Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RunDLL32.Exe 75-100% CPU usage, VERY Slow computer [Solved]


  • This topic is locked This topic is locked

#1
Bondlover1313

Bondlover1313

    Member

  • Member
  • PipPip
  • 29 posts
Hi, I am new to this forum. I recently noticed my computer is slow, very slow. I have not been on the computer in question for a long time like 6 months or more. When ever I launch an application my computer will show the circle that goes around and then it stops like 10 seconds later and nothing happens, so I go to the task manager and see rundll32.exe is using 75-100 cpu and my computer slows, until I end the process. I have looked this up and found some answers, but all of them are outdated by atleast a year or more. I didn't install anything yet nor the last time I used it, so if someone can tell me what pre-steps they need me to do, I will gladly. Thanks and sorry for any errors in advance.

Please note: The computer is not connected to the internet, so I have to download stuff via a USB then to the computer and install it. My internet connection on other computers is slow so it may take me a day or two to get back to this topic. Also, my computer is a 64 bit Windows 7 Home premium E-Machines, 500 Gb, I am only using 243 gb of the total hdd. Thanks again, I cannot risk formating this computer, it has a lot of important and unique things on it, pictures,videos,etc. I will try to do anything to make the experts job any easier.

Thanks, Bests
Bondlover1313 :)
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

  • 0

#3
Bondlover1313

Bondlover1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OK yeah will do. Thanks. On cell sorry for poor response
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I will be waiting for the reports


gringo
  • 0

#5
Bondlover1313

Bondlover1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here are the reports:

1 (DDS and Attach)
DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 8.0.7600.16968
Run by Matt Micheletti at 19:14:26 on 2012-11-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1479 [GMT -5:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Matt Micheletti\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Users\Matt Micheletti\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Matt Micheletti\Documents\RCA Detective\RCADetective.exe
C:\Users\Matt Micheletti\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\explorer.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605102106p04f5v1l5r4491s46p
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605102106p04f5v1l5r4491s46p
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605102106p04f5v1l5r4491s46p
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [Easy Dock] C:\Users\Matt Micheletti\Documents\RCA easyRip\EZDock.exe
uRun: [SanDiskSecureAccess_Manager.exe] "C:\Users\Matt Micheletti\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Matt Micheletti\AppData\Local\Akamai\netsession_win.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Easy Dock] <no file>
StartupFolder: C:\Users\MATTMI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\MATTMI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Matt Micheletti\Documents\RCA Detective\RCADetective.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1 64.233.217.2 64.233.217.3
TCP: Interfaces\{57CEFA9A-5CA1-4B4E-A47E-7F93FDD2F6D2} : DHCPNameServer = 192.168.2.1 64.233.217.2 64.233.217.3
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605102106p04f5v1l5r4491s46p
x64-mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605102106p04f5v1l5r4491s46p
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-4-8 112680]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-1-10 254528]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-9-30 304464]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-3-6 386344]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-4-8 667272]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-9-30 24664]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-29 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-28 1431888]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;C:\Windows\System32\drivers\MijUfilt.sys [2010-7-31 12288]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-9 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-10-29 22:51:25 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1EED1DDF-2991-46BC-A0F2-839FD5EC1C5D}\offreg.dll
2012-10-29 04:03:35 -------- d-----w- C:\Users\Matt Micheletti\AppData\Roaming\DriverCure
2012-10-29 04:03:34 -------- d-----w- C:\Users\Matt Micheletti\AppData\Roaming\ParetoLogic
2012-10-29 04:02:48 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2012-10-29 04:02:42 -------- d-----w- C:\ProgramData\ParetoLogic
2012-10-29 04:02:42 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2012-10-29 03:48:44 45568 ----a-w- C:\Windows\System32\rundll32.exe
2012-10-29 03:47:31 -------- d-----w- C:\backup
2012-10-28 23:06:48 -------- d-----w- C:\Program Files\CCleaner
.
==================== Find3M ====================
.
.
============= FINISH: 19:16:18.29 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-05.02)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/31/2010 8:36:35 PM
System Uptime: 10/29/2012 7:48:48 AM (204 hours ago)
.
Motherboard: eMachines | | EMCP73VT-PM
Processor: Intel® Celeron® CPU 450 @ 2.20GHz | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 211.199 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP158: 10/22/2012 12:00:06 AM - Scheduled Checkpoint
RP159: 10/28/2012 7:32:02 PM - Removed TotalMedia Extreme
RP160: 10/29/2012 12:10:40 AM - RegCure Pro Backup
RP161: 10/29/2012 12:21:29 AM - RegCure Pro Backup
RP162: 10/29/2012 12:35:48 AM - RegCure Pro Backup
RP163: 11/5/2012 12:00:05 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
Adobe After Effects CS5.5
Adobe AIR
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader 9.1 MUI
Advertising Center
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
Autodesk Content Service
Autodesk Design Review 2012
Autodesk Inventor Fusion 2012
Autodesk Inventor Fusion plug-in for AutoCAD 2012
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Beta Modern Mod
CamStudio
CamStudio Lossless Codec v1.4
Camtasia Studio 7
CCleaner
Compatibility Pack for the 2007 Office system
CyberLink PowerDirector
DAEMON Tools Lite
DVD-CLONER V7.60 Build 998
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
FARO LS 1.1.406.58
Fraps (remove only)
Free DVD Video Burner version 3.1.815
Free Mp3 Wma Converter V 1.94
Free Screen Video Recorder version 2.5.15.305
Free Video to DVD Converter version 1.6.22.804
Free Video to Flash Converter version 4.7.21.305
Game Booster
GIMP 2.6.8
Google SketchUp Pro 7
Google SketchUp Pro 8
GTA San Andreas Admin Console
Hitman - Codename 47
Hitman 2 Silent Assassin
HyperCam 2
HyperCam 3
HyperCam Toolbar
Identity Card
ImagXpress
James Bond 007: Nightfire
Junk Mail filter update
Knights of the Force 2.0
Kotor Tool
Mafia II (With [bleep] Crack)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework SDK (English) 1.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
MotioninJoy ds3 driver version 0.100
MotioninJoy ds3 vibration driver version 0.100
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
PCSX2 - Playstation 2 Emulator
Pinnacle Instant DVD Recorder
Pinnacle Video Driver
PowerISO
PS3ThemeCreator
QuickTime
RAR Password Cracker 4.12
RCA Detective™ 3.0.0.101
RCA easyRip 2.4.6.0
RCA Updater 2.0.0.0
Realtek High Definition Audio Driver
RegCure Pro
San Andreas Mod Installer
SanDiskSecureAccess_Manager.exe
Sanny Builder 3.04
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SmartSound Quicktracks 5
Spider-Man 3 ™
Spider-Man 3™
Star Wars Battlefront
Star Wars Empire at War
Star Wars Jedi Knight Jedi Academy
Star Wars JK II Jedi Outcast
Star Wars Knights of the Old Republic
Star Wars Republic Commando
Star Wars® Knights of the Old Republic® II: The Sith Lords™
The Sims 2
Tom Clancy's Splinter Cell
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vegas Pro 10.0 (64-bit)
Vegas Pro 11.0 (64-bit)
VLC media player 1.1.11
Webroot SecureAnywhere
WeGame Client Public Beta 2.0.3
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Password Unlocker Professional Trial 6.0.0.0
WinRAR archiver
.
==== End Of File ===========================

2. Security Check
Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Webroot SecureAnywhere
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#7
Bondlover1313

Bondlover1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here they are, I skipped security check because it look like you copied it from the first post by mistake, if this is a problem I will run it.

