27:18.0827 3372 BrFiltLo - ok
22:27:18.0843 3372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:27:18.0843 3372 BrFiltUp - ok
22:27:18.0890 3372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:27:18.0890 3372 BridgeMP - ok
22:27:18.0921 3372 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
22:27:18.0921 3372 Browser - ok
22:27:18.0952 3372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:27:18.0968 3372 Brserid - ok
22:27:18.0999 3372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:27:18.0999 3372 BrSerWdm - ok
22:27:19.0030 3372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:27:19.0030 3372 BrUsbMdm - ok
22:27:19.0046 3372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:27:19.0046 3372 BrUsbSer - ok
22:27:19.0061 3372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:27:19.0061 3372 BTHMODEM - ok
22:27:19.0092 3372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:27:19.0092 3372 bthserv - ok
22:27:19.0108 3372 catchme - ok
22:27:19.0124 3372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:27:19.0139 3372 cdfs - ok
22:27:19.0170 3372 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:27:19.0186 3372 cdrom - ok
22:27:19.0186 3372 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:27:19.0202 3372 CertPropSvc - ok
22:27:19.0217 3372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:27:19.0217 3372 circlass - ok
22:27:19.0248 3372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:27:19.0248 3372 CLFS - ok
22:27:19.0311 3372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:27:19.0311 3372 clr_optimization_v2.0.50727_32 - ok
22:27:19.0358 3372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:27:19.0358 3372 clr_optimization_v2.0.50727_64 - ok
22:27:19.0451 3372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:27:19.0467 3372 clr_optimization_v4.0.30319_32 - ok
22:27:19.0498 3372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:27:19.0498 3372 clr_optimization_v4.0.30319_64 - ok
22:27:19.0529 3372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:27:19.0529 3372 CmBatt - ok
22:27:19.0529 3372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:27:19.0529 3372 cmdide - ok
22:27:19.0576 3372 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:27:19.0592 3372 CNG - ok
22:27:19.0592 3372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:27:19.0592 3372 Compbatt - ok
22:27:19.0623 3372 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:27:19.0623 3372 CompositeBus - ok
22:27:19.0623 3372 COMSysApp - ok
22:27:19.0654 3372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:27:19.0654 3372 crcdisk - ok
22:27:19.0701 3372 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:27:19.0701 3372 CryptSvc - ok
22:27:19.0732 3372 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:27:19.0732 3372 DcomLaunch - ok
22:27:19.0763 3372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:27:19.0763 3372 defragsvc - ok
22:27:19.0826 3372 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:27:19.0826 3372 DfsC - ok
22:27:19.0826 3372 DgiVecp - ok
22:27:19.0857 3372 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:27:19.0857 3372 Dhcp - ok
22:27:19.0872 3372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:27:19.0872 3372 discache - ok
22:27:19.0904 3372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:27:19.0904 3372 Disk - ok
22:27:19.0935 3372 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:27:19.0935 3372 Dnscache - ok
22:27:19.0966 3372 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:27:19.0966 3372 dot3svc - ok
22:27:19.0982 3372 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:27:19.0982 3372 DPS - ok
22:27:20.0013 3372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:27:20.0013 3372 drmkaud - ok
22:27:20.0060 3372 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:27:20.0075 3372 DXGKrnl - ok
22:27:20.0091 3372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:27:20.0091 3372 EapHost - ok
22:27:20.0153 3372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:27:20.0169 3372 ebdrv - ok
22:27:20.0200 3372 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:27:20.0216 3372 EFS - ok
22:27:20.0262 3372 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:27:20.0278 3372 ehRecvr - ok
22:27:20.0309 3372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:27:20.0309 3372 ehSched - ok
22:27:20.0340 3372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:27:20.0340 3372 elxstor - ok
22:27:20.0356 3372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:27:20.0356 3372 ErrDev - ok
22:27:20.0387 3372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:27:20.0387 3372 EventSystem - ok
22:27:20.0418 3372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:27:20.0418 3372 exfat - ok
22:27:20.0434 3372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:27:20.0434 3372 fastfat - ok
22:27:20.0465 3372 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:27:20.0481 3372 Fax - ok
22:27:20.0496 3372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:27:20.0496 3372 fdc - ok
22:27:20.0528 3372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:27:20.0528 3372 fdPHost - ok
22:27:20.0543 3372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:27:20.0543 3372 FDResPub - ok
22:27:20.0559 3372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:27:20.0559 3372 FileInfo - ok
22:27:20.0574 3372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:27:20.0574 3372 Filetrace - ok
22:27:20.0668 3372 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:27:20.0668 3372 FLEXnet Licensing Service - ok
22:27:20.0699 3372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:27:20.0699 3372 flpydisk - ok
22:27:20.0715 3372 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:27:20.0730 3372 FltMgr - ok
22:27:20.0777 3372 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
22:27:20.0793 3372 FontCache - ok
22:27:20.0840 3372 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:27:20.0840 3372 FontCache3.0.0.0 - ok
22:27:20.0933 3372 [ 52B58A46BEEFB238C580B69FD051CB5B ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
22:27:20.0933 3372 ForceWare Intelligent Application Manager (IAM) - ok
22:27:20.0964 3372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:27:20.0964 3372 FsDepends - ok
22:27:21.0011 3372 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:27:21.0011 3372 Fs_Rec - ok
22:27:21.0058 3372 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:27:21.0058 3372 fvevol - ok
22:27:21.0089 3372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:27:21.0089 3372 gagp30kx - ok
22:27:21.0152 3372 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
22:27:21.0167 3372 GameConsoleService - ok
22:27:21.0198 3372 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:27:21.0214 3372 gpsvc - ok
22:27:21.0261 3372 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
22:27:21.0261 3372 GREGService - ok
22:27:21.0339 3372 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:27:21.0339 3372 gupdate - ok
22:27:21.0354 3372 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:27:21.0370 3372 gupdatem - ok
22:27:21.0401 3372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:27:21.0401 3372 hcw85cir - ok
22:27:21.0417 3372 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:27:21.0432 3372 HdAudAddService - ok
22:27:21.0448 3372 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:27:21.0448 3372 HDAudBus - ok
22:27:21.0464 3372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:27:21.0464 3372 HidBatt - ok
22:27:21.0479 3372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:27:21.0479 3372 HidBth - ok
22:27:21.0479 3372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:27:21.0479 3372 HidIr - ok
22:27:21.0510 3372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:27:21.0510 3372 hidserv - ok
