Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet even though I am connected.


  • This topic is locked This topic is locked
24 replies to this topic

#1 deffpony

deffpony

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 03 June 2012 - 05:56 PM

So my internet is connected but my browsers do not work. I had google redirect virus and suddenly after trying to fix it by editing my host files and internet settings my internet just stopped working.

I have posted a topic already in networking and they informed me that the Local Host was blocked and to create a topic here. Here is the link to that topic.
http://www.bleepingcomputer.com/forums/topic454419.html

I ran DDS. I attached the attach.txt and here is my DDS log


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Vinnie at 15:06:55 on 2012-06-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12287.10201 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files (x86)\Madotate_2.02.02\madotate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Vinnie\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Users\Vinnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files (x86)\Jump Desktop\JumpService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=109130&babsrc=HP_ss&mntrId=384f98ca0000000000006c626dec9542
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: MailRuBHO Class: {8984b388-a5bb-4df7-b274-77b879e179db} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB: ???????@Mail.Ru: {09900de8-1dca-443f-9243-26ff581438af} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Facebook Update] "C:\Users\Vinnie\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Vinnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Trusted Zone: line6.net
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{E7C30A74-130D-4386-AC7D-54160B5A2743} : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\SysWow64\DreamScene.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: MailRuBHO Class: {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll
BHO-X64: ???????@Mail.Ru - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB-X64: ???????@Mail.Ru: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\SysWow64\DreamScene.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2011-9-29 337872]
R2 Guard.Mail.ru;Guard.Mail.ru;C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2011-10-4 1790016]
R2 JumpDesktop;Jump Desktop Service;C:\Program Files (x86)\Jump Desktop\JumpService.exe [2011-10-12 7680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-16 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-13 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 L6TPrtDS;Service - Line 6 TonePort DI-S;C:\Windows\system32\Drivers\L6TPrtDS64.sys --> C:\Windows\system32\Drivers\L6TPrtDS64.sys [?]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\system32\DRIVERS\MAudioFastTrack.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [?]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\8D44.tmp --> C:\Windows\system32\8D44.tmp [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2011-9-29 371472]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2011-9-29 1117144]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-20 19:28:25 -------- d-----w- C:\Program Files (x86)\DLLSuite
2012-05-20 19:18:00 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-20 19:02:13 98816 ----a-w- C:\Windows\sed.exe
2012-05-20 19:02:13 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-20 19:02:13 256000 ----a-w- C:\Windows\PEV.exe
2012-05-20 19:02:13 208896 ----a-w- C:\Windows\MBR.exe
2012-05-20 18:20:32 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\VS Revo Group
2012-05-20 16:56:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-20 02:48:32 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-05-20 02:48:16 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-20 01:39:53 6144 ------w- C:\Windows\System32\8D44.tmp
2012-05-20 01:38:08 6144 ------w- C:\Windows\System32\F2E8.tmp
2012-05-20 01:37:57 -------- d-----w- C:\Program Files (x86)\Sophos
2012-05-20 01:37:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-20 01:13:01 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\f-secure
2012-05-20 01:12:50 -------- d-----w- C:\ProgramData\F-Secure
2012-05-19 06:59:18 16200 ----a-w- C:\Windows\stinger.sys
2012-05-19 06:58:34 -------- d-----w- C:\Program Files (x86)\stinger
2012-05-19 06:56:20 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\SUPERAntiSpyware.com
2012-05-19 06:54:25 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-19 06:48:03 115008 ----a-w- C:\Windows\SysWow64\drivers\efavdrv.sys
2012-05-16 04:37:41 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-15 13:15:58 -------- d-----w- C:\Users\Vinnie\AppData\Local\GARMIN_Corp
2012-05-15 12:52:00 -------- d-----w- C:\Program Files (x86)\GPSBabel
2012-05-15 05:17:05 -------- d-----w- C:\Users\Vinnie\AppData\Local\Garmin
2012-05-15 04:33:41 -------- d-----w- C:\Garmin
2012-05-15 04:33:31 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-05-15 04:33:31 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-05-15 04:33:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-05-15 04:33:31 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-05-15 04:33:31 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-05-15 04:33:29 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-05-15 04:33:29 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-05-14 19:40:33 -------- d-----w- C:\ProgramData\Garmin
2012-05-14 19:34:25 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\Garmin
2012-05-14 19:34:19 -------- d-----w- C:\Program Files\Garmin GPS Plugin
2012-05-14 19:34:14 -------- d-----w- C:\Program Files (x86)\Garmin GPS Plugin
2012-05-14 19:34:08 -------- d-----w- C:\Program Files (x86)\Garmin
2012-05-11 16:16:26 -------- d-----w- C:\Program Files (x86)\Audacity
2012-05-11 00:38:17 -------- d-----w- C:\Users\Vinnie\Images
2012-05-11 00:34:32 -------- d-----w- C:\Users\Vinnie\Audio
2012-05-10 23:45:03 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\PACE Anti-Piracy
2012-05-10 23:45:03 -------- d-----w- C:\Users\Vinnie\AppData\Local\PACE Anti-Piracy
2012-05-10 23:45:03 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-05-10 23:45:03 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
2012-05-10 23:39:45 -------- d-----w- C:\Windows\Downloaded Installations
2012-05-10 23:27:07 974848 ------w- C:\Windows\SysWow64\mfc70.dll
2012-05-10 23:27:07 630784 ------w- C:\Windows\SysWow64\ilinet.dll
2012-05-10 23:27:07 487424 ------w- C:\Windows\SysWow64\msvcp70.dll
2012-05-10 23:27:07 344064 ------w- C:\Windows\SysWow64\msvcr70.dll
2012-05-10 23:27:07 217088 ------w- C:\Windows\SysWow64\qtmlClient.dll
2012-05-10 23:26:00 21520 ----a-w- C:\Windows\System32\drivers\diginet.sys
2012-05-10 23:25:59 -------- d-----w- C:\Program Files (x86)\Digidesign
2012-05-10 21:37:37 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\PowerMp3WmaConverter
.
==================== Find3M ====================
.
2012-04-18 16:04:43 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:07:19.70 ===============


I ran GMER but it would only let me select service, registry, and files. It said nothing was found but I attached the log anyways. Thanks in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 deffpony

deffpony
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 03 June 2012 - 05:58 PM

The gmer log ended up being blank. Maybe because it didnt find anything

#3 deffpony

deffpony
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 05 June 2012 - 06:25 PM

Still no help with this????

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 08 June 2012 - 06:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/455786 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 deffpony

deffpony
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 08 June 2012 - 09:29 PM