ADWcleaner
# AdwCleaner v2.007 - Logfile created 11/07/2012 at 18:20:41
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Matt Micheletti - VASSAR13
# Boot Mode : Normal
# Running from : K:\Tools\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\HyperCam Toolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Matt Micheletti\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [7659 octets] - [07/11/2012 18:20:41]

########## EOF - C:\AdwCleaner[S1].txt - [7719 octets] ##########


RogueKiller
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Matt Micheletti [Admin rights]
Mode : Remove -- Date : 11/07/2012 19:25:34

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] SanDiskSecureAccess_Manager.exe -- C:\Users\Matt Micheletti\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -> KILLED [TermProc]
[RESIDUE] netsession_win.exe -- C:\Users\Matt Micheletti\AppData\Local\Akamai\netsession_win.exe -> KILLED [TermProc]
[RESIDUE] netsession_win.exe -- C:\Users\Matt Micheletti\AppData\Local\Akamai\netsession_win.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SanDiskSecureAccess_Manager.exe ("C:\Users\Matt Micheletti\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe") -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Akamai NetSession Interface ("C:\Users\Matt Micheletti\AppData\Local\Akamai\netsession_win.exe") -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
--- User ---
[MBR] b1369f8604837f284334d0048029c587
[BSP] 84707ddce34d0a7cfebb2bcc3a46fa0d : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 462502 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_11072012_02d1925.txt >>
RKreport[1]_S_11072012_02d1924.txt ; RKreport[2]_D_11072012_02d1925.txt
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Bondlover1313

yes that was a copy and paste error - I find it happens allot in my old age


I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#9
Bondlover1313

Bondlover1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I have not done anything other than what you told me. I am on cell
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

Advertisements


#11
Bondlover1313

Bondlover1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here is the combofix log. I did try running a program, and a game, neither worked. The rundll32.exe error was still there, using 80+ cpu.

ComboFix 12-11-09.02 - Matt Micheletti 11/10/2012 13:11:47.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1507 [GMT -5:00]
Running from: c:\users\Matt Micheletti\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\miccyhook.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\TEMP\WRusr.dll-240179654-1.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))
.
.
2012-11-10 18:21 . 2012-11-10 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-08 00:24 . 2012-11-08 00:24 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EED1DDF-2991-46BC-A0F2-839FD5EC1C5D}\offreg.dll
2012-10-29 04:03 . 2012-10-29 04:03 -------- d-----w- c:\users\Matt Micheletti\AppData\Roaming\DriverCure
2012-10-29 04:03 . 2012-10-29 04:03 -------- d-----w- c:\users\Matt Micheletti\AppData\Roaming\ParetoLogic
2012-10-29 04:02 . 2012-10-29 04:02 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-10-29 04:02 . 2012-10-29 04:02 -------- d-----w- c:\programdata\ParetoLogic
2012-10-29 04:02 . 2012-10-29 04:02 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-10-29 03:48 . 2009-07-14 01:39 45568 ----a-w- c:\windows\system32\rundll32.exe
2012-10-29 03:47 . 2012-10-29 03:48 -------- d-----w- C:\backup
2012-10-28 23:06 . 2012-10-28 23:06 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Easy Dock"="c:\users\Matt Micheletti\Documents\RCA easyRip\EZDock.exe" [2010-06-07 581632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\users\Matt Micheletti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
RCA Detective.lnk - c:\users\Matt Micheletti\Documents\RCA Detective\RCADetective.exe [2011-3-19 910848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-29 1431888]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [2010-08-01 12288]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-09 1255736]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-11 254528]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 24664]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:27]
.
2012-11-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-11-07 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-11-07 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-11-10 c:\windows\Tasks\RegCure Pro.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2012-10-22 02:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605102106p04f5v1l5r4491s46p
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605102106p04f5v1l5r4491s46p
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 64.233.217.2 64.233.217.3
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Easy Dock - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{6B78A880-15CA-468f-8422-A7960AD6FBB9} - (no file)
ShellIconOverlayIdentifiers-{4EE7A346-5845-471e-9FAB-002EAF83F8B0} - (no file)
ShellIconOverlayIdentifiers-{53DABC15-4F29-44ad-B09A-E0D0F9A3D075} - (no file)
ShellIconOverlayIdentifiers-{493FC96E-B938-4924-9B38-C4088E9B8AC2} - (no file)
AddRemove-HyperCam Toolbar - c:\program files (x86)\HyperCam Toolbar\UninstallToolbar.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_̃\00\00̃\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~̃\00\00̃\00\00\00\00k\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-10 13:24:28
ComboFix-quarantined-files.txt 2012-11-10 18:24
.
Pre-Run: 226,949,894,144 bytes free
Post-Run: 226,822,078,464 bytes free
.
- - End Of File - - 4B3516925D54557DCBA247B453C19C0E
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#13
Bondlover1313

Bondlover1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here are the reports, no problems running either programs. I would however like to know, since I am not that great at malware,spyware,virus,etc removal, how you are doing? in terms of a solution or isolating what the problem is, Thanks, and sorry if I sound rude, or mean.