22:27:21.0542 3372 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:27:21.0542 3372 HidUsb - ok
22:27:21.0573 3372 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:27:21.0573 3372 hkmsvc - ok
22:27:21.0588 3372 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:27:21.0588 3372 HomeGroupListener - ok
22:27:21.0604 3372 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:27:21.0604 3372 HomeGroupProvider - ok
22:27:21.0635 3372 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:27:21.0635 3372 HpSAMD - ok
22:27:21.0651 3372 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:27:21.0666 3372 HTTP - ok
22:27:21.0682 3372 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:27:21.0682 3372 hwpolicy - ok
22:27:21.0698 3372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:27:21.0698 3372 i8042prt - ok
22:27:21.0713 3372 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:27:21.0713 3372 iaStorV - ok
22:27:21.0744 3372 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:27:21.0744 3372 idsvc - ok
22:27:21.0760 3372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:27:21.0760 3372 iirsp - ok
22:27:21.0791 3372 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:27:21.0791 3372 IKEEXT - ok
22:27:21.0854 3372 [ 2E3B99E8C23BE2BF32EBE1DB5261F275 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:27:21.0869 3372 IntcAzAudAddService - ok
22:27:21.0885 3372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:27:21.0885 3372 intelide - ok
22:27:21.0916 3372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:27:21.0916 3372 intelppm - ok
22:27:21.0932 3372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:27:21.0947 3372 IPBusEnum - ok
22:27:21.0947 3372 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:27:21.0947 3372 IpFilterDriver - ok
22:27:21.0963 3372 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:27:21.0978 3372 iphlpsvc - ok
22:27:21.0994 3372 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:27:21.0994 3372 IPMIDRV - ok
22:27:22.0010 3372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:27:22.0010 3372 IPNAT - ok
22:27:22.0041 3372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:27:22.0041 3372 IRENUM - ok
22:27:22.0041 3372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:27:22.0041 3372 isapnp - ok
22:27:22.0056 3372 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:27:22.0056 3372 iScsiPrt - ok
22:27:22.0088 3372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:27:22.0088 3372 kbdclass - ok
22:27:22.0103 3372 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:27:22.0103 3372 kbdhid - ok
22:27:22.0119 3372 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:27:22.0119 3372 KeyIso - ok
22:27:22.0150 3372 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:27:22.0166 3372 KSecDD - ok
22:27:22.0181 3372 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:27:22.0181 3372 KSecPkg - ok
22:27:22.0197 3372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:27:22.0197 3372 ksthunk - ok
22:27:22.0228 3372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:27:22.0244 3372 KtmRm - ok
22:27:22.0337 3372 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:27:22.0353 3372 LanmanServer - ok
22:27:22.0384 3372 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:27:22.0400 3372 LanmanWorkstation - ok
22:27:22.0431 3372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:27:22.0431 3372 lltdio - ok
22:27:22.0478 3372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:27:22.0478 3372 lltdsvc - ok
22:27:22.0509 3372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:27:22.0509 3372 lmhosts - ok
22:27:22.0602 3372 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
22:27:22.0602 3372 LMIGuardianSvc - ok
22:27:22.0634 3372 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
22:27:22.0634 3372 LMIInfo - ok
22:27:22.0665 3372 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
22:27:22.0665 3372 LMIMaint - ok
22:27:22.0712 3372 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
22:27:22.0712 3372 lmimirr - ok
22:27:22.0727 3372 LMIRfsClientNP - ok
22:27:22.0743 3372 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
22:27:22.0758 3372 LMIRfsDriver - ok
22:27:22.0774 3372 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
22:27:22.0790 3372 LogMeIn - ok
22:27:22.0805 3372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:27:22.0805 3372 LSI_FC - ok
22:27:22.0821 3372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:27:22.0821 3372 LSI_SAS - ok
22:27:22.0836 3372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:27:22.0836 3372 LSI_SAS2 - ok
22:27:22.0852 3372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:27:22.0852 3372 LSI_SCSI - ok
22:27:22.0868 3372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:27:22.0868 3372 luafv - ok
22:27:22.0914 3372 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:27:22.0914 3372 MBAMProtector - ok
22:27:22.0961 3372 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:27:22.0977 3372 MBAMScheduler - ok
22:27:22.0992 3372 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:27:23.0008 3372 MBAMService - ok
22:27:23.0039 3372 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:27:23.0039 3372 Mcx2Svc - ok
22:27:23.0055 3372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:27:23.0055 3372 megasas - ok
22:27:23.0086 3372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:27:23.0086 3372 MegaSR - ok
22:27:23.0102 3372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:27:23.0117 3372 MMCSS - ok
22:27:23.0117 3372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:27:23.0117 3372 Modem - ok
22:27:23.0148 3372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:27:23.0148 3372 monitor - ok
22:27:23.0148 3372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:27:23.0148 3372 mouclass - ok
22:27:23.0180 3372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:27:23.0180 3372 mouhid - ok
22:27:23.0180 3372 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:27:23.0180 3372 mountmgr - ok
22:27:23.0242 3372 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:27:23.0242 3372 MozillaMaintenance - ok
22:27:23.0258 3372 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:27:23.0258 3372 mpio - ok
22:27:23.0382 3372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:27:23.0382 3372 mpsdrv - ok
22:27:23.0585 3372 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:27:23.0585 3372 MpsSvc - ok
22:27:23.0601 3372 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:27:23.0601 3372 MRxDAV - ok
22:27:23.0632 3372 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:27:23.0632 3372 mrxsmb - ok
22:27:23.0694 3372 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:27:23.0694 3372 mrxsmb10 - ok
22:27:23.0710 3372 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:27:23.0710 3372 mrxsmb20 - ok
22:27:23.0741 3372 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:27:23.0741 3372 msahci - ok
22:27:23.0757 3372 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:27:23.0757 3372 msdsm - ok
22:27:23.0772 3372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:27:23.0788 3372 MSDTC - ok
22:27:23.0804 3372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:27:23.0804 3372 Msfs - ok
22:27:23.0819 3372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:27:23.0819 3372 mshidkmdf - ok
22:27:23.0835 3372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:27:23.0835 3372 msisadrv - ok
22:27:23.0882 3372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:27:23.0882 3372 MSiSCSI - ok
22:27:23.0882 3372 msiserver - ok
22:27:23.0913 3372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:27:23.0913 3372 MSKSSRV - ok
22:27:23.0928 3372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:27:23.0928 3372 MSPCLOCK - ok
22:27:23.0944 3372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:27:23.0944 3372 MSPQM - ok