Windows 7 ultimate 64 bit. I do not still have the install cd.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Vinnie at 15:06:55 on 2012-06-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12287.10201 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files (x86)\Madotate_2.02.02\madotate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Vinnie\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Users\Vinnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files (x86)\Jump Desktop\JumpService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=109130&babsrc=HP_ss&mntrId=384f98ca0000000000006c626dec9542
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: MailRuBHO Class: {8984b388-a5bb-4df7-b274-77b879e179db} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB: ???????@Mail.Ru: {09900de8-1dca-443f-9243-26ff581438af} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Facebook Update] "C:\Users\Vinnie\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Vinnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Trusted Zone: line6.net
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{E7C30A74-130D-4386-AC7D-54160B5A2743} : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\SysWow64\DreamScene.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: MailRuBHO Class: {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll
BHO-X64: ???????@Mail.Ru - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB-X64: ???????@Mail.Ru: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\SysWow64\DreamScene.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2011-9-29 337872]
R2 Guard.Mail.ru;Guard.Mail.ru;C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2011-10-4 1790016]
R2 JumpDesktop;Jump Desktop Service;C:\Program Files (x86)\Jump Desktop\JumpService.exe [2011-10-12 7680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-16 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-13 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 L6TPrtDS;Service - Line 6 TonePort DI-S;C:\Windows\system32\Drivers\L6TPrtDS64.sys --> C:\Windows\system32\Drivers\L6TPrtDS64.sys [?]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\system32\DRIVERS\MAudioFastTrack.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [?]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\8D44.tmp --> C:\Windows\system32\8D44.tmp [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2011-9-29 371472]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2011-9-29 1117144]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-20 19:28:25 -------- d-----w- C:\Program Files (x86)\DLLSuite
2012-05-20 19:18:00 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-20 19:02:13 98816 ----a-w- C:\Windows\sed.exe
2012-05-20 19:02:13 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-20 19:02:13 256000 ----a-w- C:\Windows\PEV.exe
2012-05-20 19:02:13 208896 ----a-w- C:\Windows\MBR.exe
2012-05-20 18:20:32 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\VS Revo Group
2012-05-20 16:56:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-20 02:48:32 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-05-20 02:48:16 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-20 01:39:53 6144 ------w- C:\Windows\System32\8D44.tmp
2012-05-20 01:38:08 6144 ------w- C:\Windows\System32\F2E8.tmp
2012-05-20 01:37:57 -------- d-----w- C:\Program Files (x86)\Sophos
2012-05-20 01:37:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-20 01:13:01 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\f-secure
2012-05-20 01:12:50 -------- d-----w- C:\ProgramData\F-Secure
2012-05-19 06:59:18 16200 ----a-w- C:\Windows\stinger.sys
2012-05-19 06:58:34 -------- d-----w- C:\Program Files (x86)\stinger
2012-05-19 06:56:20 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\SUPERAntiSpyware.com
2012-05-19 06:54:25 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-19 06:48:03 115008 ----a-w- C:\Windows\SysWow64\drivers\efavdrv.sys
2012-05-16 04:37:41 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-15 13:15:58 -------- d-----w- C:\Users\Vinnie\AppData\Local\GARMIN_Corp
2012-05-15 12:52:00 -------- d-----w- C:\Program Files (x86)\GPSBabel
2012-05-15 05:17:05 -------- d-----w- C:\Users\Vinnie\AppData\Local\Garmin
2012-05-15 04:33:41 -------- d-----w- C:\Garmin
2012-05-15 04:33:31 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-05-15 04:33:31 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-05-15 04:33:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-05-15 04:33:31 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-05-15 04:33:31 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-05-15 04:33:29 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-05-15 04:33:29 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-05-14 19:40:33 -------- d-----w- C:\ProgramData\Garmin
2012-05-14 19:34:25 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\Garmin
2012-05-14 19:34:19 -------- d-----w- C:\Program Files\Garmin GPS Plugin
2012-05-14 19:34:14 -------- d-----w- C:\Program Files (x86)\Garmin GPS Plugin
2012-05-14 19:34:08 -------- d-----w- C:\Program Files (x86)\Garmin
2012-05-11 16:16:26 -------- d-----w- C:\Program Files (x86)\Audacity
2012-05-11 00:38:17 -------- d-----w- C:\Users\Vinnie\Images
2012-05-11 00:34:32 -------- d-----w- C:\Users\Vinnie\Audio
2012-05-10 23:45:03 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\PACE Anti-Piracy
2012-05-10 23:45:03 -------- d-----w- C:\Users\Vinnie\AppData\Local\PACE Anti-Piracy
2012-05-10 23:45:03 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-05-10 23:45:03 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
2012-05-10 23:39:45 -------- d-----w- C:\Windows\Downloaded Installations
2012-05-10 23:27:07 974848 ------w- C:\Windows\SysWow64\mfc70.dll
2012-05-10 23:27:07 630784 ------w- C:\Windows\SysWow64\ilinet.dll
2012-05-10 23:27:07 487424 ------w- C:\Windows\SysWow64\msvcp70.dll
2012-05-10 23:27:07 344064 ------w- C:\Windows\SysWow64\msvcr70.dll
2012-05-10 23:27:07 217088 ------w- C:\Windows\SysWow64\qtmlClient.dll
2012-05-10 23:26:00 21520 ----a-w- C:\Windows\System32\drivers\diginet.sys
2012-05-10 23:25:59 -------- d-----w- C:\Program Files (x86)\Digidesign
2012-05-10 21:37:37 -------- d-----w- C:\Users\Vinnie\AppData\Roaming\PowerMp3WmaConverter
.
==================== Find3M ====================
.
2012-04-18 16:04:43 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:07:19.70 ===============

GMER still doesnt find anything and only lets me select the originally mentioned parameters

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 08 June 2012 - 11:48 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 deffpony

deffpony
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 11 June 2012 - 09:54 PM

Ok sorry for the wait. I ran both the reports. BTW I read somewhere that if you ever run combofix you should change the name of the file so that a malware wont be able to block it. I figured that couldnt hurt so i renamed the file puppy.