TDSSKiller Report
12:47:28.0775 3892 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:47:28.0931 3892 ============================================================
12:47:28.0931 3892 Current date / time: 2012/11/11 12:47:28.0931
12:47:28.0931 3892 SystemInfo:
12:47:28.0931 3892
12:47:28.0931 3892 OS Version: 6.1.7600 ServicePack: 0.0
12:47:28.0931 3892 Product type: Workstation
12:47:28.0931 3892 ComputerName: VASSAR13
12:47:28.0931 3892 UserName: Matt Micheletti
12:47:28.0931 3892 Windows directory: C:\Windows
12:47:28.0931 3892 System windows directory: C:\Windows
12:47:28.0931 3892 Running under WOW64
12:47:28.0931 3892 Processor architecture: Intel x64
12:47:28.0931 3892 Number of processors: 1
12:47:28.0931 3892 Page size: 0x1000
12:47:28.0931 3892 Boot type: Normal boot
12:47:28.0931 3892 ============================================================
12:47:30.0288 3892 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:47:30.0303 3892 Drive \Device\Harddisk6\DR11 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:47:30.0303 3892 ============================================================
12:47:30.0303 3892 \Device\Harddisk0\DR0:
12:47:30.0335 3892 MBR partitions:
12:47:30.0335 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
12:47:30.0335 3892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x38753000
12:47:30.0335 3892 \Device\Harddisk6\DR11:
12:47:30.0335 3892 MBR partitions:
12:47:30.0335 3892 \Device\Harddisk6\DR11\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
12:47:30.0335 3892 ============================================================
12:47:30.0366 3892 C: <-> \Device\Harddisk0\DR0\Partition2
12:47:30.0366 3892 ============================================================
12:47:30.0366 3892 Initialize success
12:47:30.0366 3892 ============================================================
12:47:36.0512 3324 ============================================================
12:47:36.0512 3324 Scan started
12:47:36.0512 3324 Mode: Manual;
12:47:36.0512 3324 ============================================================
12:47:37.0199 3324 ================ Scan system memory ========================
12:47:37.0199 3324 System memory - ok
12:47:37.0199 3324 ================ Scan services =============================
12:47:37.0370 3324 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
12:47:37.0370 3324 1394ohci - ok
12:47:37.0401 3324 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
12:47:37.0417 3324 ACPI - ok
12:47:37.0433 3324 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
12:47:37.0433 3324 AcpiPmi - ok
12:47:37.0557 3324 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:47:37.0557 3324 AdobeFlashPlayerUpdateSvc - ok
12:47:37.0620 3324 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:47:37.0620 3324 adp94xx - ok
12:47:37.0667 3324 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:47:37.0667 3324 adpahci - ok
12:47:37.0698 3324 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:47:37.0713 3324 adpu320 - ok
12:47:37.0745 3324 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:47:37.0745 3324 AeLookupSvc - ok
12:47:37.0838 3324 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys
12:47:37.0838 3324 Afc - ok
12:47:37.0901 3324 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
12:47:37.0901 3324 AFD - ok
12:47:37.0947 3324 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
12:47:37.0947 3324 agp440 - ok
12:47:38.0135 3324 [ 1125C7D9FB8898015829C387C1BC87C7 ] Akamai c:\program files (x86)\common files\akamai\netsession_win_6c825ce.dll
12:47:38.0150 3324 Akamai - ok
12:47:38.0181 3324 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:47:38.0197 3324 ALG - ok
12:47:38.0228 3324 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
12:47:38.0228 3324 aliide - ok
12:47:38.0259 3324 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
12:47:38.0259 3324 amdide - ok
12:47:38.0275 3324 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:47:38.0275 3324 AmdK8 - ok
12:47:38.0306 3324 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:47:38.0306 3324 AmdPPM - ok
12:47:38.0353 3324 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:47:38.0353 3324 amdsata - ok
12:47:38.0369 3324 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:47:38.0384 3324 amdsbs - ok
12:47:38.0400 3324 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:47:38.0400 3324 amdxata - ok
12:47:38.0447 3324 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
12:47:38.0447 3324 AppID - ok
12:47:38.0478 3324 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:47:38.0478 3324 AppIDSvc - ok
12:47:38.0540 3324 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
12:47:38.0540 3324 Appinfo - ok
12:47:38.0571 3324 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:47:38.0571 3324 arc - ok
12:47:38.0603 3324 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:47:38.0603 3324 arcsas - ok
12:47:38.0665 3324 ASPI32 - ok
12:47:38.0774 3324 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:47:38.0774 3324 aspnet_state - ok
12:47:38.0805 3324 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:47:38.0821 3324 AsyncMac - ok
12:47:38.0852 3324 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
12:47:38.0852 3324 atapi - ok
12:47:38.0899 3324 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:47:38.0899 3324 AudioEndpointBuilder - ok
12:47:38.0930 3324 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:47:38.0930 3324 AudioSrv - ok
12:47:39.0055 3324 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
12:47:39.0071 3324 Autodesk Content Service - ok
12:47:39.0102 3324 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:47:39.0102 3324 AxInstSV - ok
12:47:39.0164 3324 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:47:39.0164 3324 b06bdrv - ok
12:47:39.0211 3324 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:47:39.0211 3324 b57nd60a - ok
12:47:39.0242 3324 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:47:39.0242 3324 BDESVC - ok
12:47:39.0258 3324 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:47:39.0258 3324 Beep - ok
12:47:39.0305 3324 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
12:47:39.0320 3324 BFE - ok
12:47:39.0383 3324 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
12:47:39.0398 3324 BITS - ok
12:47:39.0414 3324 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:47:39.0414 3324 blbdrive - ok
12:47:39.0492 3324 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:47:39.0492 3324 bowser - ok
12:47:39.0523 3324 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:47:39.0523 3324 BrFiltLo - ok
12:47:39.0554 3324 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:47:39.0554 3324 BrFiltUp - ok
12:47:39.0585 3324 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:47:39.0585 3324 BridgeMP - ok
12:47:39.0648 3324 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
12:47:39.0648 3324 Browser - ok
12:47:39.0695 3324 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:47:39.0695 3324 Brserid - ok
12:47:39.0710 3324 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:47:39.0710 3324 BrSerWdm - ok
12:47:39.0741 3324 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:47:39.0741 3324 BrUsbMdm - ok
12:47:39.0773 3324 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:47:39.0773 3324 BrUsbSer - ok
12:47:39.0788 3324 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:47:39.0788 3324 BTHMODEM - ok
12:47:39.0835 3324 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:47:39.0835 3324 bthserv - ok
12:47:39.0851 3324 catchme - ok
12:47:39.0882 3324 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:47:39.0882 3324 cdfs - ok
12:47:39.0913 3324 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:47:39.0929 3324 cdrom - ok
12:47:39.0960 3324 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
12:47:39.0960 3324 CertPropSvc - ok
12:47:39.0991 3324 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:47:39.0991 3324 circlass - ok
12:47:40.0022 3324 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:47:40.0022 3324 CLFS - ok
12:47:40.0209 3324 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:47:40.0209 3324 clr_optimization_v2.0.50727_32 - ok
12:47:40.0256 3324 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:47:40.0256 3324 clr_optimization_v2.0.50727_64 - ok
12:47:40.0334 3324 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:47:40.0350 3324 clr_optimization_v4.0.30319_32 - ok
12:47:40.0365 3324 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:47:40.0365 3324 clr_optimization_v4.0.30319_64 - ok
12:47:40.0397 3324 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:47:40.0397 3324 CmBatt - ok
12:47:40.0428 3324 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
12:47:40.0443 3324 cmdide - ok
12:47:40.0521 3324 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
12:47:40.0537 3324 CNG - ok
12:47:40.0615 3324 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:47:40.0615 3324 Compbatt - ok
12:47:40.0677 3324 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:47:40.0677 3324 CompositeBus - ok
12:47:40.0755 3324 COMSysApp - ok
12:47:40.0802 3324 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:47:40.0802 3324 crcdisk - ok
12:47:40.0849 3324 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:47:40.0849 3324 CryptSvc - ok
12:47:40.0880 3324 [ B1C55A95006D621D04FE4A23F86C0A54 ] DCamUSBEMPIA C:\Windows\system32\DRIVERS\emDevice64.sys
12:47:40.0896 3324 DCamUSBEMPIA - ok
12:47:40.0943 3324 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:47:40.0943 3324 DcomLaunch - ok
12:47:40.0974 3324 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:47:40.0974 3324 defragsvc - ok
12:47:41.0036 3324 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:47:41.0036 3324 DfsC - ok
12:47:41.0083 3324 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
12:47:41.0083 3324 Dhcp - ok
12:47:41.0130 3324 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:47:41.0130 3324 discache - ok
12:47:41.0161 3324 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:47:41.0161 3324 Disk - ok
12:47:41.0208 3324 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:47:41.0208 3324 Dnscache - ok
12:47:41.0239 3324 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
12:47:41.0239 3324 dot3svc - ok
12:47:41.0270 3324 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
12:47:41.0270 3324 DPS - ok
12:47:41.0301 3324 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:47:41.0301 3324 drmkaud - ok
12:47:41.0364 3324 [ 9F98D7AFA293947A0DFC6FFD4671FE70 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:47:41.0364 3324 dtsoftbus01 - ok
12:47:41.0442 3324 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:47:41.0457 3324 DXGKrnl - ok
12:47:41.0489 3324 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:47:41.0489 3324 EapHost - ok
12:47:41.0769 3324 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:47:41.0816 3324 ebdrv - ok
12:47:41.0894 3324 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
12:47:41.0894 3324 EFS - ok
12:47:41.0972 3324 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:47:41.0988 3324 ehRecvr - ok
12:47:42.0019 3324 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:47:42.0019 3324 ehSched - ok
12:47:42.0066 3324 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:47:42.0066 3324 elxstor - ok
12:47:42.0113 3324 [ 8543BB84CD5872CD1619183F5CBBE3F9 ] emAudio C:\Windows\system32\drivers\emAudio64.sys