22:27:23.0960 3372 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:27:23.0960 3372 MsRPC - ok
22:27:23.0960 3372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:27:23.0975 3372 mssmbios - ok
22:27:23.0975 3372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:27:23.0975 3372 MSTEE - ok
22:27:23.0975 3372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:27:23.0975 3372 MTConfig - ok
22:27:23.0991 3372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:27:23.0991 3372 Mup - ok
22:27:24.0022 3372 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:27:24.0022 3372 napagent - ok
22:27:24.0053 3372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:27:24.0053 3372 NativeWifiP - ok
22:27:24.0084 3372 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:27:24.0100 3372 NDIS - ok
22:27:24.0100 3372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:27:24.0100 3372 NdisCap - ok
22:27:24.0116 3372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:27:24.0116 3372 NdisTapi - ok
22:27:24.0131 3372 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:27:24.0131 3372 Ndisuio - ok
22:27:24.0147 3372 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:27:24.0147 3372 NdisWan - ok
22:27:24.0147 3372 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:27:24.0147 3372 NDProxy - ok
22:27:24.0194 3372 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
22:27:24.0209 3372 Nero BackItUp Scheduler 4.0 - ok
22:27:24.0240 3372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:27:24.0240 3372 NetBIOS - ok
22:27:24.0256 3372 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:27:24.0256 3372 NetBT - ok
22:27:24.0272 3372 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:27:24.0272 3372 Netlogon - ok
22:27:24.0318 3372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:27:24.0318 3372 Netman - ok
22:27:24.0334 3372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:27:24.0350 3372 netprofm - ok
22:27:24.0365 3372 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:27:24.0365 3372 NetTcpPortSharing - ok
22:27:24.0396 3372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:27:24.0396 3372 nfrd960 - ok
22:27:24.0490 3372 [ 61EDEE7F29249640A3CF8D7A23E917CC ] NitroReaderDriverReadSpool C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
22:27:24.0490 3372 NitroReaderDriverReadSpool - ok
22:27:24.0537 3372 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:27:24.0537 3372 NlaSvc - ok
22:27:24.0552 3372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:27:24.0552 3372 Npfs - ok
22:27:24.0584 3372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:27:24.0584 3372 nsi - ok
22:27:24.0599 3372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:27:24.0599 3372 nsiproxy - ok
22:27:24.0630 3372 [ 20E179A7FE78B37A02D30C4D34C870E7 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
22:27:24.0630 3372 nSvcIp - ok
22:27:24.0708 3372 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:27:24.0740 3372 Ntfs - ok
22:27:24.0755 3372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:27:24.0755 3372 Null - ok
22:27:24.0786 3372 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
22:27:24.0786 3372 NVENETFD - ok
22:27:25.0005 3372 [ 4628FA8F0CC0D509BC14A223E99D36F3 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:27:25.0192 3372 nvlddmkm - ok
22:27:25.0239 3372 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
22:27:25.0254 3372 NVNET - ok
22:27:25.0301 3372 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:27:25.0301 3372 nvraid - ok
22:27:25.0317 3372 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:27:25.0317 3372 nvstor - ok
22:27:25.0348 3372 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
22:27:25.0348 3372 nvstor64 - ok
22:27:25.0364 3372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:27:25.0379 3372 nv_agp - ok
22:27:25.0379 3372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:27:25.0379 3372 ohci1394 - ok
22:27:25.0426 3372 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:27:25.0426 3372 ose - ok
22:27:25.0598 3372 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:27:25.0644 3372 osppsvc - ok
22:27:25.0676 3372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:27:25.0691 3372 p2pimsvc - ok
22:27:25.0707 3372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:27:25.0707 3372 p2psvc - ok
22:27:25.0738 3372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:27:25.0738 3372 Parport - ok
22:27:25.0769 3372 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:27:25.0785 3372 partmgr - ok
22:27:25.0800 3372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:27:25.0816 3372 PcaSvc - ok
22:27:25.0847 3372 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:27:25.0847 3372 pci - ok
22:27:25.0863 3372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:27:25.0878 3372 pciide - ok
22:27:25.0894 3372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:27:25.0894 3372 pcmcia - ok
22:27:25.0894 3372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:27:25.0894 3372 pcw - ok
22:27:25.0910 3372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:27:25.0925 3372 PEAUTH - ok
22:27:25.0988 3372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:27:26.0003 3372 PerfHost - ok
22:27:26.0034 3372 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:27:26.0050 3372 pla - ok
22:27:26.0097 3372 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:27:26.0112 3372 PlugPlay - ok
22:27:26.0128 3372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:27:26.0128 3372 PNRPAutoReg - ok
22:27:26.0144 3372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:27:26.0159 3372 PNRPsvc - ok
22:27:26.0190 3372 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:27:26.0190 3372 PolicyAgent - ok
22:27:26.0222 3372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:27:26.0237 3372 Power - ok
22:27:26.0268 3372 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:27:26.0268 3372 PptpMiniport - ok
22:27:26.0284 3372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:27:26.0284 3372 Processor - ok
22:27:26.0331 3372 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
22:27:26.0331 3372 ProfSvc - ok
22:27:26.0346 3372 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:27:26.0346 3372 ProtectedStorage - ok
22:27:26.0362 3372 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:27:26.0362 3372 Psched - ok
22:27:26.0409 3372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:27:26.0440 3372 ql2300 - ok
22:27:26.0456 3372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:27:26.0456 3372 ql40xx - ok
22:27:26.0471 3372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:27:26.0487 3372 QWAVE - ok
22:27:26.0502 3372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:27:26.0502 3372 QWAVEdrv - ok
22:27:26.0518 3372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:27:26.0518 3372 RasAcd - ok
22:27:26.0549 3372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:27:26.0549 3372 RasAgileVpn - ok
22:27:26.0565 3372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:27:26.0580 3372 RasAuto - ok
22:27:26.0596 3372 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:27:26.0596 3372 Rasl2tp - ok
22:27:26.0612 3372 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:27:26.0612 3372 RasMan - ok
22:27:26.0627 3372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:27:26.0627 3372 RasPppoe - ok
22:27:26.0627 3372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:27:26.0627 3372 RasSstp - ok
22:27:26.0643 3372 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:27:26.0643 3372 rdbss - ok
22:27:26.0658 3372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:27:26.0658 3372 rdpbus - ok
22:27:26.0674 3372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:27:26.0674 3372 RDPCDD - ok
22:27:26.0690 3372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:27:26.0690 3372 RDPENCDD - ok