Here is the combofix log


ComboFix 12-06-11.04 - Vinnie 06/11/2012 19:16:28.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12287.10317 [GMT -7:00]
Running from: N:\puppyc.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{cfe519bf-697e-d38f-5363-83fdf21d5f97}
.
---- Previous Run -------
.
c:\windows\Installer\{cfe519bf-697e-d38f-5363-83fdf21d5f97}\@
c:\windows\Installer\{cfe519bf-697e-d38f-5363-83fdf21d5f97}\L\00000004.@
c:\windows\Installer\{cfe519bf-697e-d38f-5363-83fdf21d5f97}\L\1afb2d56
c:\windows\Installer\{cfe519bf-697e-d38f-5363-83fdf21d5f97}\L\201d3dde
c:\windows\Installer\{cfe519bf-697e-d38f-5363-83fdf21d5f97}\U\00000004.@
c:\windows\Installer\{cfe519bf-697e-d38f-5363-83fdf21d5f97}\U\00000008.@
c:\windows\Installer\{cfe519bf-697e-d38f-5363-83fdf21d5f97}\U\000000cb.@
c:\windows\Installer\{cfe519bf-697e-d38f-5363-83fdf21d5f97}\U\80000000.@
c:\windows\Installer\{cfe519bf-697e-d38f-5363-83fdf21d5f97}\U\80000032.@
c:\windows\Installer\{cfe519bf-697e-d38f-5363-83fdf21d5f97}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 02:24 . 2012-06-12 02:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-12 02:24 . 2012-06-12 02:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 05:03 . 2012-06-08 05:03 -------- d-----w- c:\program files (x86)\Overloud
2012-06-04 01:53 . 2012-06-04 01:53 -------- d-----w- c:\programdata\Ableton
2012-06-04 01:48 . 2012-06-04 01:48 -------- d-----w- c:\program files (x86)\Ableton
2012-06-04 01:47 . 2012-06-04 01:53 -------- d-----w- c:\users\Vinnie\AppData\Roaming\Ableton
2012-05-20 19:28 . 2012-05-20 19:28 -------- d-----w- c:\program files (x86)\DLLSuite
2012-05-20 18:20 . 2012-05-20 18:20 -------- d-----w- c:\users\Vinnie\AppData\Roaming\VS Revo Group
2012-05-20 16:56 . 2012-05-20 16:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-20 02:48 . 2012-05-20 02:55 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-05-20 02:48 . 2012-05-20 02:53 -------- d-----w- c:\programdata\HitmanPro
2012-05-20 01:39 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\8D44.tmp
2012-05-20 01:38 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\F2E8.tmp
2012-05-20 01:37 . 2012-05-20 01:37 -------- d-----w- c:\program files (x86)\Sophos
2012-05-20 01:37 . 2012-05-20 01:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-20 01:13 . 2012-05-20 01:13 -------- d-----w- c:\users\Vinnie\AppData\Roaming\f-secure
2012-05-20 01:12 . 2012-05-20 01:12 -------- d-----w- c:\programdata\F-Secure
2012-05-19 06:59 . 2012-05-19 06:59 16200 ----a-w- c:\windows\stinger.sys
2012-05-19 06:58 . 2012-05-19 06:59 -------- d-----w- c:\program files (x86)\stinger
2012-05-19 06:56 . 2012-05-19 06:56 -------- d-----w- c:\users\Vinnie\AppData\Roaming\SUPERAntiSpyware.com
2012-05-19 06:54 . 2012-05-19 06:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-19 06:48 . 2012-05-19 06:48 115008 ----a-w- c:\windows\SysWow64\drivers\efavdrv.sys
2012-05-16 04:37 . 2012-05-16 04:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-15 13:15 . 2012-05-15 13:15 -------- d-----w- c:\users\Vinnie\AppData\Local\GARMIN_Corp
2012-05-15 12:52 . 2012-05-31 11:48 -------- d-----w- c:\program files (x86)\GPSBabel
2012-05-15 05:17 . 2012-05-15 13:16 -------- d-----w- c:\users\Vinnie\AppData\Local\Garmin
2012-05-15 04:33 . 2012-05-15 13:15 -------- d-----w- C:\Garmin
2012-05-15 04:33 . 2003-11-11 01:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-05-15 04:33 . 2003-11-11 01:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-05-15 04:33 . 2003-11-11 01:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-05-15 04:33 . 2003-11-11 01:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-05-15 04:33 . 2003-11-11 01:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-05-15 04:33 . 2012-05-15 04:33 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-05-15 04:33 . 2012-05-15 04:33 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-05-14 19:40 . 2012-05-15 13:17 -------- d-----w- c:\programdata\Garmin
2012-05-14 19:34 . 2012-05-15 13:35 -------- d-----w- c:\users\Vinnie\AppData\Roaming\Garmin
2012-05-14 19:34 . 2012-05-14 19:34 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-05-14 19:34 . 2012-05-14 19:34 -------- d-----w- c:\program files (x86)\Garmin GPS Plugin
2012-05-14 19:34 . 2012-05-15 13:15 -------- d-----w- c:\program files (x86)\Garmin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 21:07 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-24 21:06 . 2009-08-18 19:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-20 03:06 . 2012-04-20 03:06 29184 ----a-r- c:\users\Vinnie\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2012-04-18 16:04 . 2012-04-18 16:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 22:56 . 2011-09-30 02:30 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-20_19.18.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-05 05:04 . 2012-06-08 02:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-10-05 05:04 . 2012-05-20 18:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-11-21 03:09 . 2012-05-22 13:01 40392 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-12 02:28 38812 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-30 01:49 . 2012-06-12 02:28 14060 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1604574743-1052332353-3943373521-1000_UserData.bin
- 2011-09-30 01:38 . 2012-05-20 17:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-30 01:38 . 2012-05-21 02:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-30 01:38 . 2012-05-21 02:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-30 01:38 . 2012-05-20 17:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-21 02:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-20 17:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-08 02:48 99272 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-30 03:35 . 2012-06-12 02:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-30 03:35 . 2012-05-20 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-30 03:35 . 2012-06-12 02:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-30 03:35 . 2012-05-20 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-20 19:17 . 2012-05-20 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-12 02:25 . 2012-06-12 02:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-12 02:25 . 2012-06-12 02:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-20 19:17 . 2012-05-20 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-06-08 02:11 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-20 18:59 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-15 17:59 . 2012-06-12 01:36 343442 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2011-09-30 03:44 . 2011-08-24 05:57 107552 c:\windows\system32\RTNUninst64.dll
+ 2011-08-24 05:57 . 2011-08-24 05:57 107552 c:\windows\system32\RTNUninst64.dll
- 2009-07-14 02:36 . 2012-05-20 18:41 659580 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-09 12:00 659580 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-20 18:41 120508 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-09 12:00 120508 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-05-20 17:29 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-05-21 02:44 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-05-20 19:16 238252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-12 02:24 238252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-06-08 02:11 5636096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-20 18:59 5636096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 02:11 5554176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-20 18:59 5554176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-05-10 02:17 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-05-20 19:58 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-05 21:13 . 2012-06-12 02:24 1282844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1604574743-1052332353-3943373521-1000-12288.dat
- 2011-11-05 21:13 . 2012-05-20 18:22 1282844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1604574743-1052332353-3943373521-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Vinnie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Vinnie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Vinnie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Vinnie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Vinnie\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-11 137536]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Guard.Mail.ru.gui"="c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe" [2012-04-18 1790016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Vinnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Full glass.exe [2009-12-31 484319]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 L6TPrtDS;Service - Line 6 TonePort DI-S;c:\windows\system32\Drivers\L6TPrtDS64.sys [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\8D44.tmp [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2011-02-18 371472]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2011-09-01 337872]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2012-04-18 1790016]
S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe [2011-10-13 7680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604574743-1052332353-3943373521-1000Core.job
- c:\users\Vinnie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-11 16:36]
.
2012-06-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1604574743-1052332353-3943373521-1000UA.job
- c:\users\Vinnie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-11 16:36]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1604574743-1052332353-3943373521-1000Core.job
- c:\users\Vinnie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 15:36]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1604574743-1052332353-3943373521-1000UA.job
- c:\users\Vinnie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 15:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Vinnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Vinnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Vinnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Vinnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-08 798728]
"Madotate"="c:\program files (x86)\Madotate_2.02.02\madotate.exe" [2004-09-30 220672]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=109130&babsrc=HP_ss&mntrId=384f98ca0000000000006c626dec9542
mLocal Page = c:\windows\system32\blank.htm
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8D44.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\users\Vinnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe
.
**************************************************************************
.
Completion time: 2012-06-11 19:31:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-12 02:31
ComboFix2.txt 2012-05-20 19:23
.
Pre-Run: 1,054,120,595,456 bytes free
Post-Run: 1,053,955,551,232 bytes free
.
- - End Of File - - BD85EECD8DCBDDB7CAC7372E487F408A


Here is the security check log


Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 8.0
Sophos Anti-Rootkit 1.5.20
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of date!
Adobe Reader X (10.1.1)
Google Chrome 18.0.1025.168
Google Chrome 19.0.1084.46
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Thank you so much. Hope I can fix this

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 12 June 2012 - 08:12 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 deffpony

deffpony
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 12 June 2012 - 04:14 PM

Ok TDSS did not find anything here is the log:



14:04:47.0437 4332 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:04:47.0462 4332 ============================================================
14:04:47.0462 4332 Current date / time: 2012/06/12 14:04:47.0462
14:04:47.0462 4332 SystemInfo:
14:04:47.0462 4332
14:04:47.0462 4332 OS Version: 6.1.7601 ServicePack: 1.0
14:04:47.0462 4332 Product type: Workstation
14:04:47.0463 4332 ComputerName: VINNIE-PC
14:04:47.0463 4332 UserName: Vinnie
14:04:47.0463 4332 Windows directory: C:\Windows
14:04:47.0463 4332 System windows directory: C:\Windows
14:04:47.0463 4332 Running under WOW64
14:04:47.0463 4332 Processor architecture: Intel x64
14:04:47.0463 4332 Number of processors: 4
14:04:47.0463 4332 Page size: 0x1000
14:04:47.0463 4332 Boot type: Normal boot
14:04:47.0463 4332 ============================================================
14:04:49.0656 4332 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:04:49.0670 4332 Drive \Device\Harddisk1\DR1 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:04:49.0678 4332 Drive \Device\Harddisk2\DR4 - Size: 0x7A1D2200 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:04:49.0682 4332 ============================================================
14:04:49.0682 4332 \Device\Harddisk0\DR0:
14:04:49.0682 4332 MBR partitions:
14:04:49.0682 4332 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E035C1
14:04:49.0682 4332 \Device\Harddisk1\DR1:
14:04:49.0682 4332 MBR partitions:
14:04:49.0682 4332 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C0A77
14:04:49.0682 4332 \Device\Harddisk2\DR4:
14:04:49.0684 4332 MBR partitions:
14:04:49.0684 4332 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x3D070B
14:04:49.0684 4332 ============================================================
14:04:49.0736 4332 C: <-> \Device\Harddisk0\DR0\Partition0
14:04:49.0748 4332 D: <-> \Device\Harddisk1\DR1\Partition0
14:04:49.0748 4332 ============================================================
14:04:49.0748 4332 Initialize success
14:04:49.0748 4332 ============================================================
14:05:01.0429 4704 ============================================================
14:05:01.0429 4704 Scan started
14:05:01.0429 4704 Mode: Manual;
14:05:01.0429 4704 ============================================================
14:05:02.0754 4704 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:05:02.0756 4704 !SASCORE - ok
14:05:02.0930 4704 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:05:02.0933 4704 1394ohci - ok
14:05:02.0959 4704 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:05:02.0981 4704 ACPI - ok
14:05:02.0985 4704 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:05:02.0987 4704 AcpiPmi - ok
14:05:03.0068 4704 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:05:03.0069 4704 AdobeARMservice - ok
14:05:03.0142 4704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:05:03.0171 4704 adp94xx - ok
14:05:03.0206 4704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:05:03.0210 4704 adpahci - ok
14:05:03.0256 4704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:05:03.0258 4704 adpu320 - ok
14:05:03.0319 4704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:05:03.0320 4704 AeLookupSvc - ok
14:05:03.0353 4704 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
14:05:03.0383 4704 AFD - ok
14:05:03.0399 4704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:05:03.0401 4704 agp440 - ok
14:05:03.0419 4704 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:05:03.0421 4704 ALG - ok
14:05:03.0434 4704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:05:03.0435 4704 aliide - ok
14:05:03.0452 4704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:05:03.0453 4704 amdide - ok
14:05:03.0460 4704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:05:03.0461 4704 AmdK8 - ok
14:05:03.0502 4704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:05:03.0503 4704 AmdPPM - ok
14:05:03.0511 4704 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
14:05:03.0513 4704 amdsata - ok
14:05:03.0524 4704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:05:03.0527 4704 amdsbs - ok
14:05:03.0536 4704 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
14:05:03.0537 4704 amdxata - ok
14:05:03.0560 4704 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:05:03.0561 4704 AppID - ok
14:05:03.0574 4704 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:05:03.0575 4704 AppIDSvc - ok
14:05:03.0594 4704 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:05:03.0596 4704 Appinfo - ok
14:05:03.0672 4704 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:05:03.0673 4704 Apple Mobile Device - ok
14:05:03.0754 4704 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:05:03.0757 4704 AppMgmt - ok
14:05:03.0764 4704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:05:03.0766 4704 arc - ok
14:05:03.0773 4704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:05:03.0775 4704 arcsas - ok
14:05:03.0951 4704 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:05:03.0953 4704 aspnet_state - ok
14:05:03.0972 4704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:05:03.0973 4704 AsyncMac - ok
14:05:03.0992 4704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:05:03.0993 4704 atapi - ok
14:05:04.0064 4704 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
14:05:04.0065 4704 AtiPcie - ok
14:05:04.0117 4704 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:05:04.0151 4704 AudioEndpointBuilder - ok
14:05:04.0158 4704 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:05:04.0161 4704 AudioSrv - ok
14:05:04.0169 4704 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:05:04.0171 4704 AxInstSV - ok
14:05:04.0212 4704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:05:04.0242 4704 b06bdrv - ok
14:05:04.0305 4704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:05:04.0309 4704 b57nd60a - ok
14:05:04.0328 4704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:05:04.0330 4704 BDESVC - ok
14:05:04.0386 4704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:05:04.0387 4704 Beep - ok
14:05:04.0472 4704 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:05:04.0494 4704 BFE - ok
14:05:04.0551 4704 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:05:04.0580 4704 BITS - ok
14:05:04.0608 4704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:05:04.0609 4704 blbdrive - ok
14:05:04.0671 4704 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
14:05:04.0673 4704 bowser - ok
14:05:04.0677 4704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:05:04.0678 4704 BrFiltLo - ok
14:05:04.0683 4704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:05:04.0684 4704 BrFiltUp - ok
14:05:04.0719 4704 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:05:04.0720 4704 BridgeMP - ok
14:05:04.0730 4704 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:05:04.0732 4704 Browser - ok
14:05:04.0853 4704 Browser Defender Update Service (c6b40dbc558a6cec5832c34a1854aa2a) C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
14:05:04.0855 4704 Browser Defender Update Service - ok
14:05:04.0871 4704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:05:04.0874 4704 Brserid - ok
14:05:04.0880 4704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:05:04.0881 4704 BrSerWdm - ok
14:05:04.0885 4704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:05:04.0886 4704 BrUsbMdm - ok
14:05:04.0889 4704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:05:04.0891 4704 BrUsbSer - ok
14:05:04.0897 4704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:05:04.0898 4704 BTHMODEM - ok
14:05:04.0919 4704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:05:04.0921 4704 bthserv - ok
14:05:04.0934 4704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:05:04.0935 4704 cdfs - ok
14:05:04.0998 4704 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:05:05.0000 4704 cdrom - ok
14:05:05.0036 4704 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:05:05.0038 4704 CertPropSvc - ok
14:05:05.0043 4704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:05:05.0044 4704 circlass - ok
14:05:05.0072 4704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:05:05.0093 4704 CLFS - ok
14:05:05.0142 4704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:05:05.0143 4704 clr_optimization_v2.0.50727_32 - ok
14:05:05.0178 4704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:05:05.0180 4704 clr_optimization_v2.0.50727_64 - ok
14:05:05.0352 4704 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:05:05.0354 4704 clr_optimization_v4.0.30319_32 - ok
14:05:05.0419 4704 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:05:05.0420 4704 clr_optimization_v4.0.30319_64 - ok
14:05:05.0424 4704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:05:05.0426 4704 CmBatt - ok
14:05:05.0507 4704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:05:05.0508 4704 cmdide - ok
14:05:05.0579 4704 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:05:05.0645 4704 CNG - ok
14:05:05.0653 4704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:05:05.0654 4704 Compbatt - ok
14:05:05.0686 4704 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:05:05.0687 4704 CompositeBus - ok
14:05:05.0691 4704 COMSysApp - ok
14:05:05.0700 4704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:05:05.0701 4704 crcdisk - ok
14:05:05.0729 4704 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:05:05.0732 4704 CryptSvc - ok
14:05:05.0772 4704 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:05:05.0836 4704 CSC - ok
14:05:05.0868 4704 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:05:05.0875 4704 CscService - ok
14:05:05.0929 4704 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:05:05.0936 4704 DcomLaunch - ok
14:05:05.0963 4704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:05:05.0967 4704 defragsvc - ok
14:05:05.0983 4704 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:05:05.0985 4704 DfsC - ok
14:05:06.0320 4704 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:05:06.0324 4704 Dhcp - ok
14:05:06.0339 4704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:05:06.0340 4704 discache - ok
14:05:06.0360 4704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:05:06.0362 4704 Disk - ok
14:05:06.0382 4704 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:05:06.0383 4704 dmvsc - ok
14:05:06.0408 4704 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
14:05:06.0411 4704 Dnscache - ok
14:05:06.0432 4704 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:05:06.0436 4704 dot3svc - ok
14:05:06.0446 4704 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:05:06.0448 4704 DPS - ok
14:05:06.0487 4704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:05:06.0488 4704 drmkaud - ok
14:05:06.0541 4704 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:05:06.0545 4704 dtsoftbus01 - ok
14:05:06.0597 4704 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:05:06.0621 4704 DXGKrnl - ok
14:05:06.0638 4704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:05:06.0640 4704 EapHost - ok
14:05:06.0784 4704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:05:06.0836 4704 ebdrv - ok
14:05:06.0945 4704 efavdrv - ok
14:05:06.0964 4704 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
14:05:06.0966 4704 EFS - ok
14:05:07.0039 4704 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:05:07.0061 4704 ehRecvr - ok
14:05:07.0075 4704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:05:07.0077 4704 ehSched - ok
14:05:07.0113 4704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:05:07.0139 4704 elxstor - ok
14:05:07.0150 4704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:05:07.0151 4704 ErrDev - ok
14:05:07.0190 4704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:05:07.0210 4704 EventSystem - ok
14:05:07.0222 4704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:05:07.0244 4704 exfat - ok
14:05:07.0289 4704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:05:07.0292 4704 fastfat - ok
14:05:07.0354 4704 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:05:07.0377 4704 Fax - ok
14:05:07.0382 4704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:05:07.0404 4704 fdc - ok
14:05:07.0417 4704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:05:07.0418 4704 fdPHost - ok
14:05:07.0432 4704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:05:07.0434 4704 FDResPub - ok
14:05:07.0447 4704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:05:07.0449 4704 FileInfo - ok
14:05:07.0459 4704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:05:07.0460 4704 Filetrace - ok
14:05:07.0464 4704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:05:07.0490 4704 flpydisk - ok
14:05:07.0514 4704 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:05:07.0518 4704 FltMgr - ok
14:05:07.0586 4704 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
14:05:07.0617 4704 FontCache - ok
14:05:07.0693 4704 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:05:07.0695 4704 FontCache3.0.0.0 - ok
14:05:07.0703 4704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:05:07.0704 4704 FsDepends - ok
14:05:07.0725 4704 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:05:07.0726 4704 Fs_Rec - ok
14:05:07.0813 4704 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:05:07.0816 4704 fvevol - ok
14:05:07.0830 4704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:05:07.0832 4704 gagp30kx - ok
14:05:07.0844 4704 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:05:07.0845 4704 GEARAspiWDM - ok
14:05:07.0901 4704 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:05:07.0968 4704 gpsvc - ok
14:05:08.0023 4704 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
14:05:08.0024 4704 grmnusb - ok
14:05:08.0163 4704 Guard.Mail.ru (63b94e5f3063d6fd631b6bdca4a6f4ff) C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
14:05:08.0175 4704 Guard.Mail.ru - ok
14:05:08.0230 4704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:05:08.0232 4704 hcw85cir - ok
14:05:08.0306 4704 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:05:08.0328 4704 HdAudAddService - ok
14:05:08.0351 4704 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:05:08.0352 4704 HDAudBus - ok
14:05:08.0357 4704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:05:08.0358 4704 HidBatt - ok
14:05:08.0366 4704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:05:08.0368 4704 HidBth - ok
14:05:08.0373 4704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:05:08.0374 4704 HidIr - ok
14:05:08.0383 4704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:05:08.0385 4704 hidserv - ok
14:05:08.0424 4704 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:05:08.0425 4704 HidUsb - ok
14:05:08.0509 4704 hitmanpro35 (44f92c1f913e582bef9cac66443c6230) C:\Windows\system32\drivers\hitmanpro36.sys
14:05:08.0510 4704 hitmanpro35 - ok
14:05:08.0536 4704 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:05:08.0538 4704 hkmsvc - ok
14:05:08.0579 4704 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:05:08.0582 4704 HomeGroupListener - ok
14:05:08.0628 4704 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:05:08.0632 4704 HomeGroupProvider - ok
14:05:08.0644 4704 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:05:08.0646 4704 HpSAMD - ok
14:05:08.0694 4704 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:05:08.0716 4704 HTTP - ok
14:05:08.0732 4704 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:05:08.0733 4704 hwpolicy - ok
14:05:08.0749 4704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:05:08.0751 4704 i8042prt - ok
14:05:08.0772 4704 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
14:05:08.0777 4704 iaStorV - ok
14:05:08.0901 4704 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:05:08.0928 4704 idsvc - ok
14:05:08.0933 4704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:05:08.0934 4704 iirsp - ok
14:05:09.0001 4704 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:05:09.0030 4704 IKEEXT - ok
14:05:09.0228 4704 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
14:05:09.0271 4704 IntcAzAudAddService - ok
14:05:09.0382 4704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:05:09.0383 4704 intelide - ok