12:47:42.0113 3324 emAudio - ok
12:47:42.0144 3324 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
12:47:42.0144 3324 ErrDev - ok
12:47:42.0206 3324 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:47:42.0206 3324 EventSystem - ok
12:47:42.0237 3324 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:47:42.0237 3324 exfat - ok
12:47:42.0269 3324 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:47:42.0284 3324 fastfat - ok
12:47:42.0331 3324 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
12:47:42.0331 3324 Fax - ok
12:47:42.0378 3324 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:47:42.0378 3324 fdc - ok
12:47:42.0409 3324 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:47:42.0409 3324 fdPHost - ok
12:47:42.0440 3324 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:47:42.0440 3324 FDResPub - ok
12:47:42.0456 3324 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:47:42.0456 3324 FileInfo - ok
12:47:42.0471 3324 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:47:42.0471 3324 Filetrace - ok
12:47:42.0503 3324 [ 73FBB50C4D92ADC30A9D57A269489A0B ] FiltUSBEMPIA C:\Windows\system32\DRIVERS\emFilter64.sys
12:47:42.0503 3324 FiltUSBEMPIA - ok
12:47:42.0612 3324 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
12:47:42.0627 3324 FLEXnet Licensing Service 64 - ok
12:47:42.0659 3324 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:47:42.0659 3324 flpydisk - ok
12:47:42.0705 3324 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:47:42.0705 3324 FltMgr - ok
12:47:42.0783 3324 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
12:47:42.0799 3324 FontCache - ok
12:47:42.0861 3324 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:47:42.0861 3324 FontCache3.0.0.0 - ok
12:47:42.0893 3324 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:47:42.0893 3324 FsDepends - ok
12:47:42.0939 3324 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:47:42.0955 3324 Fs_Rec - ok
12:47:43.0017 3324 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:47:43.0017 3324 fvevol - ok
12:47:43.0049 3324 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:47:43.0049 3324 gagp30kx - ok
12:47:43.0111 3324 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
12:47:43.0111 3324 GameConsoleService - ok
12:47:43.0173 3324 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
12:47:43.0189 3324 gpsvc - ok
12:47:43.0251 3324 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
12:47:43.0251 3324 Greg_Service - ok
12:47:43.0298 3324 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:47:43.0298 3324 hcw85cir - ok
12:47:43.0329 3324 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:47:43.0345 3324 HdAudAddService - ok
12:47:43.0376 3324 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:47:43.0392 3324 HDAudBus - ok
12:47:43.0392 3324 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:47:43.0392 3324 HidBatt - ok
12:47:43.0439 3324 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:47:43.0439 3324 HidBth - ok
12:47:43.0470 3324 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:47:43.0470 3324 HidIr - ok
12:47:43.0501 3324 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:47:43.0501 3324 hidserv - ok
12:47:43.0532 3324 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:47:43.0532 3324 HidUsb - ok
12:47:43.0563 3324 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:47:43.0563 3324 hkmsvc - ok
12:47:43.0579 3324 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:47:43.0579 3324 HomeGroupListener - ok
12:47:43.0626 3324 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:47:43.0626 3324 HomeGroupProvider - ok
12:47:43.0657 3324 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
12:47:43.0657 3324 HpSAMD - ok
12:47:43.0688 3324 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:47:43.0704 3324 HTTP - ok
12:47:43.0719 3324 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:47:43.0719 3324 hwpolicy - ok
12:47:43.0766 3324 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:47:43.0766 3324 i8042prt - ok
12:47:43.0829 3324 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:47:43.0829 3324 iaStorV - ok
12:47:43.0891 3324 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:47:43.0907 3324 idsvc - ok
12:47:43.0938 3324 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:47:43.0953 3324 iirsp - ok
12:47:43.0985 3324 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
12:47:44.0000 3324 IKEEXT - ok
12:47:44.0063 3324 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:47:44.0094 3324 IntcAzAudAddService - ok
12:47:44.0125 3324 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
12:47:44.0125 3324 intelide - ok
12:47:44.0156 3324 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:47:44.0156 3324 intelppm - ok
12:47:44.0187 3324 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:47:44.0187 3324 IPBusEnum - ok
12:47:44.0203 3324 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:47:44.0203 3324 IpFilterDriver - ok
12:47:44.0250 3324 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:47:44.0250 3324 iphlpsvc - ok
12:47:44.0281 3324 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:47:44.0281 3324 IPMIDRV - ok
12:47:44.0312 3324 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:47:44.0312 3324 IPNAT - ok
12:47:44.0343 3324 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:47:44.0343 3324 IRENUM - ok
12:47:44.0375 3324 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
12:47:44.0375 3324 isapnp - ok
12:47:44.0390 3324 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:47:44.0406 3324 iScsiPrt - ok
12:47:44.0437 3324 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:47:44.0437 3324 kbdclass - ok
12:47:44.0453 3324 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:47:44.0468 3324 kbdhid - ok
12:47:44.0484 3324 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
12:47:44.0484 3324 KeyIso - ok
12:47:44.0546 3324 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:47:44.0546 3324 KSecDD - ok
12:47:44.0593 3324 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:47:44.0593 3324 KSecPkg - ok
12:47:44.0609 3324 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:47:44.0624 3324 ksthunk - ok
12:47:44.0655 3324 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:47:44.0655 3324 KtmRm - ok
12:47:44.0702 3324 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:47:44.0718 3324 LanmanServer - ok
12:47:44.0749 3324 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:47:44.0749 3324 LanmanWorkstation - ok
12:47:44.0780 3324 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:47:44.0796 3324 lltdio - ok
12:47:44.0827 3324 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:47:44.0827 3324 lltdsvc - ok
12:47:44.0858 3324 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:47:44.0858 3324 lmhosts - ok
12:47:44.0905 3324 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:47:44.0905 3324 LSI_FC - ok
12:47:44.0936 3324 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:47:44.0936 3324 LSI_SAS - ok
12:47:44.0967 3324 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:47:44.0967 3324 LSI_SAS2 - ok
12:47:44.0983 3324 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:47:44.0983 3324 LSI_SCSI - ok
12:47:45.0014 3324 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:47:45.0014 3324 luafv - ok
12:47:45.0077 3324 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
12:47:45.0077 3324 MarvinBus - ok
12:47:45.0155 3324 [ E330051CCE41EB4522E5DCEBC15ADCEA ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:47:45.0155 3324 MBAMProtector - ok
12:47:45.0217 3324 [ 47902A906ACE88580B08FF58D4C0C205 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:47:45.0217 3324 MBAMService - ok
12:47:45.0248 3324 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:47:45.0248 3324 Mcx2Svc - ok
12:47:45.0279 3324 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:47:45.0295 3324 megasas - ok
12:47:45.0311 3324 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:47:45.0326 3324 MegaSR - ok
12:47:45.0357 3324 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:47:45.0357 3324 MMCSS - ok
12:47:45.0389 3324 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:47:45.0389 3324 Modem - ok
12:47:45.0420 3324 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:47:45.0420 3324 monitor - ok
12:47:45.0451 3324 [ AD133802E194833EB12A4CAFF96B0CA7 ] MotioninJoyUSBFilter C:\Windows\system32\DRIVERS\MijUfilt.sys
12:47:45.0451 3324 MotioninJoyUSBFilter - ok
12:47:45.0482 3324 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:47:45.0482 3324 mouclass - ok
12:47:45.0513 3324 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:47:45.0513 3324 mouhid - ok
12:47:45.0529 3324 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:47:45.0545 3324 mountmgr - ok
12:47:45.0560 3324 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
12:47:45.0560 3324 mpio - ok
12:47:45.0591 3324 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:47:45.0607 3324 mpsdrv - ok
12:47:45.0638 3324 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:47:45.0654 3324 MpsSvc - ok
12:47:45.0701 3324 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:47:45.0701 3324 MRxDAV - ok
12:47:45.0747 3324 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:47:45.0747 3324 mrxsmb - ok
12:47:45.0825 3324 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:47:45.0825 3324 mrxsmb10 - ok
12:47:45.0888 3324 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:47:45.0888 3324 mrxsmb20 - ok
12:47:45.0903 3324 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
12:47:45.0919 3324 msahci - ok
12:47:45.0935 3324 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
12:47:45.0935 3324 msdsm - ok
12:47:45.0966 3324 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:47:45.0966 3324 MSDTC - ok
12:47:46.0013 3324 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:47:46.0013 3324 Msfs - ok
12:47:46.0044 3324 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:47:46.0044 3324 mshidkmdf - ok
12:47:46.0059 3324 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
12:47:46.0059 3324 msisadrv - ok
12:47:46.0091 3324 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:47:46.0091 3324 MSiSCSI - ok
12:47:46.0106 3324 msiserver - ok
12:47:46.0137 3324 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:47:46.0137 3324 MSKSSRV - ok
12:47:46.0169 3324 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:47:46.0169 3324 MSPCLOCK - ok
12:47:46.0184 3324 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:47:46.0184 3324 MSPQM - ok
12:47:46.0215 3324 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:47:46.0215 3324 MsRPC - ok
12:47:46.0247 3324 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:47:46.0247 3324 mssmbios - ok
12:47:46.0262 3324 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:47:46.0278 3324 MSTEE - ok
12:47:46.0293 3324 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:47:46.0293 3324 MTConfig - ok
12:47:46.0309 3324 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:47:46.0325 3324 Mup - ok
12:47:46.0356 3324 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
12:47:46.0371 3324 napagent - ok
12:47:46.0403 3324 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:47:46.0403 3324 NativeWifiP - ok
12:47:46.0527 3324 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
12:47:46.0543 3324 NBService - ok