22:27:26.0705 3372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:27:26.0705 3372 RDPREFMP - ok
22:27:26.0752 3372 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:27:26.0752 3372 RDPWD - ok
22:27:26.0768 3372 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:27:26.0768 3372 rdyboost - ok
22:27:26.0799 3372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:27:26.0799 3372 RemoteAccess - ok
22:27:26.0814 3372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:27:26.0814 3372 RemoteRegistry - ok
22:27:26.0846 3372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:27:26.0846 3372 RpcEptMapper - ok
22:27:26.0846 3372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:27:26.0846 3372 RpcLocator - ok
22:27:26.0861 3372 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll
22:27:26.0877 3372 RpcSs - ok
22:27:26.0892 3372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:27:26.0892 3372 rspndr - ok
22:27:26.0908 3372 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:27:26.0908 3372 SamSs - ok
22:27:26.0924 3372 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:27:26.0924 3372 sbp2port - ok
22:27:26.0939 3372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:27:26.0939 3372 SCardSvr - ok
22:27:26.0955 3372 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:27:26.0955 3372 scfilter - ok
22:27:27.0002 3372 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:27:27.0033 3372 Schedule - ok
22:27:27.0048 3372 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:27:27.0048 3372 SCPolicySvc - ok
22:27:27.0080 3372 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:27:27.0080 3372 SDRSVC - ok
22:27:27.0111 3372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:27:27.0111 3372 secdrv - ok
22:27:27.0126 3372 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:27:27.0126 3372 seclogon - ok
22:27:27.0142 3372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:27:27.0142 3372 SENS - ok
22:27:27.0173 3372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:27:27.0173 3372 SensrSvc - ok
22:27:27.0204 3372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:27:27.0204 3372 Serenum - ok
22:27:27.0220 3372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:27:27.0220 3372 Serial - ok
22:27:27.0251 3372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:27:27.0251 3372 sermouse - ok
22:27:27.0267 3372 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:27:27.0267 3372 SessionEnv - ok
22:27:27.0282 3372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:27:27.0282 3372 sffdisk - ok
22:27:27.0298 3372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:27:27.0298 3372 sffp_mmc - ok
22:27:27.0298 3372 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:27:27.0298 3372 sffp_sd - ok
22:27:27.0314 3372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:27:27.0314 3372 sfloppy - ok
22:27:27.0329 3372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:27:27.0345 3372 SharedAccess - ok
22:27:27.0360 3372 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:27:27.0360 3372 ShellHWDetection - ok
22:27:27.0392 3372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:27:27.0392 3372 SiSRaid2 - ok
22:27:27.0407 3372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:27:27.0407 3372 SiSRaid4 - ok
22:27:27.0423 3372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:27:27.0423 3372 Smb - ok
22:27:27.0454 3372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:27:27.0454 3372 SNMPTRAP - ok
22:27:27.0470 3372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:27:27.0470 3372 spldr - ok
22:27:27.0501 3372 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
22:27:27.0516 3372 Spooler - ok
22:27:27.0563 3372 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:27:27.0610 3372 sppsvc - ok
22:27:27.0610 3372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:27:27.0626 3372 sppuinotify - ok
22:27:27.0657 3372 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:27:27.0657 3372 srv - ok
22:27:27.0688 3372 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:27:27.0688 3372 srv2 - ok
22:27:27.0704 3372 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:27:27.0719 3372 srvnet - ok
22:27:27.0750 3372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:27:27.0750 3372 SSDPSRV - ok
22:27:27.0782 3372 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
22:27:27.0782 3372 SSPORT - ok
22:27:27.0797 3372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:27:27.0797 3372 SstpSvc - ok
22:27:27.0828 3372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:27:27.0828 3372 stexstor - ok
22:27:27.0844 3372 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:27:27.0860 3372 stisvc - ok
22:27:27.0875 3372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:27:27.0875 3372 swenum - ok
22:27:27.0906 3372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:27:27.0922 3372 swprv - ok
22:27:27.0953 3372 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:27:27.0969 3372 SysMain - ok
22:27:27.0969 3372 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:27:27.0969 3372 TabletInputService - ok
22:27:27.0984 3372 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:27:28.0000 3372 TapiSrv - ok
22:27:28.0016 3372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:27:28.0016 3372 TBS - ok
22:27:28.0094 3372 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:27:28.0125 3372 Tcpip - ok
22:27:28.0156 3372 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:27:28.0172 3372 TCPIP6 - ok
22:27:28.0203 3372 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:27:28.0203 3372 tcpipreg - ok
22:27:28.0234 3372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:27:28.0234 3372 TDPIPE - ok
22:27:28.0265 3372 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:27:28.0265 3372 TDTCP - ok
22:27:28.0281 3372 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:27:28.0281 3372 tdx - ok
22:27:28.0296 3372 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:27:28.0296 3372 TermDD - ok
22:27:28.0328 3372 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:27:28.0343 3372 TermService - ok
22:27:28.0343 3372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:27:28.0359 3372 Themes - ok
22:27:28.0359 3372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:27:28.0359 3372 THREADORDER - ok
22:27:28.0390 3372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:27:28.0390 3372 TrkWks - ok
22:27:28.0421 3372 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:27:28.0421 3372 TrustedInstaller - ok
22:27:28.0452 3372 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:27:28.0452 3372 tssecsrv - ok
22:27:28.0484 3372 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:27:28.0484 3372 tunnel - ok
22:27:28.0499 3372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:27:28.0515 3372 uagp35 - ok
22:27:28.0530 3372 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:27:28.0530 3372 udfs - ok
22:27:28.0562 3372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:27:28.0562 3372 UI0Detect - ok
22:27:28.0593 3372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:27:28.0593 3372 uliagpkx - ok
22:27:28.0608 3372 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:27:28.0624 3372 umbus - ok
22:27:28.0624 3372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:27:28.0624 3372 UmPass - ok
22:27:28.0686 3372 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
22:27:28.0686 3372 Updater Service - ok
22:27:28.0718 3372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:27:28.0733 3372 upnphost - ok
22:27:28.0780 3372 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:27:28.0780 3372 usbccgp - ok
22:27:28.0811 3372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:27:28.0827 3372 usbcir - ok
22:27:28.0842 3372 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:27:28.0842 3372 usbehci - ok
22:27:28.0889 3372 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:27:28.0889 3372 usbhub - ok