14:05:09.0417 4704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
14:05:09.0419 4704 intelppm - ok
14:05:09.0432 4704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:05:09.0435 4704 IPBusEnum - ok
14:05:09.0442 4704 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:05:09.0444 4704 IpFilterDriver - ok
14:05:09.0525 4704 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:05:09.0531 4704 iphlpsvc - ok
14:05:09.0538 4704 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:05:09.0539 4704 IPMIDRV - ok
14:05:09.0548 4704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:05:09.0549 4704 IPNAT - ok
14:05:09.0663 4704 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
14:05:09.0667 4704 iPod Service - ok
14:05:09.0696 4704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:05:09.0698 4704 IRENUM - ok
14:05:09.0702 4704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:05:09.0704 4704 isapnp - ok
14:05:09.0769 4704 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:05:09.0772 4704 iScsiPrt - ok
14:05:09.0878 4704 JumpDesktop (be27bf5173fdcc81015b1aa1a71fbf8e) C:\Program Files (x86)\Jump Desktop\JumpService.exe
14:05:09.0878 4704 JumpDesktop - ok
14:05:09.0893 4704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:05:09.0895 4704 kbdclass - ok
14:05:09.0900 4704 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:05:09.0901 4704 kbdhid - ok
14:05:09.0928 4704 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:05:09.0929 4704 KeyIso - ok
14:05:09.0944 4704 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:05:09.0946 4704 KSecDD - ok
14:05:09.0964 4704 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:05:09.0966 4704 KSecPkg - ok
14:05:09.0978 4704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:05:09.0979 4704 ksthunk - ok
14:05:10.0037 4704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:05:10.0059 4704 KtmRm - ok
14:05:10.0149 4704 L6TPrtDS (1107dd2b04a2c73ccbb614c12c70b775) C:\Windows\system32\Drivers\L6TPrtDS64.sys
14:05:10.0179 4704 L6TPrtDS - ok
14:05:10.0206 4704 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:05:10.0210 4704 LanmanServer - ok
14:05:10.0230 4704 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:05:10.0232 4704 LanmanWorkstation - ok
14:05:10.0248 4704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:05:10.0249 4704 lltdio - ok
14:05:10.0272 4704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:05:10.0277 4704 lltdsvc - ok
14:05:10.0289 4704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:05:10.0291 4704 lmhosts - ok
14:05:10.0341 4704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:05:10.0343 4704 LSI_FC - ok
14:05:10.0351 4704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:05:10.0353 4704 LSI_SAS - ok
14:05:10.0359 4704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:05:10.0360 4704 LSI_SAS2 - ok
14:05:10.0369 4704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:05:10.0370 4704 LSI_SCSI - ok
14:05:10.0396 4704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:05:10.0398 4704 luafv - ok
14:05:10.0450 4704 MAUSBFASTTRACK (f2643036b225ba4621a965434478f35e) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
14:05:10.0452 4704 MAUSBFASTTRACK - ok
14:05:10.0513 4704 MAUSBFASTTRACKPRO (066991e50a5cbbeefb2ec6880069cdb5) C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys
14:05:10.0516 4704 MAUSBFASTTRACKPRO - ok
14:05:10.0555 4704 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:05:10.0556 4704 MBAMProtector - ok
14:05:10.0631 4704 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:05:10.0654 4704 MBAMService - ok
14:05:10.0695 4704 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:05:10.0698 4704 Mcx2Svc - ok
14:05:10.0703 4704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:05:10.0705 4704 megasas - ok
14:05:10.0729 4704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:05:10.0777 4704 MegaSR - ok
14:05:10.0822 4704 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\8D44.tmp
14:05:10.0823 4704 MEMSWEEP2 - ok
14:05:10.0843 4704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:05:10.0845 4704 MMCSS - ok
14:05:10.0863 4704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:05:10.0864 4704 Modem - ok
14:05:10.0923 4704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:05:10.0925 4704 monitor - ok
14:05:10.0931 4704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:05:10.0933 4704 mouclass - ok
14:05:10.0982 4704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:05:10.0983 4704 mouhid - ok
14:05:11.0008 4704 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:05:11.0041 4704 mountmgr - ok
14:05:11.0051 4704 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:05:11.0053 4704 mpio - ok
14:05:11.0074 4704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:05:11.0076 4704 mpsdrv - ok
14:05:11.0170 4704 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:05:11.0234 4704 MpsSvc - ok
14:05:11.0248 4704 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:05:11.0250 4704 MRxDAV - ok
14:05:11.0275 4704 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:05:11.0278 4704 mrxsmb - ok
14:05:11.0300 4704 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:05:11.0304 4704 mrxsmb10 - ok
14:05:11.0368 4704 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:05:11.0370 4704 mrxsmb20 - ok
14:05:11.0375 4704 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:05:11.0376 4704 msahci - ok
14:05:11.0405 4704 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:05:11.0407 4704 msdsm - ok
14:05:11.0434 4704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:05:11.0437 4704 MSDTC - ok
14:05:11.0446 4704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:05:11.0447 4704 Msfs - ok
14:05:11.0467 4704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:05:11.0468 4704 mshidkmdf - ok
14:05:11.0472 4704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:05:11.0473 4704 msisadrv - ok
14:05:11.0539 4704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:05:11.0542 4704 MSiSCSI - ok
14:05:11.0545 4704 msiserver - ok
14:05:11.0562 4704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:05:11.0563 4704 MSKSSRV - ok
14:05:11.0575 4704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:05:11.0577 4704 MSPCLOCK - ok
14:05:11.0580 4704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:05:11.0582 4704 MSPQM - ok
14:05:11.0609 4704 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:05:11.0630 4704 MsRPC - ok
14:05:11.0637 4704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:05:11.0638 4704 mssmbios - ok
14:05:11.0647 4704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:05:11.0648 4704 MSTEE - ok
14:05:11.0661 4704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:05:11.0662 4704 MTConfig - ok
14:05:11.0680 4704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:05:11.0681 4704 Mup - ok
14:05:11.0742 4704 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:05:11.0783 4704 napagent - ok
14:05:11.0824 4704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:05:11.0828 4704 NativeWifiP - ok
14:05:11.0888 4704 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:05:11.0897 4704 NDIS - ok
14:05:11.0921 4704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:05:11.0922 4704 NdisCap - ok
14:05:11.0931 4704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:05:11.0932 4704 NdisTapi - ok
14:05:11.0939 4704 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:05:11.0941 4704 Ndisuio - ok
14:05:11.0953 4704 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:05:11.0956 4704 NdisWan - ok
14:05:11.0977 4704 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:05:11.0978 4704 NDProxy - ok
14:05:11.0987 4704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:05:11.0988 4704 NetBIOS - ok
14:05:12.0009 4704 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:05:12.0012 4704 NetBT - ok
14:05:12.0017 4704 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:05:12.0019 4704 Netlogon - ok
14:05:12.0069 4704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:05:12.0091 4704 Netman - ok
14:05:12.0246 4704 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:12.0248 4704 NetMsmqActivator - ok
14:05:12.0278 4704 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:12.0279 4704 NetPipeActivator - ok
14:05:12.0303 4704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:05:12.0309 4704 netprofm - ok
14:05:12.0312 4704 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:12.0313 4704 NetTcpActivator - ok
14:05:12.0317 4704 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:12.0318 4704 NetTcpPortSharing - ok
14:05:12.0349 4704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:05:12.0350 4704 nfrd960 - ok
14:05:12.0410 4704 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:05:12.0415 4704 NlaSvc - ok
14:05:12.0434 4704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:05:12.0435 4704 Npfs - ok
14:05:12.0448 4704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:05:12.0450 4704 nsi - ok
14:05:12.0460 4704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:05:12.0462 4704 nsiproxy - ok
14:05:12.0528 4704 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
14:05:12.0563 4704 Ntfs - ok
14:05:12.0621 4704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:05:12.0622 4704 Null - ok
14:05:12.0694 4704 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
14:05:12.0696 4704 nusb3hub - ok
14:05:12.0735 4704 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:05:12.0737 4704 nusb3xhc - ok
14:05:12.0829 4704 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
14:05:12.0831 4704 NVHDA - ok
14:05:13.0239 4704 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:05:13.0428 4704 nvlddmkm - ok
14:05:13.0501 4704 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
14:05:13.0503 4704 nvraid - ok
14:05:13.0523 4704 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
14:05:13.0525 4704 nvstor - ok
14:05:13.0603 4704 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
14:05:13.0612 4704 nvsvc - ok
14:05:13.0797 4704 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:05:13.0859 4704 nvUpdatusService - ok
14:05:13.0913 4704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:05:13.0915 4704 nv_agp - ok
14:05:13.0922 4704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:05:13.0924 4704 ohci1394 - ok
14:05:13.0977 4704 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:05:13.0979 4704 ose - ok
14:05:14.0030 4704 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:05:14.0034 4704 p2pimsvc - ok
14:05:14.0079 4704 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:05:14.0108 4704 p2psvc - ok
14:05:14.0116 4704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:05:14.0117 4704 Parport - ok
14:05:14.0135 4704 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:05:14.0137 4704 partmgr - ok
14:05:14.0160 4704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:05:14.0163 4704 PcaSvc - ok
14:05:14.0221 4704 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:05:14.0224 4704 pci - ok
14:05:14.0238 4704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:05:14.0239 4704 pciide - ok
14:05:14.0253 4704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:05:14.0255 4704 pcmcia - ok
14:05:14.0290 4704 PCTCore (52fa4369e262b047ebd3a37155e30074) C:\Windows\system32\drivers\PCTCore64.sys
14:05:14.0311 4704 PCTCore - ok
14:05:14.0367 4704 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
14:05:14.0397 4704 pctDS - ok
14:05:14.0465 4704 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
14:05:14.0495 4704 pctEFA - ok
14:05:14.0521 4704 PCTSD (8da7df6075472233cc5a9734bf973b2e) C:\Windows\system32\Drivers\PCTSD64.sys
14:05:14.0524 4704 PCTSD - ok
14:05:14.0535 4704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:05:14.0536 4704 pcw - ok
14:05:14.0577 4704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:05:14.0601 4704 PEAUTH - ok
14:05:14.0676 4704 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:05:14.0690 4704 PeerDistSvc - ok
14:05:14.0787 4704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:05:14.0789 4704 PerfHost - ok
14:05:14.0890 4704 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:05:14.0925 4704 pla - ok
14:05:14.0987 4704 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
14:05:14.0992 4704 PlugPlay - ok
14:05:15.0024 4704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:05:15.0026 4704 PNRPAutoReg - ok
14:05:15.0047 4704 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:05:15.0049 4704 PNRPsvc - ok
14:05:15.0099 4704 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:05:15.0127 4704 PolicyAgent - ok
14:05:15.0154 4704 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:05:15.0157 4704 Power - ok
14:05:15.0230 4704 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:05:15.0233 4704 PptpMiniport - ok
14:05:15.0244 4704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:05:15.0245 4704 Processor - ok
14:05:15.0265 4704 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:05:15.0268 4704 ProfSvc - ok
14:05:15.0279 4704 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:05:15.0281 4704 ProtectedStorage - ok
14:05:15.0303 4704 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:05:15.0304 4704 Psched - ok
14:05:15.0421 4704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:05:15.0451 4704 ql2300 - ok
14:05:15.0529 4704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:05:15.0531 4704 ql40xx - ok
14:05:15.0549 4704 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:05:15.0553 4704 QWAVE - ok
14:05:15.0572 4704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:05:15.0573 4704 QWAVEdrv - ok
14:05:15.0583 4704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:05:15.0585 4704 RasAcd - ok
14:05:15.0622 4704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:05:15.0623 4704 RasAgileVpn - ok
14:05:15.0640 4704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:05:15.0642 4704 RasAuto - ok
14:05:15.0660 4704 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:05:15.0662 4704 Rasl2tp - ok
14:05:15.0694 4704 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:05:15.0716 4704 RasMan - ok
14:05:15.0752 4704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:05:15.0754 4704 RasPppoe - ok
14:05:15.0787 4704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:05:15.0788 4704 RasSstp - ok
14:05:15.0805 4704 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:05:15.0810 4704 rdbss - ok
14:05:15.0831 4704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:05:15.0832 4704 rdpbus - ok
14:05:15.0845 4704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:05:15.0846 4704 RDPCDD - ok
14:05:15.0907 4704 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:05:15.0910 4704 RDPDR - ok
14:05:15.0932 4704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:05:15.0933 4704 RDPENCDD - ok
14:05:15.0939 4704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:05:15.0940 4704 RDPREFMP - ok
14:05:16.0017 4704 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:05:16.0018 4704 RdpVideoMiniport - ok
14:05:16.0030 4704 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:05:16.0033 4704 RDPWD - ok
14:05:16.0055 4704 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:05:16.0058 4704 rdyboost - ok
14:05:16.0133 4704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:05:16.0135 4704 RemoteAccess - ok
14:05:16.0149 4704 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:05:16.0152 4704 RemoteRegistry - ok
14:05:16.0166 4704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:05:16.0168 4704 RpcEptMapper - ok
14:05:16.0177 4704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:05:16.0179 4704 RpcLocator - ok
14:05:16.0212 4704 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:05:16.0216 4704 RpcSs - ok
14:05:16.0268 4704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:05:16.0270 4704 rspndr - ok
14:05:16.0349 4704 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:05:16.0355 4704 RTL8167 - ok
14:05:16.0382 4704 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:05:16.0383 4704 s3cap - ok
14:05:16.0395 4704 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:05:16.0396 4704 SamSs - ok
14:05:16.0512 4704 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:05:16.0513 4704 SASDIFSV - ok
14:05:16.0520 4704 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:05:16.0521 4704 SASKUTIL - ok
14:05:16.0530 4704 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:05:16.0531 4704 sbp2port - ok
14:05:16.0558 4704 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:05:16.0562 4704 SCardSvr - ok
14:05:16.0632 4704 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
14:05:16.0633 4704 SCDEmu - ok
14:05:16.0648 4704 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:05:16.0649 4704 scfilter - ok
14:05:16.0734 4704 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:05:16.0788 4704 Schedule - ok
14:05:16.0807 4704 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:05:16.0808 4704 SCPolicySvc - ok
14:05:16.0865 4704 sdAuxService (cadc6d185d8560a1ec266b0a97c4f153) C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
14:05:16.0868 4704 sdAuxService - ok
14:05:16.0929 4704 sdCoreService (b895eccd553feebb424e80b5d239757c) C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
14:05:16.0935 4704 sdCoreService - ok
14:05:17.0009 4704 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:05:17.0013 4704 SDRSVC - ok
14:05:17.0070 4704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:05:17.0071 4704 secdrv - ok
14:05:17.0076 4704 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:05:17.0078 4704 seclogon - ok
14:05:17.0085 4704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:05:17.0087 4704 SENS - ok
14:05:17.0105 4704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:05:17.0107 4704 SensrSvc - ok
14:05:17.0164 4704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:05:17.0165 4704 Serenum - ok
14:05:17.0228 4704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:05:17.0230 4704 Serial - ok
14:05:17.0305 4704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:05:17.0306 4704 sermouse - ok
14:05:17.0332 4704 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:05:17.0335 4704 SessionEnv - ok
14:05:17.0339 4704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:05:17.0341 4704 sffdisk - ok
14:05:17.0344 4704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:05:17.0345 4704 sffp_mmc - ok
14:05:17.0349 4704 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:05:17.0350 4704 sffp_sd - ok
14:05:17.0355 4704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:05:17.0357 4704 sfloppy - ok
14:05:17.0425 4704 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:05:17.0447 4704 SharedAccess - ok
14:05:17.0482 4704 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:05:17.0503 4704 ShellHWDetection - ok
14:05:17.0517 4704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:05:17.0518 4704 SiSRaid2 - ok
14:05:17.0525 4704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:05:17.0527 4704 SiSRaid4 - ok
14:05:17.0580 4704 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:05:17.0583 4704 SkypeUpdate - ok
14:05:17.0628 4704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:05:17.0629 4704 Smb - ok
14:05:17.0667 4704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:05:17.0669 4704 SNMPTRAP - ok
14:05:17.0682 4704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:05:17.0683 4704 spldr - ok
14:05:17.0725 4704 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:05:17.0775 4704 Spooler - ok
14:05:17.0975 4704 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:05:18.0048 4704 sppsvc - ok
14:05:18.0103 4704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:05:18.0106 4704 sppuinotify - ok
14:05:18.0180 4704 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
14:05:18.0210 4704 srv - ok
14:05:18.0231 4704 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
14:05:18.0236 4704 srv2 - ok
14:05:18.0256 4704 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
14:05:18.0259 4704 srvnet - ok
14:05:18.0287 4704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:05:18.0301 4704 SSDPSRV - ok
14:05:18.0308 4704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:05:18.0327 4704 SstpSvc - ok
14:05:18.0438 4704 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:05:18.0441 4704 Stereo Service - ok
14:05:18.0446 4704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:05:18.0447 4704 stexstor - ok
14:05:18.0503 4704 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:05:18.0530 4704 stisvc - ok
14:05:18.0545 4704 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:05:18.0547 4704 storflt - ok
14:05:18.0580 4704 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:05:18.0581 4704 storvsc - ok
14:05:18.0590 4704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:05:18.0591 4704 swenum - ok
14:05:18.0617 4704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:05:18.0647 4704 swprv - ok
14:05:18.0664 4704 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
14:05:18.0666 4704 Synth3dVsc - ok
14:05:18.0758 4704 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:05:18.0792 4704 SysMain - ok
14:05:18.0839 4704 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:05:18.0842 4704 TabletInputService - ok
14:05:18.0875 4704 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:05:18.0880 4704 TapiSrv - ok
14:05:18.0896 4704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:05:18.0898 4704 TBS - ok
14:05:18.0996 4704 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
14:05:19.0026 4704 Tcpip - ok
14:05:19.0198 4704 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
14:05:19.0207 4704 TCPIP6 - ok
14:05:19.0259 4704 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:05:19.0260 4704 tcpipreg - ok
14:05:19.0275 4704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:05:19.0276 4704 TDPIPE - ok
14:05:19.0280 4704 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:05:19.0281 4704 TDTCP - ok
14:05:19.0300 4704 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:05:19.0302 4704 tdx - ok
14:05:19.0320 4704 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:05:19.0322 4704 TermDD - ok
14:05:19.0326 4704 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
14:05:19.0327 4704 terminpt - ok
14:05:19.0375 4704 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:05:19.0396 4704 TermService - ok
14:05:19.0416 4704 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:05:19.0418 4704 Themes - ok
14:05:19.0448 4704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:05:19.0449 4704 THREADORDER - ok
14:05:19.0510 4704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:05:19.0513 4704 TrkWks - ok
14:05:19.0546 4704 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:05:19.0549 4704 TrustedInstaller - ok
14:05:19.0558 4704 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:05:19.0559 4704 tssecsrv - ok
14:05:19.0565 4704 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:05:19.0567 4704 TsUsbFlt - ok
14:05:19.0571 4704 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:05:19.0573 4704 TsUsbGD - ok
14:05:19.0592 4704 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
14:05:19.0593 4704 tsusbhub - ok
14:05:19.0648 4704 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:05:19.0650 4704 tunnel - ok
14:05:19.0655 4704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:05:19.0657 4704 uagp35 - ok
14:05:19.0681 4704 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:05:19.0704 4704 udfs - ok
14:05:19.0758 4704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:05:19.0760 4704 UI0Detect - ok
14:05:19.0796 4704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:05:19.0798 4704 uliagpkx - ok
14:05:19.0828 4704 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:05:19.0829 4704 umbus - ok
14:05:19.0833 4704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:05:19.0834 4704 UmPass - ok
14:05:19.0864 4704 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:05:19.0868 4704 UmRdpService - ok
14:05:19.0902 4704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:05:19.0923 4704 upnphost - ok
14:05:19.0957 4704 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:05:19.0959 4704 USBAAPL64 - ok
14:05:20.0024 4704 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:05:20.0026 4704 usbaudio - ok
14:05:20.0062 4704 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
14:05:20.0064 4704 usbccgp - ok
14:05:20.0078 4704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:05:20.0080 4704 usbcir - ok
14:05:20.0160 4704 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
14:05:20.0161 4704 usbehci - ok
14:05:20.0216 4704 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\Windows\system32\DRIVERS\usbfilter.sys
14:05:20.0217 4704 usbfilter - ok
14:05:20.0248 4704 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
14:05:20.0270 4704 usbhub - ok
14:05:20.0314 4704 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
14:05:20.0315 4704 usbohci - ok
14:05:20.0372 4704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:05:20.0373 4704 usbprint - ok
14:05:20.0425 4704 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:05:20.0426 4704 usbscan - ok
14:05:20.0440 4704 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:05:20.0442 4704 USBSTOR - ok
14:05:20.0447 4704 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
14:05:20.0448 4704 usbuhci - ok
14:05:20.0512 4704 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:05:20.0515 4704 usbvideo - ok
14:05:20.0533 4704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:05:20.0536 4704 UxSms - ok
14:05:20.0572 4704 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:05:20.0573 4704 VaultSvc - ok
14:05:20.0589 4704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:05:20.0590 4704 vdrvroot - ok
14:05:20.0625 4704 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:05:20.0652 4704 vds - ok
14:05:20.0657 4704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:05:20.0658 4704 vga - ok
14:05:20.0663 4704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:05:20.0664 4704 VgaSave - ok
14:05:20.0667 4704 VGPU - ok
14:05:20.0681 4704 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:05:20.0684 4704 vhdmp - ok
14:05:20.0695 4704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:05:20.0696 4704 viaide - ok
14:05:20.0736 4704 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:05:20.0739 4704 vmbus - ok
14:05:20.0758 4704 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:05:20.0759 4704 VMBusHID - ok
14:05:20.0773 4704 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:05:20.0774 4704 volmgr - ok
14:05:20.0803 4704 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:05:20.0825 4704 volmgrx - ok
14:05:20.0846 4704 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:05:20.0850 4704 volsnap - ok
14:05:20.0870 4704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:05:20.0873 4704 vsmraid - ok
14:05:20.0966 4704 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:05:21.0026 4704 VSS - ok
14:05:21.0148 4704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:05:21.0149 4704 vwifibus - ok
14:05:21.0186 4704 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:05:21.0206 4704 W32Time - ok
14:05:21.0213 4704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:05:21.0214 4704 WacomPen - ok
14:05:21.0269 4704 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:05:21.0271 4704 WANARP - ok
14:05:21.0314 4704 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:05:21.0315 4704 Wanarpv6 - ok
14:05:21.0406 4704 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:05:21.0443 4704 WatAdminSvc - ok
14:05:21.0533 4704 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:05:21.0574 4704 wbengine - ok
14:05:21.0634 4704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:05:21.0638 4704 WbioSrvc - ok
14:05:21.0667 4704 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:05:21.0687 4704 wcncsvc - ok
14:05:21.0726 4704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:05:21.0728 4704 WcsPlugInService - ok
14:05:21.0736 4704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:05:21.0737 4704 Wd - ok
14:05:21.0752 4704 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
14:05:21.0753 4704 WDC_SAM - ok
14:05:21.0862 4704 WDDMService (fa24fbe15a8036387ecc013d06094f3d) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:05:21.0863 4704 WDDMService - ok
14:05:21.0896 4704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:05:21.0903 4704 Wdf01000 - ok
14:05:21.0962 4704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:05:21.0964 4704 WdiServiceHost - ok
14:05:21.0967 4704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:05:21.0969 4704 WdiSystemHost - ok
14:05:22.0004 4704 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
14:05:22.0005 4704 WDSmartWareBackgroundService - ok
14:05:22.0026 4704 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:05:22.0030 4704 WebClient - ok
14:05:22.0048 4704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:05:22.0053 4704 Wecsvc - ok
14:05:22.0063 4704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:05:22.0066 4704 wercplsupport - ok
14:05:22.0106 4704 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:05:22.0108 4704 WerSvc - ok
14:05:22.0120 4704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:05:22.0121 4704 WfpLwf - ok
14:05:22.0125 4704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:05:22.0126 4704 WIMMount - ok
14:05:22.0185 4704 WinDefend - ok
14:05:22.0193 4704 WinHttpAutoProxySvc - ok
14:05:22.0237 4704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:05:22.0240 4704 Winmgmt - ok
14:05:22.0352 4704 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:05:22.0388 4704 WinRM - ok
14:05:22.0527 4704 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:05:22.0528 4704 WinUsb - ok
14:05:22.0599 4704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:05:22.0626 4704 Wlansvc - ok
14:05:22.0838 4704 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:05:22.0912 4704 wlidsvc - ok
14:05:22.0946 4704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:05:22.0948 4704 WmiAcpi - ok
14:05:22.0977 4704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:05:22.0980 4704 wmiApSrv - ok
14:05:22.0993 4704 WMPNetworkSvc - ok
14:05:23.0008 4704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:05:23.0011 4704 WPCSvc - ok
14:05:23.0029 4704 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:05:23.0032 4704 WPDBusEnum - ok
14:05:23.0044 4704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:05:23.0046 4704 ws2ifsl - ok
14:05:23.0108 4704 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:05:23.0110 4704 wscsvc - ok
14:05:23.0113 4704 WSearch - ok
14:05:23.0255 4704 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:05:23.0328 4704 wuauserv - ok
14:05:23.0381 4704 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:05:23.0383 4704 WudfPf - ok
14:05:23.0401 4704 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:05:23.0403 4704 WUDFRd - ok
14:05:23.0415 4704 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:05:23.0418 4704 wudfsvc - ok
14:05:23.0443 4704 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:05:23.0448 4704 WwanSvc - ok
14:05:23.0483 4704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:05:23.0677 4704 \Device\Harddisk0\DR0 - ok
14:05:23.0681 4704 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:05:23.0706 4704 \Device\Harddisk1\DR1 - ok
14:05:23.0713 4704 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk2\DR4
14:05:23.0718 4704 \Device\Harddisk2\DR4 - ok
14:05:23.0721 4704 Boot (0x1200) (7c19b75431ee8d7873f03caacb59e0ef) \Device\Harddisk0\DR0\Partition0
14:05:23.0722 4704 \Device\Harddisk0\DR0\Partition0 - ok
14:05:23.0725 4704 Boot (0x1200) (5c5cafa5f284ca50f82837795222b198) \Device\Harddisk1\DR1\Partition0
14:05:23.0726 4704 \Device\Harddisk1\DR1\Partition0 - ok
14:05:23.0732 4704 Boot (0x1200) (467627a82bd8c1f35cb9fd36b06c672d) \Device\Harddisk2\DR4\Partition0
14:05:23.0733 4704 \Device\Harddisk2\DR4\Partition0 - ok
14:05:23.0734 4704 ============================================================
14:05:23.0734 4704 Scan finished
14:05:23.0734 4704 ============================================================
14:05:23.0743 4624 Detected object count: 0
14:05:23.0744 4624 Actual detected object count: 0

As for aswMBR it would not download the definitions(im assuming because my internet doesnt work) but I ran the scan anyways. Here is the log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-21 21:11:11
-----------------------------
21:11:11.286 OS Version: Windows x64 6.1.7601 Service Pack 1
21:11:11.286 Number of processors: 4 586 0x503
21:11:11.287 ComputerName: VINNIE-PC UserName: Vinnie
21:11:17.051 Initialize success
21:11:29.738 AVAST engine download error: 0
21:12:42.436 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:12:42.438 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
21:12:42.441 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T1L0-a
21:12:42.443 Disk 1 Vendor: HDS722516VLAT20 V34OA60A Size: 157066MB BusType: 3
21:12:42.445 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007c
21:12:42.448 Disk 2 Vendor: Size: 157066MB BusType: 0
21:12:42.485 Disk 0 MBR read successfully
21:12:42.489 Disk 0 MBR scan
21:12:42.491 Disk 0 Windows 7 default MBR code
21:12:42.494 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1907718 MB offset 63
21:12:42.514 Disk 0 scanning C:\Windows\system32\drivers
21:12:48.407 Service scanning
21:13:03.265 Modules scanning
21:13:03.653 Disk 0 trace - called modules:
21:13:03.676 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:13:03.681 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800aa06790]
21:13:03.686 3 CLASSPNP.SYS[fffff88001b9643f] -> nt!IofCallDriver -> [0xfffffa800a90c8f0]
21:13:03.690 5 PCTCore64.sys[fffff8800110ea40] -> nt!IofCallDriver -> [0xfffffa800a9339b0]
21:13:03.695 7 ACPI.sys[fffff88000e6d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800a9f5060]
21:13:03.702 Scan finished successfully
21:14:51.143 Disk 0 MBR has been saved successfully to "P:\MBR.dat"
21:14:51.187 The log file has been saved successfully to "P:\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 14:08:29
-----------------------------
14:08:29.100 OS Version: Windows x64 6.1.7601 Service Pack 1
14:08:29.100 Number of processors: 4 586 0x503
14:08:29.101 ComputerName: VINNIE-PC UserName: Vinnie
14:08:33.130 Initialize success
14:08:46.144 AVAST engine download error: 0
14:09:02.054 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:09:02.056 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
14:09:02.058 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T1L0-a
14:09:02.061 Disk 1 Vendor: HDS722516VLAT20 V34OA60A Size: 157066MB BusType: 3
14:09:02.063 Disk 2 \Device\Harddisk2\DR4 -> \Device\00000085
14:09:02.066 Disk 2 Vendor: Size: 157066MB BusType: 0
14:09:02.082 Disk 0 MBR read successfully
14:09:02.085 Disk 0 MBR scan
14:09:02.088 Disk 0 Windows 7 default MBR code
14:09:02.091 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1907718 MB offset 63
14:09:02.111 Disk 0 scanning C:\Windows\system32\drivers
14:09:06.590 Service scanning
14:09:16.431 Modules scanning
14:09:16.439 Disk 0 trace - called modules:
14:09:16.458 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:09:16.464 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800aa1b790]
14:09:16.469 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800a9608c0]
14:09:16.475 5 PCTCore64.sys[fffff8800115aa40] -> nt!IofCallDriver -> [0xfffffa800a9519b0]
14:09:16.481 7 ACPI.sys[fffff88000ecc7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800aa11060]
14:09:16.488 Scan finished successfully
14:11:35.365 Disk 0 MBR has been saved successfully to "I:\MBR.dat"
14:11:35.511 The log file has been saved successfully to "I:\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 12 June 2012 - 09:12 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 deffpony

deffpony
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 12 June 2012 - 10:49 PM

Farbar Service Scanner Version: 09-06-2012
Ran by Vinnie (administrator) on 12-06-2012 at 20:40:36
Running from "I:\"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blokked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2010-11-20 20:24] - [2010-11-20 20:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2010-11-20 20:24] - [2010-11-20 20:24] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

C:\Windows\System32\dnsrslvr.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 12 June 2012 - 10:52 PM

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
Posted Image
Make sure "DNS" tab looks like this:
Posted Image
Make sure "WINS" tab looks like this:
Posted Image
8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.

------------------------------------------------

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

------------------------------------------

If that doesn't work, bypass router, and connect computer straight to the modem.

---------------------------------------------

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

-------------------------------------------------------

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 deffpony

deffpony
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 12 June 2012 - 11:13 PM

I have done everything you just stated prior to starting this topic. I posted a topic in the networking section and they told me I must have a virus and to post a new topic here.

So just to be thorough I did everything you just listed verbatim. Only difference is I ran command prmt as an admin cause Im using win 7. I still have the same problem.

I have posted this problem on 4 other forums sites and they have all given up. Hope there is more that I can do.

#14 deffpony

deffpony
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 12 June 2012 - 11:16 PM

BTW i can use skype, and torrent files can still download in uTorren. But my browsers dont work, and alot of other internet features like updates.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 12 June 2012 - 11:25 PM

greetings


I want to try something

down load firefox from the other computer and install it on this one and let me know if it works


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users