12:47:46.0590 3324 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:47:46.0605 3324 NDIS - ok
12:47:46.0637 3324 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:47:46.0637 3324 NdisCap - ok
12:47:46.0668 3324 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:47:46.0668 3324 NdisTapi - ok
12:47:46.0699 3324 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:47:46.0699 3324 Ndisuio - ok
12:47:46.0715 3324 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:47:46.0730 3324 NdisWan - ok
12:47:46.0746 3324 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:47:46.0746 3324 NDProxy - ok
12:47:46.0824 3324 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:47:46.0839 3324 Nero BackItUp Scheduler 4.0 - ok
12:47:46.0871 3324 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:47:46.0871 3324 NetBIOS - ok
12:47:46.0886 3324 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:47:46.0902 3324 NetBT - ok
12:47:46.0917 3324 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
12:47:46.0917 3324 Netlogon - ok
12:47:46.0964 3324 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:47:46.0980 3324 Netman - ok
12:47:47.0011 3324 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:47.0027 3324 NetMsmqActivator - ok
12:47:47.0042 3324 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:47.0042 3324 NetPipeActivator - ok
12:47:47.0073 3324 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:47:47.0089 3324 netprofm - ok
12:47:47.0105 3324 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:47.0105 3324 NetTcpActivator - ok
12:47:47.0120 3324 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:47.0120 3324 NetTcpPortSharing - ok
12:47:47.0151 3324 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:47:47.0167 3324 nfrd960 - ok
12:47:47.0198 3324 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:47:47.0198 3324 NlaSvc - ok
12:47:47.0276 3324 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
12:47:47.0292 3324 NMIndexingService - ok
12:47:47.0307 3324 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:47:47.0307 3324 Npfs - ok
12:47:47.0323 3324 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:47:47.0323 3324 nsi - ok
12:47:47.0354 3324 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:47:47.0354 3324 nsiproxy - ok
12:47:47.0448 3324 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:47:47.0479 3324 Ntfs - ok
12:47:47.0495 3324 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:47:47.0495 3324 Null - ok
12:47:47.0744 3324 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:47:47.0963 3324 nvlddmkm - ok
12:47:48.0009 3324 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:47:48.0009 3324 nvraid - ok
12:47:48.0041 3324 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:47:48.0041 3324 nvstor - ok
12:47:48.0072 3324 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
12:47:48.0072 3324 nvstor64 - ok
12:47:48.0087 3324 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:47:48.0103 3324 nvsvc - ok
12:47:48.0134 3324 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
12:47:48.0134 3324 nv_agp - ok
12:47:48.0212 3324 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:47:48.0212 3324 odserv - ok
12:47:48.0243 3324 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:47:48.0243 3324 ohci1394 - ok
12:47:48.0275 3324 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:47:48.0275 3324 ose - ok
12:47:48.0337 3324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:47:48.0337 3324 p2pimsvc - ok
12:47:48.0368 3324 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:47:48.0368 3324 p2psvc - ok
12:47:48.0415 3324 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:47:48.0415 3324 Parport - ok
12:47:48.0431 3324 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:47:48.0446 3324 partmgr - ok
12:47:48.0462 3324 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:47:48.0462 3324 PcaSvc - ok
12:47:48.0493 3324 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
12:47:48.0493 3324 pci - ok
12:47:48.0509 3324 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
12:47:48.0509 3324 pciide - ok
12:47:48.0555 3324 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:47:48.0555 3324 pcmcia - ok
12:47:48.0587 3324 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:47:48.0587 3324 pcw - ok
12:47:48.0602 3324 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:47:48.0618 3324 PEAUTH - ok
12:47:48.0696 3324 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:47:48.0696 3324 PerfHost - ok
12:47:48.0774 3324 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
12:47:48.0789 3324 pla - ok
12:47:48.0852 3324 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:47:48.0867 3324 PlugPlay - ok
12:47:48.0883 3324 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:47:48.0883 3324 PNRPAutoReg - ok
12:47:48.0914 3324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:47:48.0914 3324 PNRPsvc - ok
12:47:48.0945 3324 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:47:48.0961 3324 PolicyAgent - ok
12:47:48.0992 3324 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:47:48.0992 3324 Power - ok
12:47:49.0039 3324 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:47:49.0039 3324 PptpMiniport - ok
12:47:49.0086 3324 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:47:49.0086 3324 Processor - ok
12:47:49.0117 3324 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
12:47:49.0133 3324 ProfSvc - ok
12:47:49.0148 3324 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:47:49.0148 3324 ProtectedStorage - ok
12:47:49.0164 3324 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:47:49.0179 3324 Psched - ok
12:47:49.0226 3324 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:47:49.0257 3324 ql2300 - ok
12:47:49.0289 3324 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:47:49.0289 3324 ql40xx - ok
12:47:49.0320 3324 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:47:49.0335 3324 QWAVE - ok
12:47:49.0351 3324 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:47:49.0351 3324 QWAVEdrv - ok
12:47:49.0382 3324 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:47:49.0382 3324 RasAcd - ok
12:47:49.0413 3324 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:47:49.0429 3324 RasAgileVpn - ok
12:47:49.0445 3324 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:47:49.0445 3324 RasAuto - ok
12:47:49.0476 3324 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:47:49.0476 3324 Rasl2tp - ok
12:47:49.0507 3324 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
12:47:49.0507 3324 RasMan - ok
12:47:49.0538 3324 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:47:49.0538 3324 RasPppoe - ok
12:47:49.0569 3324 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:47:49.0569 3324 RasSstp - ok
12:47:49.0585 3324 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:47:49.0601 3324 rdbss - ok
12:47:49.0632 3324 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:47:49.0632 3324 rdpbus - ok
12:47:49.0647 3324 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:47:49.0647 3324 RDPCDD - ok
12:47:49.0694 3324 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:47:49.0694 3324 RDPENCDD - ok
12:47:49.0710 3324 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:47:49.0710 3324 RDPREFMP - ok
12:47:49.0772 3324 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:47:49.0772 3324 RDPWD - ok
12:47:49.0803 3324 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:47:49.0803 3324 rdyboost - ok
12:47:49.0835 3324 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:47:49.0835 3324 RemoteAccess - ok
12:47:49.0866 3324 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:47:49.0866 3324 RemoteRegistry - ok
12:47:49.0991 3324 [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
12:47:49.0991 3324 RichVideo64 - ok
12:47:50.0037 3324 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:47:50.0037 3324 RpcEptMapper - ok
12:47:50.0069 3324 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:47:50.0069 3324 RpcLocator - ok
12:47:50.0100 3324 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
12:47:50.0100 3324 RpcSs - ok
12:47:50.0147 3324 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:47:50.0147 3324 rspndr - ok
12:47:50.0209 3324 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:47:50.0209 3324 RTL8167 - ok
12:47:50.0225 3324 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
12:47:50.0225 3324 SamSs - ok
12:47:50.0256 3324 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
12:47:50.0256 3324 sbp2port - ok
12:47:50.0287 3324 [ EECBBF7D76300E5558D316983961FFC1 ] ScanUSBEMPIA C:\Windows\system32\DRIVERS\emScan64.sys
12:47:50.0287 3324 ScanUSBEMPIA - ok
12:47:50.0334 3324 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:47:50.0334 3324 SCardSvr - ok
12:47:50.0412 3324 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
12:47:50.0412 3324 SCDEmu - ok
12:47:50.0443 3324 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:47:50.0443 3324 scfilter - ok
12:47:50.0521 3324 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
12:47:50.0537 3324 Schedule - ok
12:47:50.0568 3324 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:47:50.0568 3324 SCPolicySvc - ok
12:47:50.0615 3324 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:47:50.0615 3324 SDRSVC - ok
12:47:50.0646 3324 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:47:50.0646 3324 secdrv - ok
12:47:50.0677 3324 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
12:47:50.0677 3324 seclogon - ok
12:47:50.0693 3324 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:47:50.0708 3324 SENS - ok
12:47:50.0724 3324 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:47:50.0724 3324 SensrSvc - ok
12:47:50.0755 3324 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:47:50.0755 3324 Serenum - ok
12:47:50.0786 3324 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:47:50.0786 3324 Serial - ok
12:47:50.0817 3324 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:47:50.0833 3324 sermouse - ok
12:47:50.0895 3324 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
12:47:50.0927 3324 SessionEnv - ok
12:47:50.0958 3324 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
12:47:50.0958 3324 sffdisk - ok
12:47:50.0989 3324 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:47:50.0989 3324 sffp_mmc - ok
12:47:51.0005 3324 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
12:47:51.0005 3324 sffp_sd - ok
12:47:51.0036 3324 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:47:51.0036 3324 sfloppy - ok
12:47:51.0067 3324 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:47:51.0083 3324 SharedAccess - ok
12:47:51.0098 3324 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:47:51.0114 3324 ShellHWDetection - ok
12:47:51.0129 3324 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:47:51.0129 3324 SiSRaid2 - ok
12:47:51.0176 3324 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:47:51.0176 3324 SiSRaid4 - ok
12:47:51.0223 3324 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:47:51.0223 3324 Smb - ok
12:47:51.0285 3324 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:47:51.0285 3324 SNMPTRAP - ok
12:47:51.0301 3324 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:47:51.0301 3324 spldr - ok
12:47:51.0363 3324 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
12:47:51.0363 3324 Spooler - ok
12:47:51.0441 3324 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