22:27:28.0905 3372 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:27:28.0905 3372 usbohci - ok
22:27:28.0936 3372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:27:28.0936 3372 usbprint - ok
22:27:28.0983 3372 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:27:28.0998 3372 usbscan - ok
22:27:29.0030 3372 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:27:29.0030 3372 USBSTOR - ok
22:27:29.0045 3372 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:27:29.0045 3372 usbuhci - ok
22:27:29.0076 3372 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:27:29.0076 3372 usbvideo - ok
22:27:29.0108 3372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:27:29.0123 3372 UxSms - ok
22:27:29.0139 3372 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:27:29.0139 3372 VaultSvc - ok
22:27:29.0186 3372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:27:29.0186 3372 vdrvroot - ok
22:27:29.0201 3372 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:27:29.0232 3372 vds - ok
22:27:29.0248 3372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:27:29.0248 3372 vga - ok
22:27:29.0264 3372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:27:29.0264 3372 VgaSave - ok
22:27:29.0279 3372 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:27:29.0279 3372 vhdmp - ok
22:27:29.0295 3372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:27:29.0295 3372 viaide - ok
22:27:29.0310 3372 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:27:29.0310 3372 volmgr - ok
22:27:29.0310 3372 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:27:29.0310 3372 volmgrx - ok
22:27:29.0326 3372 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:27:29.0326 3372 volsnap - ok
22:27:29.0342 3372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:27:29.0342 3372 vsmraid - ok
22:27:29.0388 3372 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:27:29.0404 3372 VSS - ok
22:27:29.0420 3372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:27:29.0435 3372 vwifibus - ok
22:27:29.0451 3372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:27:29.0451 3372 W32Time - ok
22:27:29.0466 3372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:27:29.0466 3372 WacomPen - ok
22:27:29.0482 3372 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:27:29.0482 3372 WANARP - ok
22:27:29.0482 3372 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:27:29.0482 3372 Wanarpv6 - ok
22:27:29.0560 3372 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:27:29.0591 3372 WatAdminSvc - ok
22:27:29.0622 3372 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:27:29.0638 3372 wbengine - ok
22:27:29.0654 3372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:27:29.0654 3372 WbioSrvc - ok
22:27:29.0700 3372 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:27:29.0716 3372 wcncsvc - ok
22:27:29.0732 3372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:27:29.0747 3372 WcsPlugInService - ok
22:27:29.0763 3372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:27:29.0763 3372 Wd - ok
22:27:29.0794 3372 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
22:27:29.0794 3372 WDC_SAM - ok
22:27:29.0825 3372 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:27:29.0825 3372 Wdf01000 - ok
22:27:29.0841 3372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:27:29.0841 3372 WdiServiceHost - ok
22:27:29.0841 3372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:27:29.0856 3372 WdiSystemHost - ok
22:27:29.0888 3372 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:27:29.0888 3372 WebClient - ok
22:27:29.0919 3372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:27:29.0919 3372 Wecsvc - ok
22:27:29.0934 3372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:27:29.0934 3372 wercplsupport - ok
22:27:29.0950 3372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:27:29.0966 3372 WerSvc - ok
22:27:29.0981 3372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:27:29.0997 3372 WfpLwf - ok
22:27:29.0997 3372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:27:29.0997 3372 WIMMount - ok
22:27:30.0012 3372 WinDefend - ok
22:27:30.0012 3372 WinHttpAutoProxySvc - ok
22:27:30.0059 3372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:27:30.0075 3372 Winmgmt - ok
22:27:30.0137 3372 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:27:30.0168 3372 WinRM - ok
22:27:30.0200 3372 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:27:30.0215 3372 WinUsb - ok
22:27:30.0246 3372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:27:30.0246 3372 Wlansvc - ok
22:27:30.0262 3372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:27:30.0278 3372 WmiAcpi - ok
22:27:30.0309 3372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:27:30.0309 3372 wmiApSrv - ok
22:27:30.0324 3372 WMPNetworkSvc - ok
22:27:30.0356 3372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:27:30.0356 3372 WPCSvc - ok
22:27:30.0371 3372 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:27:30.0371 3372 WPDBusEnum - ok
22:27:30.0387 3372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:27:30.0402 3372 ws2ifsl - ok
22:27:30.0434 3372 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
22:27:30.0434 3372 wscsvc - ok
22:27:30.0449 3372 WSearch - ok
22:27:30.0543 3372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:27:30.0574 3372 wuauserv - ok
22:27:30.0574 3372 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:27:30.0574 3372 WudfPf - ok
22:27:30.0590 3372 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:27:30.0590 3372 WUDFRd - ok
22:27:30.0621 3372 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:27:30.0621 3372 wudfsvc - ok
22:27:30.0636 3372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:27:30.0636 3372 WwanSvc - ok
22:27:30.0652 3372 ================ Scan global ===============================
22:27:30.0668 3372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:27:30.0699 3372 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
22:27:30.0714 3372 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
22:27:30.0746 3372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:27:30.0746 3372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:27:30.0761 3372 [Global] - ok
22:27:30.0761 3372 ================ Scan MBR ==================================
22:27:30.0777 3372 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:27:31.0136 3372 \Device\Harddisk0\DR0 - ok
22:27:31.0136 3372 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
22:27:31.0151 3372 \Device\Harddisk1\DR1 - ok
22:27:31.0167 3372 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
22:27:31.0167 3372 \Device\Harddisk4\DR4 - ok
22:27:31.0182 3372 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
22:27:31.0760 3372 \Device\Harddisk5\DR5 - ok
22:27:31.0760 3372 ================ Scan VBR ==================================
22:27:31.0760 3372 [ 324DDBFF75EBD58BCABC2690EC215414 ] \Device\Harddisk0\DR0\Partition1
22:27:31.0760 3372 \Device\Harddisk0\DR0\Partition1 - ok
22:27:31.0775 3372 [ 45BB1F70055A2D315A55E8E45161AC54 ] \Device\Harddisk0\DR0\Partition2
22:27:31.0806 3372 \Device\Harddisk0\DR0\Partition2 - ok
22:27:31.0806 3372 [ D5C1E52812E2A0C2F64FEEE9A41F4E91 ] \Device\Harddisk1\DR1\Partition1
22:27:31.0806 3372 \Device\Harddisk1\DR1\Partition1 - ok
22:27:31.0822 3372 [ FD29F208B9307284E183A052E5C7A2ED ] \Device\Harddisk4\DR4\Partition1
22:27:31.0822 3372 \Device\Harddisk4\DR4\Partition1 - ok
22:27:31.0822 3372 [ 84E4C0700DA8E297B21C2DD8AC958123 ] \Device\Harddisk5\DR5\Partition1
22:27:31.0822 3372 \Device\Harddisk5\DR5\Partition1 - ok
22:27:31.0822 3372 ============================================================
22:27:31.0822 3372 Scan finished
22:27:31.0822 3372 ============================================================
22:27:31.0838 3344 Detected object count: 0
22:27:31.0838 3344 Actual detected object count: 0


---------------------------------------------

aswMBR log:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-16 21:56:38
-----------------------------
21:56:38.484 OS Version: Windows x64 6.1.7600
21:56:38.484 Number of processors: 2 586 0x603
21:56:38.484 ComputerName: KRIS-PC UserName: Kris
21:57:00.854 Initialize success
21:57:01.026 AVAST engine defs: 12101601
21:57:25.377 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
21:57:25.377 Disk 0 Vendor: Hitachi_ JP2O Size: 476940MB BusType: 3
21:57:25.409 Disk 0 MBR read successfully
21:57:25.409 Disk 0 MBR scan
21:57:25.409 Disk 0 Windows 7 default MBR code
21:57:25.440 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
21:57:25.471 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
21:57:25.518 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464550 MB offset 25372672
21:57:25.565 Disk 0 scanning C:\Windows\system32\drivers
21:57:43.770 Service scanning
21:59:10.069 Modules scanning
21:59:10.085 Disk 0 trace - called modules:
21:59:10.131 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
21:59:10.646 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f95f0]
21:59:10.646 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa80041ed7a0]
21:59:10.662 5 ACPI.sys[fffff88000f55781] -> nt!IofCallDriver -> \Device\00000058[0xfffffa80041e93e0]
21:59:18.415 AVAST engine scan C:\Windows
21:59:28.430 AVAST engine scan C:\Windows\system32
22:01:11.453 AVAST engine scan C:\Windows\system32\drivers
22:01:18.660 AVAST engine scan C:\Users\Kris
22:10:13.344 AVAST engine scan C:\ProgramData
22:11:10.877 Scan finished successfully
22:22:44.054 Disk 0 MBR has been saved successfully to "C:\shares\software and drivers\Anti-Virus Programs\MBR.dat"
22:22:44.069 The log file has been saved successfully to "C:\shares\software and drivers\Anti-Virus Programs\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 16 October 2012 - 10:39 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 17 October 2012 - 04:01 PM

Gringo .... thanks for the help so far! Here is the report from OTL:

OTL logfile created on: 10/17/2012 3:35:01 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\shares\software and drivers\Anti-Virus Programs
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 53.68% Memory free
7.50 Gb Paging File | 5.85 Gb Available in Paging File | 78.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 367.38 Gb Free Space | 80.98% Space Free | Partition Type: NTFS
Drive D: | 2.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 232.83 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: FAT32
Drive H: | 38.16 Gb Total Space | 9.83 Gb Free Space | 25.75% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 385.45 Gb Free Space | 82.76% Space Free | Partition Type: NTFS

Computer Name: KRIS-PC | User Name: Kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\shares\software and drivers\Anti-Virus Programs\TDSSKiller.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\shares\software and drivers\Anti-Virus Programs\OTL.exe (OldTimer Tools)
PRC - C:\shares\software and drivers\Anti-Virus Programs\aswMBR.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\12101601\algo.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
MOD - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (NitroReaderDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe (Nitro PDF Software)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1378347193-2054418301-3286631809-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE - HKU\S-1-5-21-1378347193-2054418301-3286631809-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1378347193-2054418301-3286631809-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1378347193-2054418301-3286631809-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: ixtnlzeivf@ixtnlzeivf.org:1.0
FF - prefs.js..extensions.enabledAddons: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.171
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Kris\AppData\Local\Roblox\Versions\version-14148f7d00f24d47\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/12 03:40:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/12 03:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/17 16:14:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/12 03:40:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/12 03:40:03 | 000,000,000 | ---D | M]

[2011/01/04 21:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kris\AppData\Roaming\Mozilla\Extensions
[2011/01/04 21:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kris\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/30 11:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\extensions
[2012/06/30 11:51:04 | 000,000,000 | ---D | M] () -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/05/01 06:19:57 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\extensions\ixtnlzeivf@ixtnlzeivf.org.xpi
[2012/10/12 03:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/12 03:40:07 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/20 11:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/01/06 17:46:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/20 11:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/09/05 12:03:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 03:40:07 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kris\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Kris\AppData\Local\Roblox\Versions\version-14148f7d00f24d47\\NPRobloxProxy.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
CHR - Extension: YouTube = C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/16 06:28:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe (Corel TW Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1378347193-2054418301-3286631809-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1378347193-2054418301-3286631809-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1378347193-2054418301-3286631809-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1378347193-2054418301-3286631809-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1378347193-2054418301-3286631809-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1378347193-2054418301-3286631809-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{068BA458-B45C-47FE-A520-7FA3691B0CDC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/13 11:17:36 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2002/09/03 15:49:17 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/16 06:28:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/16 06:25:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/16 06:18:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/16 06:18:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/16 06:18:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/16 06:18:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/16 06:18:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/16 05:08:51 | 000,000,000 | ---D | C] -- C:\Users\Kris\Desktop\RK_Quarantine
[2012/10/15 11:13:58 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Malwarebytes
[2012/10/15 11:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/15 11:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/15 11:13:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/15 11:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/12 03:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/10 01:54:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 01:54:05 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/10 01:54:04 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/10 01:54:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/10 01:54:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/10 01:54:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/10 01:54:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/10 01:54:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/10 01:54:01 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/10 01:54:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/10 01:54:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/10 01:54:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/10 01:54:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/10 01:53:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 01:53:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 01:53:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 01:53:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 01:53:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 01:53:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 01:53:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 01:53:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 01:53:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 01:53:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 01:53:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 01:53:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 01:53:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 01:53:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 01:53:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 01:53:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 01:53:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 01:53:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 01:53:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 01:53:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 01:53:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 01:53:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 01:53:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 01:53:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 01:53:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 01:53:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 01:53:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 01:53:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 01:53:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 01:53:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 01:53:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 01:53:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 01:53:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 01:53:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 01:53:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 01:53:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 01:53:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 01:53:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 01:53:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 01:53:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 01:53:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 01:53:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 01:53:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 01:53:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 01:53:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/10 01:53:29 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 01:53:27 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 01:53:26 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 01:52:48 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 01:52:47 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/09/22 12:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/09/22 12:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/09/22 03:00:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 03:00:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 03:00:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 03:00:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 03:00:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 03:00:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 03:00:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 03:00:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 03:00:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 03:00:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 03:00:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 03:00:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 03:00:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 03:00:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 03:00:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

========== Files - Modified Within 30 Days ==========

[2012/10/17 15:38:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1378347193-2054418301-3286631809-1000UA.job
[2012/10/17 14:48:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 14:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/16 19:48:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/16 16:38:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1378347193-2054418301-3286631809-1000Core.job
[2012/10/16 06:36:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/16 06:36:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/16 06:33:21 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/16 06:33:21 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/16 06:33:21 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/16 06:28:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/16 06:27:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/16 06:27:31 | 3019,399,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/15 22:12:19 | 000,000,000 | ---- | M] () -- C:\Users\Kris\defogger_reenable
[2012/10/15 11:13:53 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/13 01:52:48 | 000,002,057 | ---- | M] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/10 14:50:31 | 000,002,387 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/09 11:49:02 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 11:49:02 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/10/16 06:18:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/16 06:18:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/16 06:18:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/16 06:18:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/16 06:18:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/15 22:12:19 | 000,000,000 | ---- | C] () -- C:\Users\Kris\defogger_reenable
[2012/10/15 11:13:53 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/12/26 17:27:28 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/12/26 17:27:28 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/12/26 17:27:28 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/12/26 17:27:28 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/12/26 17:27:28 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/12/26 17:27:28 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/12/26 17:25:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/26 17:18:53 | 000,061,678 | ---- | C] () -- C:\Users\Kris\AppData\Roaming\PFP100JPR.{PB
[2010/12/26 17:18:53 | 000,012,358 | ---- | C] () -- C:\Users\Kris\AppData\Roaming\PFP100JCM.{PB
[2010/12/26 16:28:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/26 16:27:31 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 18 October 2012 - 08:29 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    FF - prefs.js..extensions.enabledAddons: ixtnlzeivf@ixtnlzeivf.org:1.0  
    [2012/05/01 06:19:57 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\extensions\ixtnlzeivf@ixtnlzeivf.org.xpi
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 18 October 2012 - 09:38 PM

Gringo, I ran the custom fix in OTL.exe. The program did not reboot the system. Doing some searches in Google now and I no longer seem to be encountering the redirect ... woo hoo! But let me know if you still spot something in the OTL log. I will keep using the system to see if anything reappears.



Here is the OTL log:


========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
File Protocol\Handler\mso-offdap - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Prefs.js: ixtnlzeivf@ixtnlzeivf.org:1.0 removed from extensions.enabledAddons
C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\extensions\ixtnlzeivf@ixtnlzeivf.org.xpi moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\shares\software and drivers\Anti-Virus Programs\cmd.bat deleted successfully.
C:\shares\software and drivers\Anti-Virus Programs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kris
->Java cache emptied: 230245 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kris
->Flash cache emptied: 133436 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.64.0 log created on 10182012_213311

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 18 October 2012 - 09:42 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 19 October 2012 - 07:27 AM

Gringo, I ran the custom script in ComboFix. I encountered no issues and the PC did not reboot itself. Doing more searches in Google, I am not encountering the redirect malware so everything still appears clean, but you let me know! ComboFix log file is below ...




LOGO FILE:


ComboFix 12-10-18.03 - Kris 10/19/2012 7:14.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2714 [GMT -5:00]
Running from: c:\shares\software and drivers\Anti-Virus Programs\ComboFix.exe
Command switches used :: c:\shares\software and drivers\Anti-Virus Programs\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 12:20 . 2012-10-19 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 09:59 . 2012-10-19 09:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34750295-3BFC-4556-9291-99EC810CDD17}\offreg.dll
2012-10-19 02:33 . 2012-10-19 02:33 -------- d-----w- C:\_OTL
2012-10-18 12:22 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2012-10-17 23:52 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34750295-3BFC-4556-9291-99EC810CDD17}\mpengine.dll
2012-10-15 16:13 . 2012-10-15 16:13 -------- d-----w- c:\users\Kris\AppData\Roaming\Malwarebytes
2012-10-15 16:13 . 2012-10-15 16:13 -------- d-----w- c:\programdata\Malwarebytes
2012-10-15 16:13 . 2012-10-15 16:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-15 16:13 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-10 06:53 . 2012-08-18 11:09 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 06:52 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 06:52 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 06:52 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 06:52 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 06:52 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 06:52 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-22 17:37 . 2012-09-22 17:37 -------- d-----w- c:\program files (x86)\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 16:49 . 2012-09-16 14:46 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 16:49 . 2011-12-29 14:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-18 11:19 . 2012-10-10 06:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:55 . 2012-09-16 15:28 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 17:05 . 2012-09-16 15:28 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
"UVS12 Preload"="c:\program files (x86)\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-28 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-14 11576]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 16:49]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 21:33]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 21:33]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1378347193-2054418301-3286631809-1000Core.job
- c:\users\Kris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 21:13]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1378347193-2054418301-3286631809-1000UA.job
- c:\users\Kris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 21:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:11 176904 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://emachines.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\hh0kctpg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-19 07:22:41
ComboFix-quarantined-files.txt 2012-10-19 12:22
ComboFix2.txt 2012-10-16 11:33
.
Pre-Run: 397,973,995,520 bytes free
Post-Run: 397,922,033,664 bytes free
.
- - End Of File - - D84FBBAC04A1F4BEF2E1704D245AC42C

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 19 October 2012 - 07:45 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 19 October 2012 - 09:47 PM

Gringo, here is the latest report from ComboFix:


18 Wheels of Steel - American Long Haul
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.2 MUI
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advertising Center
Agatha Christie - Death on the Nile
avast! Pro Antivirus
Barnes & Noble Desktop Reader
Bejeweled 2 Deluxe
Blackhawk Striker 2
Build-a-lot 2
Chuzzle Deluxe
Clone Wars
Compatibility Pack for the 2007 Office system
Corel VideoStudio 12
Coupon Printer for Windows
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
eBay Worldwide
eMachines Game Console
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
EPSON Scan
FATE
Google Chrome
Google Talk Plugin
Google Update Helper
Hotkey Utility
Identity Card
ImagXpress
Java Auto Updater
Java™ 6 Update 30
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
LogMeIn
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (3.1.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA ForceWare Network Access Manager
PDF Settings
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
PrimoPDF -- brought to you by Nitro PDF Software
Realtek High Definition Audio Driver
ROBLOX Player for Kris
Samsung CLP-310 Series
SAMSUNG Dr.Printer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
swMSM
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VideoStudio
Virtual Villagers 4 - The Tree of Life
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WordPerfect Office 2002 OEM
Zuma's Revenge




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users