12:47:51.0504 3324 sppsvc - ok
12:47:51.0535 3324 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:47:51.0535 3324 sppuinotify - ok
12:47:51.0613 3324 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:47:51.0613 3324 srv - ok
12:47:51.0675 3324 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:47:51.0675 3324 srv2 - ok
12:47:51.0738 3324 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:47:51.0738 3324 srvnet - ok
12:47:51.0785 3324 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:47:51.0785 3324 SSDPSRV - ok
12:47:51.0816 3324 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:47:51.0816 3324 SstpSvc - ok
12:47:51.0863 3324 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:47:51.0863 3324 stexstor - ok
12:47:51.0894 3324 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
12:47:51.0909 3324 stisvc - ok
12:47:51.0941 3324 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:47:51.0941 3324 swenum - ok
12:47:52.0034 3324 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:47:52.0034 3324 SwitchBoard - ok
12:47:52.0065 3324 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:47:52.0081 3324 swprv - ok
12:47:52.0128 3324 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
12:47:52.0159 3324 SysMain - ok
12:47:52.0190 3324 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:47:52.0190 3324 TabletInputService - ok
12:47:52.0221 3324 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
12:47:52.0221 3324 TapiSrv - ok
12:47:52.0253 3324 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:47:52.0253 3324 TBS - ok
12:47:52.0346 3324 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:47:52.0377 3324 Tcpip - ok
12:47:52.0424 3324 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:47:52.0440 3324 TCPIP6 - ok
12:47:52.0487 3324 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:47:52.0487 3324 tcpipreg - ok
12:47:52.0518 3324 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:47:52.0518 3324 TDPIPE - ok
12:47:52.0565 3324 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:47:52.0565 3324 TDTCP - ok
12:47:52.0596 3324 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:47:52.0596 3324 tdx - ok
12:47:52.0627 3324 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:47:52.0627 3324 TermDD - ok
12:47:52.0674 3324 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
12:47:52.0674 3324 TermService - ok
12:47:52.0705 3324 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:47:52.0705 3324 Themes - ok
12:47:52.0736 3324 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:47:52.0736 3324 THREADORDER - ok
12:47:52.0767 3324 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:47:52.0767 3324 TrkWks - ok
12:47:52.0814 3324 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:47:52.0814 3324 TrustedInstaller - ok
12:47:52.0861 3324 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:52.0861 3324 tssecsrv - ok
12:47:52.0908 3324 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:47:52.0908 3324 tunnel - ok
12:47:52.0939 3324 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:47:52.0939 3324 uagp35 - ok
12:47:52.0970 3324 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:47:52.0986 3324 udfs - ok
12:47:53.0033 3324 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:47:53.0033 3324 UI0Detect - ok
12:47:53.0064 3324 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
12:47:53.0064 3324 uliagpkx - ok
12:47:53.0095 3324 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:47:53.0095 3324 umbus - ok
12:47:53.0142 3324 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:47:53.0142 3324 UmPass - ok
12:47:53.0189 3324 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
12:47:53.0189 3324 Updater Service - ok
12:47:53.0220 3324 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:47:53.0220 3324 upnphost - ok
12:47:53.0282 3324 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:47:53.0298 3324 usbaudio - ok
12:47:53.0329 3324 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:47:53.0329 3324 usbccgp - ok
12:47:53.0376 3324 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
12:47:53.0376 3324 usbcir - ok
12:47:53.0423 3324 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:47:53.0423 3324 usbehci - ok
12:47:53.0469 3324 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:47:53.0469 3324 usbhub - ok
12:47:53.0501 3324 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:47:53.0501 3324 usbohci - ok
12:47:53.0516 3324 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:47:53.0516 3324 usbprint - ok
12:47:53.0547 3324 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:53.0547 3324 USBSTOR - ok
12:47:53.0579 3324 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:47:53.0579 3324 usbuhci - ok
12:47:53.0610 3324 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:47:53.0610 3324 UxSms - ok
12:47:53.0641 3324 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
12:47:53.0641 3324 VaultSvc - ok
12:47:53.0657 3324 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
12:47:53.0672 3324 vdrvroot - ok
12:47:53.0703 3324 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
12:47:53.0703 3324 vds - ok
12:47:53.0735 3324 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:47:53.0735 3324 vga - ok
12:47:53.0750 3324 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:47:53.0750 3324 VgaSave - ok
12:47:53.0781 3324 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
12:47:53.0781 3324 vhdmp - ok
12:47:53.0813 3324 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
12:47:53.0828 3324 viaide - ok
12:47:53.0844 3324 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
12:47:53.0844 3324 volmgr - ok
12:47:53.0875 3324 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:47:53.0875 3324 volmgrx - ok
12:47:53.0906 3324 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
12:47:53.0906 3324 volsnap - ok
12:47:53.0937 3324 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:47:53.0937 3324 vsmraid - ok
12:47:53.0984 3324 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
12:47:54.0015 3324 VSS - ok
12:47:54.0047 3324 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:47:54.0047 3324 vwifibus - ok
12:47:54.0078 3324 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:47:54.0078 3324 W32Time - ok
12:47:54.0109 3324 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:47:54.0109 3324 WacomPen - ok
12:47:54.0140 3324 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:47:54.0140 3324 WANARP - ok
12:47:54.0156 3324 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:47:54.0156 3324 Wanarpv6 - ok
12:47:54.0249 3324 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:47:54.0265 3324 WatAdminSvc - ok
12:47:54.0327 3324 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
12:47:54.0343 3324 wbengine - ok
12:47:54.0374 3324 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:47:54.0374 3324 WbioSrvc - ok
12:47:54.0437 3324 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:47:54.0437 3324 wcncsvc - ok
12:47:54.0468 3324 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:47:54.0468 3324 WcsPlugInService - ok
12:47:54.0499 3324 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:47:54.0499 3324 Wd - ok
12:47:54.0530 3324 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:47:54.0546 3324 Wdf01000 - ok
12:47:54.0561 3324 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:47:54.0577 3324 WdiServiceHost - ok
12:47:54.0593 3324 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:47:54.0593 3324 WdiSystemHost - ok
12:47:54.0639 3324 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
12:47:54.0639 3324 WebClient - ok
12:47:54.0671 3324 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:47:54.0686 3324 Wecsvc - ok
12:47:54.0702 3324 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:47:54.0717 3324 wercplsupport - ok
12:47:54.0749 3324 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:47:54.0749 3324 WerSvc - ok
12:47:54.0795 3324 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:47:54.0795 3324 WfpLwf - ok
12:47:54.0811 3324 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:47:54.0811 3324 WIMMount - ok
12:47:54.0842 3324 WinDefend - ok
12:47:54.0858 3324 WinHttpAutoProxySvc - ok
12:47:54.0920 3324 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:47:54.0920 3324 Winmgmt - ok
12:47:54.0998 3324 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
12:47:55.0029 3324 WinRM - ok
12:47:55.0092 3324 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:47:55.0107 3324 Wlansvc - ok
12:47:55.0139 3324 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:47:55.0139 3324 WmiAcpi - ok
12:47:55.0170 3324 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:47:55.0170 3324 wmiApSrv - ok
12:47:55.0217 3324 WMPNetworkSvc - ok
12:47:55.0232 3324 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:47:55.0232 3324 WPCSvc - ok
12:47:55.0263 3324 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:47:55.0263 3324 WPDBusEnum - ok
12:47:55.0295 3324 WRkrn - ok
12:47:55.0341 3324 WRSVC - ok
12:47:55.0373 3324 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:47:55.0373 3324 ws2ifsl - ok
12:47:55.0419 3324 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
12:47:55.0419 3324 wscsvc - ok
12:47:55.0435 3324 WSearch - ok
12:47:55.0513 3324 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
12:47:55.0560 3324 wuauserv - ok
12:47:55.0591 3324 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:47:55.0591 3324 WudfPf - ok
12:47:55.0607 3324 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:55.0607 3324 WUDFRd - ok
12:47:55.0638 3324 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:47:55.0638 3324 wudfsvc - ok
12:47:55.0653 3324 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:47:55.0669 3324 WwanSvc - ok
12:47:55.0685 3324 ================ Scan global ===============================
12:47:55.0716 3324 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:47:55.0763 3324 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
12:47:55.0778 3324 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
12:47:55.0809 3324 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:47:55.0841 3324 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:47:55.0856 3324 [Global] - ok
12:47:55.0856 3324 ================ Scan MBR ==================================
12:47:55.0872 3324 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
12:47:58.0430 3324 \Device\Harddisk0\DR0 - ok
12:47:58.0446 3324 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR11
12:47:58.0446 3324 \Device\Harddisk6\DR11 - ok
12:47:58.0461 3324 ================ Scan VBR ==================================
12:47:58.0461 3324 [ E5157CC2C0CE95DA9E29FA2BB0A6554D ] \Device\Harddisk0\DR0\Partition1
12:47:58.0461 3324 \Device\Harddisk0\DR0\Partition1 - ok
12:47:58.0493 3324 [ 7F5B48FACFF90491E4621573567420D4 ] \Device\Harddisk0\DR0\Partition2
12:47:58.0493 3324 \Device\Harddisk0\DR0\Partition2 - ok
12:47:58.0508 3324 [ 0075E61ACF8C4BBAB1ECE5230EB5C20E ] \Device\Harddisk6\DR11\Partition1
12:47:58.0508 3324 \Device\Harddisk6\DR11\Partition1 - ok
12:47:58.0508 3324 ============================================================
12:47:58.0508 3324 Scan finished
12:47:58.0508 3324 ============================================================
12:47:58.0524 4068 Detected object count: 0
12:47:58.0524 4068 Actual detected object count: 0

aswMBR Report
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-11 12:49:24
-----------------------------
12:49:24.226 OS Version: Windows x64 6.1.7600
12:49:24.226 Number of processors: 1 586 0x1601
12:49:24.226 ComputerName: VASSAR13 UserName:
12:49:25.552 Initialize success
12:49:33.743 AVAST engine download error: 0
12:49:47.362 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
12:49:47.377 Disk 0 Vendor: ST350041 CC44 Size: 476940MB BusType: 3
12:49:47.393 Disk 0 MBR read successfully
12:49:47.393 Disk 0 MBR scan
12:49:47.393 Disk 0 unknown MBR code
12:49:47.409 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
12:49:47.424 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
12:49:47.440 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462502 MB offset 29566976
12:49:47.455 Disk 0 scanning C:\Windows\system32\drivers
12:49:53.602 Service scanning
12:50:07.049 Modules scanning
12:50:07.049 Disk 0 trace - called modules:
12:50:07.080 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
12:50:07.595 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031c4060]
12:50:07.595 3 CLASSPNP.SYS[fffff8800190c43f] -> nt!IofCallDriver -> [0xfffffa8002f90e40]
12:50:07.611 5 ACPI.sys[fffff88000f92781] -> nt!IofCallDriver -> \Device\00000054[0xfffffa8002f96720]
12:50:07.626 Scan finished successfully
12:50:27.891 Disk 0 MBR has been saved successfully to "K:\Tools\4\MBR.dat"
12:50:27.906 The log file has been saved successfully to "K:\Tools\4\aswMBR.txt"
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I do not think we are close at all - I do not think this is malware and I am going thru and making sure I am not wrong

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Matt Micheletti\AppData\Roaming\DriverCure
c:\users\Matt Micheletti\AppData\Roaming\ParetoLogic
c:\program files (x86)\Common Files\ParetoLogic
c:\programdata\ParetoLogic
c:\program files (x86)\ParetoLogic

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#15
Bondlover1313

Bondlover1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here is the log, still no improvement, rundll32.exe still uses 80+ cpu.

ComboFix Log 2
ComboFix 12-11-09.02 - Matt Micheletti 11/11/2012 14:16:28.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1501 [GMT -5:00]
Running from: c:\users\Matt Micheletti\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt Micheletti\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ParetoLogic
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\ad_generic.jpg
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\close.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\close_md.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\close_mo.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\close_pu.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\close_pu_md.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\close_pu_mo.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\Logo.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\min.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\min_md.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\min_mo.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\progress_glow.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Images\topbar_gradient.png
c:\program files (x86)\Common Files\ParetoLogic\UUS3\LiteUnzip.dll
c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
c:\program files (x86)\Common Files\ParetoLogic\UUS3\settings.xml
c:\program files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
c:\program files (x86)\ParetoLogic
c:\program files (x86)\ParetoLogic\RegCure Pro\7ZipDLL.dll
c:\program files (x86)\ParetoLogic\RegCure Pro\colors.xml
c:\program files (x86)\ParetoLogic\RegCure Pro\CommonLoggingExtension.pxt
c:\program files (x86)\ParetoLogic\RegCure Pro\CommonSpecialist.pxt
c:\program files (x86)\ParetoLogic\RegCure Pro\ExtensionManager.dll
c:\program files (x86)\ParetoLogic\RegCure Pro\filecachedb.xml
c:\program files (x86)\ParetoLogic\RegCure Pro\HandleUpdate.dll
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\0_days.htm
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\1_days.htm
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\15_days.htm
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\2_days.htm
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\30_days.htm
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\5_days.htm
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\container_content_bkimg.gif
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\container_content_leftimg.gif
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\container_content_rightimg.gif
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\error_connect.html
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\images\10x10.gif
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\images\10x10tile.gif
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\images\background.jpg
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\images\contentwrapper.gif
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\images\error_internet.jpg
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\images\footerbarfill.gif
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\images\info_bubble.jpg
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\images\tile_footerbarbase.jpg
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\images\tile_subheadbarbase.jpg
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\images\tile_titlebarbase.jpg
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\main.css
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\main_error.css
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\package_titlebar_bkimg.jpg
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\uninstall\box_screen.jpg
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\uninstall\default_button.gif
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\uninstall\default_button_over.gif
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\uninstall\header_background.jpg
c:\program files (x86)\ParetoLogic\RegCure Pro\HTML\uninstall\index.html
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Audio\cancel.wav
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Audio\complete.wav
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\btn.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\btn_over.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\button_bho.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\button_defrag.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\button_file.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\button_generalsettings.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\button_ignore.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\button_junk.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\button_privacy.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\button_process.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\button_registry.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\button_schedule.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\button_startup.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\register.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\register_over.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\register_over_small.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\register_small.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\renew.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\renew_over.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\settings_button.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\settings_button_over.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\start.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\buttons\start_over.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\defrag\c_empty.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\defrag\c_frag.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\defrag\c_unfrag.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\defrag\c_unknown.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\defrag\c_unmove.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\bottom_logo.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\close.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\dlg_title.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\logo.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\max.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\min.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\register.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\register_close.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\register_close_over.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\register_over.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\renew.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\renew_over.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\restore.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\tab_bg.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\tabactive_bg.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\tabover_bg.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\tfn_bg.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\tfn_logo.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\title_bar.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\top_logo.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Frame\upper_divider.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\general\collapse.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\general\delete.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\general\expand.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\general\progress_glow.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\bho.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\dup_audio.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\dup_doc.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\dup_image.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\dup_other.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\dup_video.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\ig_drivers.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\ig_proc.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\ig_reg.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\junk.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\priv_3rd.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\priv_browser.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\priv_email.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\priv_fs.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\priv_im.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\priv_multi.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\priv_office.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\priv_other.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\priv_windows.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\reg_apppath.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\reg_com.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\reg_dll.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\reg_empty.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\reg_extensions.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\reg_filepath.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\reg_font.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\reg_help.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\reg_shortcut.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\reg_startup.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\reg_uninstall.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\group\startup.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_about.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_bho.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_clean.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_defrag.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_file.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_junk.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_junk_settings.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_malware.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_performance.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_privacy.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_process.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_registry.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_restore.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_settings.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_startup.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\header_tools.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\settings_general.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\settings_ignore.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\settings_privacy.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\settings_registry.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\headers\settings_schedule.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Icons\info.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Icons\warning.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\other.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\process\bho.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\process\process.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\process\startup.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_malware16.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_malware24.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_malware32.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_system16.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_system24.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_system32.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unknown16.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unknown24.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unknown32.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unwanted16.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unwanted24.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unwanted32.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_userapp16.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_userapp24.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_userapp32.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\011.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\012.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\animation\01.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\animation\02.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\animation\03.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\animation\04.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\animation\05.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\animation\06.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\animation\07.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\animation\08.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\animation\09.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\check.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\damage1.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\damage2.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\damage3.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\damage4.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\damage5.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\damage6.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\error.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\error_large.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\Fix.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\Fix_over.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\junk.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\malware.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\md5.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\privacy.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\process-animation.gif
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\rating_h.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\rating_h_scan.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\rating_l.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\rating_l_scan.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\rating_m.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\rating_m_scan.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\rating_mh.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\rating_mh_scan.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\rating_ml.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\rating_ml_scan.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\registry.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\security_high.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\security_low.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Scan\warning.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Tabs\overview.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Tabs\restore.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Tabs\scan.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Tabs\settings.png
c:\program files (x86)\ParetoLogic\RegCure Pro\Images\Tabs\tools.png
c:\program files (x86)\ParetoLogic\RegCure Pro\LiteUnzip.dll
c:\program files (x86)\ParetoLogic\RegCure Pro\LiteZip.dll
c:\program files (x86)\ParetoLogic\RegCure Pro\LogSettings.xml
c:\program files (x86)\ParetoLogic\RegCure Pro\multipledetction.dat
c:\program files (x86)\ParetoLogic\RegCure Pro\MyResources.dll
c:\program files (x86)\ParetoLogic\RegCure Pro\privacy.db
c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
c:\program files (x86)\ParetoLogic\RegCure Pro\RegHookSpecialist.pxt
c:\program files (x86)\ParetoLogic\RegCure Pro\SandBoxer.dll
c:\program files (x86)\ParetoLogic\RegCure Pro\settings.xml
c:\program files (x86)\ParetoLogic\RegCure Pro\sqlite3.dll
c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
c:\program files (x86)\ParetoLogic\RegCure Pro\UNS.xml
c:\program files (x86)\ParetoLogic\RegCure Pro\Utility.pxt
c:\program files (x86)\ParetoLogic\RegCure Pro\whitelist.dat
c:\programdata\ParetoLogic
c:\programdata\ParetoLogic\RegCure Pro\dc_db.db
c:\programdata\ParetoLogic\UUS3\Master.xml
c:\programdata\ParetoLogic\UUS3\Patch.xml
c:\programdata\ParetoLogic\UUS3\RegCure Pro\Database.xml
c:\programdata\ParetoLogic\UUS3\RegCure Pro\Master.xml
c:\programdata\ParetoLogic\UUS3\RegCure Pro\Patch.xml
c:\programdata\ParetoLogic\UUS3\RegCure Pro\Update.xml
c:\programdata\ParetoLogic\UUS3\Update.xml
c:\users\Matt Micheletti\AppData\Roaming\DriverCure
c:\users\Matt Micheletti\AppData\Roaming\DriverCure\LogFile.txt
c:\users\Matt Micheletti\AppData\Roaming\ParetoLogic
.
.
((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 19:28 . 2012-11-11 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-08 00:24 . 2012-11-08 00:24 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EED1DDF-2991-46BC-A0F2-839FD5EC1C5D}\offreg.dll
2012-10-29 03:48 . 2009-07-14 01:39 45568 ----a-w- c:\windows\system32\rundll32.exe
2012-10-29 03:47 . 2012-10-29 03:48 -------- d-----w- C:\backup
2012-10-28 23:06 . 2012-10-28 23:06 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Easy Dock"="c:\users\Matt Micheletti\Documents\RCA easyRip\EZDock.exe" [2010-06-07 581632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\users\Matt Micheletti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
RCA Detective.lnk - c:\users\Matt Micheletti\Documents\RCA Detective\RCADetective.exe [2011-3-19 910848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-29 1431888]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [2010-08-01 12288]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-09 1255736]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-11 254528]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 24664]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 78877204
*NewlyCreated* - ASWMBR
*Deregistered* - 78877204
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:27]
.
2012-11-10 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605102106p04f5v1l5r4491s46p
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605102106p04f5v1l5r4491s46p
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 64.233.217.2 64.233.217.3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{6B78A880-15CA-468f-8422-A7960AD6FBB9} - (no file)
ShellIconOverlayIdentifiers-{4EE7A346-5845-471e-9FAB-002EAF83F8B0} - (no file)
ShellIconOverlayIdentifiers-{53DABC15-4F29-44ad-B09A-E0D0F9A3D075} - (no file)
ShellIconOverlayIdentifiers-{493FC96E-B938-4924-9B38-C4088E9B8AC2} - (no file)
AddRemove-HyperCam Toolbar - c:\program files (x86)\HyperCam Toolbar\UninstallToolbar.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_̃\00\00̃\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~̃\00\00̃\00\00\00\00k\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-11 14:31:54
ComboFix-quarantined-files.txt 2012-11-11 19:31
ComboFix2.txt 2012-11-10 18:24
.
Pre-Run: 226,755,186,688 bytes free
Post-Run: 227,303,161,856 bytes free
.
- - End Of File - - BF635CFC4058F1BBE985716157F301F4
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP