Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit infections, asked to post log.


  • This topic is locked This topic is locked
26 replies to this topic

#1 jev11

jev11

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:08:23 PM

Posted 17 June 2012 - 12:34 AM

Hi,

I have been told by a tech at my ISP that I have rootkit infection(s) because when I did ipconfig in command prompt that it showed tunnel adapters. He was saying since i dont use my pc to connect to work, it is just use for games mainly that I have no need for a tunnel adapter. He had me look in my device manager under network where it shows microsoft 6to4, microsoft ISATAP adapter, both of which he had me disable, reboot and there is the same adapter just with a "2" beside them. There is also RAS Async adapter. along with Teredo tunneling pseudo-Interface, which was disabled but re enabled itself.

I had been in contact with my ISP tech for about 6 months now due to lack of a stable internet connection. I have extreme speed which should be a stable 22-24 megs down. but on a good day ill get 12-13 and on a bad day ill have 2-4 megs down. I notice this when trying to watch game streams on twitch tv as i sometimes i cant even stream 360 quality.

I have tried various rootkit detection and removal software but nothing has been able to fix my issue so I am looking here to try and get this nasty stuff of my beloved computer.

Also, my email had been hacked, turned into a bot, had 100s of sent emails to random people and someone had been replying to emails posing as me when talking to a game company because my account had been hacked.

some pc info

using windows 7 64 bit, fully updated
have bitdefender 2012 total security
i5 2500k
8gig ram

I am unable to use GMER because of my 64bit system, so I understand.

Let me know if you need anymore info, huge thanks in advance for any help. Its greatly appreciated.

Thank you.

Ian

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 17 June 2012 - 01:06 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jev11

jev11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:08:23 PM

Posted 17 June 2012 - 01:22 AM

Hi Gringo, Thank you for your reply. Here are the logs:

checkup.txt is below


Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
Bitdefender Bitdefender 2012 vsserv.exe
Bitdefender Bitdefender 2012 bdagent.exe
Bitdefender Bitdefender 2012 updatesrv.exe
Bitdefender Bitdefender 2012 seccenter.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 18% Defragment your hard drive soon!
````````````````````End of Log``````````````````````



DDS.txt is below:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Owner at 23:17:03 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8169.5930 [GMT -7:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x86\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x64\LCDClock.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\real temp\RealTemp.exe
C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
C:\Program Files (x86)\EVGA Precision X\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_1&u=___userid___
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
TCP: Interfaces\{BF693B03-D141-4331-9AC4-BEBDE055787B} : DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v2v4k4iu.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v2v4k4iu.default\extensions\2020Player_WEB@2020Technologies.com\plugins\NP_2020Player_WEB.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: E:\Adobe Reader\Reader\AIR\nppdf32.dll
FF - plugin: E:\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: E:\Java\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2012-6-14 90192]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-6-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-20 1262400]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-6-14 66096]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-4-13 15176]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\real temp\WinRing0x64.sys [2012-1-29 14544]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;E:\Advanced System Optimizer 3\ASO3DefragSrv64.exe --> E:\Advanced System Optimizer 3\ASO3DefragSrv64.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2012-6-14 75384]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2012-6-14 466736]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-15 18:58:58 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0FD03551-11ED-4E78-A203-E2728BEBF04E}\mpengine.dll
2012-06-15 18:52:56 -------- d-----w- C:\ProgramData\GFI Software
2012-06-15 06:16:45 -------- d-----w- C:\Users\Owner\AppData\Local\adawarebp
2012-06-15 06:16:36 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-06-15 06:16:34 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-06-15 06:14:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\TestApp
2012-06-15 06:14:04 -------- d-----w- C:\ProgramData\PC Tools
2012-06-15 06:12:20 -------- d-----w- C:\Users\Owner\Pavark
2012-06-14 07:29:01 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys
2012-06-14 07:28:35 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys
2012-06-14 07:26:58 442088 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2012-06-14 07:25:38 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-06-14 07:25:32 79952 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2012-06-14 07:25:17 258736 ----a-w- C:\Windows\System32\drivers\avchv.sys
2012-06-14 07:25:01 90192 ----a-w- C:\Windows\System32\drivers\bdfndisf6.sys
2012-06-14 07:24:09 152919 ----a-w- C:\ProgramData\1339658606.bdinstall.bin
2012-06-14 07:23:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\Bitdefender
2012-06-14 07:23:48 -------- d-----w- C:\ProgramData\Bitdefender
2012-06-14 07:20:26 90302 ----a-w- C:\ProgramData\1339658376.bdinstall.bin
2012-06-14 06:04:24 544724 ----a-w- C:\ProgramData\1339653814.bdinstall.bin
2012-06-14 06:01:47 15684 ----a-w- C:\ProgramData\1339653706.bdinstall.bin
2012-06-14 06:01:33 15684 ----a-w- C:\ProgramData\1339653692.bdinstall.bin
2012-06-14 06:01:30 15684 ----a-w- C:\ProgramData\1339653686.bdinstall.bin
2012-06-14 06:01:24 91353 ----a-w- C:\ProgramData\1339653675.bdinstall.bin
2012-06-14 06:01:24 -------- d-----w- C:\Program Files\Bitdefender
2012-06-14 05:59:04 15684 ----a-w- C:\ProgramData\1339653541.bdinstall.bin
2012-06-14 05:40:11 -------- d-----w- C:\ProgramData\Sophos
2012-06-14 05:39:22 91213 ----a-w- C:\ProgramData\1339652327.bdinstall.bin
2012-06-14 05:38:26 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio
2012-06-14 05:24:34 58111 ----a-w- C:\ProgramData\1339651473.5660.bin
2012-06-14 05:24:33 28434 ----a-w- C:\ProgramData\1339651473.5592.bin
2012-06-14 05:24:33 163962 ----a-w- C:\ProgramData\1339651473.5596.bin
2012-06-14 05:24:33 13486 ----a-w- C:\ProgramData\1339651473.5608.bin
2012-06-14 04:57:37 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 19:19:14 316 ----a-w- C:\Windows\SysWow64\PARLOGAN.EXE
2012-06-13 19:18:18 39184 ----a-w- C:\Windows\System32\Partizan.exe
2012-06-13 08:47:32 -------- d-----w- C:\ProgramData\RegRun
2012-06-13 08:47:27 2 --shatr- C:\Windows\winstart.bat
2012-06-13 08:47:23 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-06-13 08:04:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-13 08:04:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-13 07:30:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-06-13 07:30:28 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-27 06:34:23 -------- d-----w- C:\Users\Owner\AppData\Local\4A Games
2012-05-23 06:43:22 -------- d-----w- C:\Users\Owner\AppData\Local\{F9A9DE8A-EDE7-416C-99CA-D392E0874F99}
2012-05-23 06:43:21 -------- d-----w- C:\Users\Owner\AppData\Local\{ACED859D-9D5F-419D-B7BA-26E88890E169}
2012-05-21 05:37:00 -------- d-----w- C:\Users\Owner\AppData\Local\{5677F245-298A-4C1B-A663-AE552C0D5A0F}
2012-05-21 05:36:46 -------- d-----w- C:\Users\Owner\AppData\Local\{21CD8E20-30FF-485B-BC70-C26DC9C1FEF2}
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 03:43:44 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 03:43:44 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-03 02:54:46 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-05-03 02:54:46 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-23 05:47:55 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-23 05:47:55 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-23 05:47:35 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-15 08:04:17 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-08 23:18:55 1660 ----a-w- C:\Windows\System32\ASOROSet.bin
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 23:17:22.98 ===============



Attach.txt is below:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17/11/2011 5:30:45 PM
System Uptime: 16/06/2012 10:10:19 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 PRO REV 3.1
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 37.925 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 623.62 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID:
Description:
Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
Manufacturer:
Name:
PNP Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
==== System Restore Points ===================
.
RP116: 26/05/2012 2:43:50 PM - Scheduled Checkpoint
RP117: 26/05/2012 11:31:45 PM - Installed DirectX
RP118: 03/06/2012 8:14:18 PM - Windows Update
RP119: 11/06/2012 7:53:24 PM - Scheduled Checkpoint
RP120: 13/06/2012 12:15:27 PM - RegRun Virus Scan
RP121: 13/06/2012 12:17:32 PM - RegRun Virus Scan
RP122: 13/06/2012 12:18:07 PM - RegRun Virus Scan
RP123: 13/06/2012 2:31:46 PM - ASO3 : Advanced System Optimizer - System Cleaner
RP124: 13/06/2012 7:34:20 PM - Advanced System Optimizer - System Protector 13/06/2012 7:34:20 PM
RP125: 13/06/2012 10:05:16 PM - Windows Update
RP126: 13/06/2012 10:23:21 PM - Windows Update
RP127: 13/06/2012 10:40:05 PM - Installed Sophos Virus Removal Tool.
RP128: 13/06/2012 10:58:06 PM - Removed Sophos Virus Removal Tool.
RP129: 16/06/2012 2:16:12 PM - Advanced System Optimizer - System Protector 16/06/2012 2:16:12 PM
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3)
Advanced System Optimizer
Age of Conan: Unchained
Age of Empires Online
Alan Wake
Aliens vs. Predator
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
µTorrent
Battlefield 3™
Battlefield: Bad Company™ 2
Battlelog Web Plugins
Borderlands
BufferChm
Crysis® 2
D2500
D3DX10
Data Lifeguard Diagnostic for Windows 1.24
Dead Island
DeviceDiscovery
Diablo III
DJ_SF_03_D2500_Software_Min
ESN Sonar
EVGA Precision X 3.0.2
Fallen Earth
Far Cry 2
GPBaseService2
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 29
JMicron JMB36X Driver
MarketResearch
marvell 91xx driver
Mass Effect
Metro 2033
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
NVIDIA PhysX
OpenAL
Origin
PunkBuster Services
RAGE
S.T.A.L.K.E.R.: Call of Pripyat
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Star Wars: The Old Republic
StarCraft II
Status
Steam
The Elder Scrolls V: Skyrim
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
Winamp
Winamp Detector Plug-in
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Wolfenstein - Enemy Territory
World of Warcraft
World of Warcraft Beta
World of Warcraft Public Test
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
16/06/2012 10:10:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE trufos
16/06/2012 10:10:28 PM, Error: Service Control Manager [7000] - The ASO3DiskOptimizer service failed to start due to the following error: The system cannot find the file specified.
15/06/2012 4:32:36 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
15/06/2012 11:51:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: trufos
13/06/2012 11:03:59 PM, Error: Service Control Manager [7000] - The bdfwfpf service failed to start due to the following error: The system cannot find the file specified.
13/06/2012 11:02:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BdfNdisf bdfwfpf
13/06/2012 10:07:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2686831).
13/06/2012 10:07:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2699779).
13/06/2012 10:07:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2709715).
13/06/2012 10:07:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2709162).
13/06/2012 10:07:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2685939).
13/06/2012 1:24:34 PM, Error: Application Popup [1060] - \??\C:\Users\Owner\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================


Look forward to your next reply!

Ian

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 17 June 2012 - 09:20 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jev11

jev11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:08:23 PM

Posted 17 June 2012 - 10:44 AM

Hi Gringo,

Thank you for your continued support. I ran ComboFix and had no issues, it appeared to have deleted some files and then restarted my computer. My pc seems to be running ok, but i still have tunnel adapters when i do and ipconfig in command prompt and there still is 3-4 adapters in the device manager under network. I have been told by a tech at my ISP ( Shaw ) that those are potentially rootkit infections. My speedtest seems to have improved slightly, but they are generally better at this time. Though they are still not where they should be, around 22-24 megs down.

Here is the log as you requested:


ComboFix 12-06-16.02 - Owner 17/06/2012 8:29.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8169.6212 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1321586580.bdinstall.bin
c:\programdata\1339651473.5592.bin
c:\programdata\1339651473.5596.bin
c:\programdata\1339651473.5608.bin
c:\programdata\1339651473.5660.bin
c:\programdata\1339652327.bdinstall.bin
c:\programdata\1339653541.bdinstall.bin
c:\programdata\1339653675.bdinstall.bin
c:\programdata\1339653686.bdinstall.bin
c:\programdata\1339653692.bdinstall.bin
c:\programdata\1339653706.bdinstall.bin
c:\programdata\1339653814.bdinstall.bin
c:\programdata\1339658376.bdinstall.bin
c:\programdata\1339658606.bdinstall.bin
c:\windows\SysWow64\PARLOGAN.EXE
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-06-15 18:58 . 2012-05-15 08:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FD03551-11ED-4E78-A203-E2728BEBF04E}\mpengine.dll
2012-06-15 18:52 . 2012-06-15 18:52 -------- d-----w- c:\programdata\GFI Software
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\users\Owner\AppData\Local\adawarebp
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\program files (x86)\adawaretb
2012-06-15 06:14 . 2012-06-15 06:14 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
2012-06-15 06:14 . 2012-06-15 06:14 -------- d-----w- c:\programdata\PC Tools
2012-06-15 06:12 . 2012-06-15 06:12 -------- d-----w- c:\users\Owner\Pavark
2012-06-14 07:29 . 2012-06-14 07:29 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-06-14 07:28 . 2012-06-14 07:28 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-06-14 07:26 . 2012-06-14 07:26 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-14 07:25 . 2012-06-14 07:25 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-14 07:25 . 2012-06-14 07:25 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-06-14 07:25 . 2012-06-14 07:25 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-06-14 07:25 . 2012-06-14 07:25 90192 ----a-w- c:\windows\system32\drivers\bdfndisf6.sys
2012-06-14 07:23 . 2012-06-14 07:25 -------- d-----w- c:\users\Owner\AppData\Roaming\Bitdefender
2012-06-14 07:23 . 2012-06-14 07:23 -------- d-----w- c:\programdata\Bitdefender
2012-06-14 06:01 . 2012-06-14 07:23 -------- d-----w- c:\program files\Bitdefender
2012-06-14 05:40 . 2012-06-14 05:40 -------- d-----w- c:\programdata\Sophos
2012-06-14 05:38 . 2012-06-14 05:38 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2012-06-14 04:57 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 19:18 . 2012-06-13 19:18 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-13 08:47 . 2012-06-13 20:32 -------- d-----w- c:\programdata\RegRun
2012-06-13 08:47 . 2012-06-13 08:47 2 --shatr- c:\windows\winstart.bat
2012-06-13 08:47 . 2012-06-13 20:33 -------- d-----w- c:\program files (x86)\UnHackMe
2012-06-13 08:04 . 2012-06-13 08:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 08:04 . 2012-06-13 08:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-13 07:30 . 2012-06-13 07:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-06-13 07:30 . 2012-06-13 07:30 -------- d-----w- c:\programdata\Malwarebytes
2012-06-10 06:07 . 2012-06-10 06:07 -------- d--h--r- c:\users\Owner\AppData\Roaming\SecuROM
2012-05-27 06:34 . 2012-05-27 06:34 -------- d-----w- c:\users\Owner\AppData\Local\4A Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 10:48 . 2012-04-21 05:52 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-21 05:52 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-04-21 05:52 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-04-21 05:52 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-04-13 18:49 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-12-18 08:07 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2011-12-13 03:21 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-12-13 03:21 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2012-04-21 05:52 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-04-21 05:52 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-04-21 05:52 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-04-21 05:52 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-04-21 05:52 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-09 03:43 . 2012-04-10 17:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-09 03:43 . 2011-11-18 05:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:54 . 2012-05-03 02:54 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-04-23 05:47 . 2011-11-19 05:45 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-23 05:47 . 2011-11-19 05:24 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-23 05:47 . 2011-11-19 05:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-23 00:55 . 2012-04-23 00:55 3584 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-04-15 08:04 . 2011-11-19 05:24 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-08 23:18 . 2012-04-08 23:16 1660 ----a-w- c:\windows\system32\ASOROSet.bin
2012-03-30 11:35 . 2012-05-10 21:36 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;e:\advanced system optimizer 3\ASO3DefragSrv64.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-06-14 75384]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2012-06-14 466736]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\real temp\WinRing0x64.sys [2008-07-26 14544]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-06-14 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-06-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-06-14 66096]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\ASO-AutoCheckUpdate7Days.job
- c:\program files (x86)\Advanced System Optimizer 3\CheckUpdate.exe [2012-01-24 00:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-06-14 07:27 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-06-14 07:27 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-06-14 07:27 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-06-14 07:27 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2011-11-18 8765440]
"Cmaudio8768GX"="c:\windows\syswow64\HsMgr.exe" [2011-11-18 200704]
"Cmaudio8768GX64"="c:\windows\system\HsMgr64.exe" [2011-11-18 282112]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-06-14 1067256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_1&u=___userid___
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v2v4k4iu.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3280420694-4240693565-1856741598-1000\Software\SecuROM\License information*]
"datasecu"=hex:f8,5f,51,78,50,3a,b4,69,e4,36,d1,4c,e3,7b,a1,78,6f,f1,94,31,5a,
68,e2,49,0e,ce,94,fb,06,e9,9a,72,21,99,af,6e,18,22,26,7d,32,38,8a,a1,7d,95,\
"rkeysecu"=hex:56,be,cf,ea,22,93,e6,28,23,9c,e2,33,46,a6,a9,68
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x86\LCDMedia.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2012-06-17 08:34:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-17 15:34
.
Pre-Run: 40,579,584,000 bytes free
Post-Run: 40,348,090,368 bytes free
.
- - End Of File - - FC71541CF7EA9DDCFC902208CA8A7949




I am sorry but i probably wont be able to respond till tonight around 10pm PST or so, depending on how busy work is.

Thanks again for the help, I am very excited at the fact that hopefully *crosses fingers* my PC will be free from this nastyness!

Ian

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 17 June 2012 - 11:44 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jev11

jev11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:08:23 PM

Posted 17 June 2012 - 05:19 PM

Hi Gringo, here are the reports. I had no problem running the programs.


tdssKiller:



14:48:53.0516 1268 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
14:48:54.0199 1268 ============================================================
14:48:54.0199 1268 Current date / time: 2012/06/17 14:48:54.0199
14:48:54.0199 1268 SystemInfo:
14:48:54.0199 1268
14:48:54.0199 1268 OS Version: 6.1.7601 ServicePack: 1.0
14:48:54.0199 1268 Product type: Workstation
14:48:54.0199 1268 ComputerName: IAN-HOURSTON
14:48:54.0199 1268 UserName: Owner
14:48:54.0199 1268 Windows directory: C:\Windows
14:48:54.0199 1268 System windows directory: C:\Windows
14:48:54.0199 1268 Running under WOW64
14:48:54.0199 1268 Processor architecture: Intel x64
14:48:54.0199 1268 Number of processors: 4
14:48:54.0199 1268 Page size: 0x1000
14:48:54.0199 1268 Boot type: Normal boot
14:48:54.0199 1268 ============================================================
14:48:54.0361 1268 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:48:54.0366 1268 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:48:54.0368 1268 ============================================================
14:48:54.0368 1268 \Device\Harddisk0\DR0:
14:48:54.0368 1268 MBR partitions:
14:48:54.0368 1268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:48:54.0368 1268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
14:48:54.0368 1268 \Device\Harddisk1\DR1:
14:48:54.0368 1268 MBR partitions:
14:48:54.0368 1268 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:48:54.0368 1268 ============================================================
14:48:54.0369 1268 C: <-> \Device\Harddisk0\DR0\Partition1
14:48:54.0397 1268 E: <-> \Device\Harddisk1\DR1\Partition0
14:48:54.0398 1268 ============================================================
14:48:54.0398 1268 Initialize success
14:48:54.0398 1268 ============================================================
14:48:55.0231 5592 ============================================================
14:48:55.0231 5592 Scan started
14:48:55.0231 5592 Mode: Manual;
14:48:55.0231 5592 ============================================================
14:48:55.0348 5592 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:48:55.0349 5592 1394ohci - ok
14:48:55.0356 5592 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:48:55.0357 5592 ACPI - ok
14:48:55.0358 5592 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:48:55.0358 5592 AcpiPmi - ok
14:48:55.0362 5592 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:48:55.0362 5592 AdobeARMservice - ok
14:48:55.0371 5592 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:48:55.0372 5592 adp94xx - ok
14:48:55.0378 5592 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:48:55.0379 5592 adpahci - ok
14:48:55.0383 5592 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:48:55.0384 5592 adpu320 - ok
14:48:55.0387 5592 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:48:55.0388 5592 AeLookupSvc - ok
14:48:55.0396 5592 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:48:55.0398 5592 AFD - ok
14:48:55.0399 5592 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:48:55.0401 5592 agp440 - ok
14:48:55.0403 5592 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:48:55.0403 5592 ALG - ok
14:48:55.0404 5592 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:48:55.0404 5592 aliide - ok
14:48:55.0406 5592 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:48:55.0406 5592 amdide - ok
14:48:55.0408 5592 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:48:55.0408 5592 AmdK8 - ok
14:48:55.0411 5592 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:48:55.0411 5592 AmdPPM - ok
14:48:55.0413 5592 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:48:55.0414 5592 amdsata - ok
14:48:55.0418 5592 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:48:55.0419 5592 amdsbs - ok
14:48:55.0421 5592 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:48:55.0421 5592 amdxata - ok
14:48:55.0422 5592 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
14:48:55.0423 5592 androidusb - ok
14:48:55.0424 5592 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:48:55.0426 5592 AppID - ok
14:48:55.0427 5592 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:48:55.0427 5592 AppIDSvc - ok
14:48:55.0429 5592 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:48:55.0429 5592 Appinfo - ok
14:48:55.0434 5592 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:48:55.0434 5592 Apple Mobile Device - ok
14:48:55.0438 5592 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:48:55.0438 5592 arc - ok
14:48:55.0441 5592 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:48:55.0442 5592 arcsas - ok
14:48:55.0444 5592 asmthub3 (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys
14:48:55.0446 5592 asmthub3 - ok
14:48:55.0452 5592 asmtxhci (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:48:55.0453 5592 asmtxhci - ok
14:48:55.0454 5592 ASO3DiskOptimizer - ok
14:48:55.0456 5592 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:48:55.0456 5592 AsyncMac - ok
14:48:55.0457 5592 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:48:55.0458 5592 atapi - ok
14:48:55.0468 5592 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:48:55.0471 5592 AudioEndpointBuilder - ok
14:48:55.0473 5592 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:48:55.0476 5592 AudioSrv - ok
14:48:55.0489 5592 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
14:48:55.0492 5592 avc3 - ok
14:48:55.0499 5592 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
14:48:55.0499 5592 avchv - ok
14:48:55.0511 5592 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
14:48:55.0512 5592 avckf - ok
14:48:55.0514 5592 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:48:55.0516 5592 AxInstSV - ok
14:48:55.0523 5592 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:48:55.0524 5592 b06bdrv - ok
14:48:55.0531 5592 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:48:55.0532 5592 b57nd60a - ok
14:48:55.0534 5592 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:48:55.0536 5592 BDESVC - ok
14:48:55.0541 5592 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
14:48:55.0541 5592 BdfNdisf - ok
14:48:55.0551 5592 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
14:48:55.0552 5592 bdfsfltr - ok
14:48:55.0554 5592 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
14:48:55.0556 5592 bdfwfpf - ok
14:48:55.0559 5592 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
14:48:55.0559 5592 bdsandbox - ok
14:48:55.0563 5592 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
14:48:55.0563 5592 BDVEDISK - ok
14:48:55.0564 5592 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:48:55.0564 5592 Beep - ok
14:48:55.0576 5592 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:48:55.0578 5592 BFE - ok
14:48:55.0592 5592 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:48:55.0596 5592 BITS - ok
14:48:55.0601 5592 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:48:55.0601 5592 blbdrive - ok
14:48:55.0608 5592 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:48:55.0611 5592 Bonjour Service - ok
14:48:55.0613 5592 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:48:55.0613 5592 bowser - ok
14:48:55.0614 5592 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:48:55.0614 5592 BrFiltLo - ok
14:48:55.0617 5592 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:48:55.0617 5592 BrFiltUp - ok
14:48:55.0619 5592 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:48:55.0619 5592 BridgeMP - ok
14:48:55.0623 5592 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:48:55.0623 5592 Browser - ok
14:48:55.0629 5592 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:48:55.0631 5592 Brserid - ok
14:48:55.0632 5592 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:48:55.0632 5592 BrSerWdm - ok
14:48:55.0633 5592 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:48:55.0634 5592 BrUsbMdm - ok
14:48:55.0636 5592 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:48:55.0636 5592 BrUsbSer - ok
14:48:55.0638 5592 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:48:55.0638 5592 BTHMODEM - ok
14:48:55.0641 5592 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:48:55.0642 5592 bthserv - ok
14:48:55.0643 5592 catchme - ok
14:48:55.0646 5592 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:48:55.0647 5592 cdfs - ok
14:48:55.0649 5592 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:48:55.0651 5592 cdrom - ok
14:48:55.0653 5592 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:48:55.0653 5592 CertPropSvc - ok
14:48:55.0656 5592 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:48:55.0656 5592 circlass - ok
14:48:55.0662 5592 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:48:55.0663 5592 CLFS - ok
14:48:55.0668 5592 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:48:55.0669 5592 clr_optimization_v2.0.50727_32 - ok
14:48:55.0673 5592 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:48:55.0674 5592 clr_optimization_v2.0.50727_64 - ok
14:48:55.0681 5592 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:48:55.0681 5592 clr_optimization_v4.0.30319_32 - ok
14:48:55.0687 5592 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:48:55.0687 5592 clr_optimization_v4.0.30319_64 - ok
14:48:55.0689 5592 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:48:55.0689 5592 CmBatt - ok
14:48:55.0691 5592 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:48:55.0691 5592 cmdide - ok
14:48:55.0728 5592 cmuda3 (277d3ed6b6901a9c15b7828d40269509) C:\Windows\system32\drivers\cmudax3.sys
14:48:55.0736 5592 cmuda3 - ok
14:48:55.0761 5592 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:48:55.0762 5592 CNG - ok
14:48:55.0764 5592 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:48:55.0764 5592 Compbatt - ok
14:48:55.0766 5592 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:48:55.0766 5592 CompositeBus - ok
14:48:55.0767 5592 COMSysApp - ok
14:48:55.0769 5592 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:48:55.0769 5592 crcdisk - ok
14:48:55.0774 5592 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:48:55.0774 5592 CryptSvc - ok
14:48:55.0784 5592 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:48:55.0786 5592 DcomLaunch - ok
14:48:55.0792 5592 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:48:55.0793 5592 defragsvc - ok
14:48:55.0796 5592 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:48:55.0796 5592 DfsC - ok
14:48:55.0803 5592 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:48:55.0804 5592 Dhcp - ok
14:48:55.0806 5592 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:48:55.0806 5592 discache - ok
14:48:55.0808 5592 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:48:55.0808 5592 Disk - ok
14:48:55.0812 5592 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:48:55.0813 5592 Dnscache - ok
14:48:55.0818 5592 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:48:55.0819 5592 dot3svc - ok
14:48:55.0823 5592 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:48:55.0823 5592 Dot4 - ok
14:48:55.0824 5592 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:48:55.0826 5592 Dot4Print - ok
14:48:55.0827 5592 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:48:55.0827 5592 dot4usb - ok
14:48:55.0831 5592 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:48:55.0832 5592 DPS - ok
14:48:55.0833 5592 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:48:55.0833 5592 drmkaud - ok
14:48:55.0849 5592 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:48:55.0852 5592 DXGKrnl - ok
14:48:55.0858 5592 e1cexpress (eafcb4551836ff44ee775ceddfa7a77e) C:\Windows\system32\DRIVERS\e1c62x64.sys
14:48:55.0859 5592 e1cexpress - ok
14:48:55.0863 5592 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:48:55.0863 5592 EapHost - ok
14:48:55.0917 5592 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:48:55.0927 5592 ebdrv - ok
14:48:55.0942 5592 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:48:55.0942 5592 EFS - ok
14:48:55.0954 5592 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:48:55.0957 5592 ehRecvr - ok
14:48:55.0959 5592 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:48:55.0961 5592 ehSched - ok
14:48:55.0972 5592 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:48:55.0974 5592 elxstor - ok
14:48:55.0976 5592 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:48:55.0976 5592 ErrDev - ok
14:48:55.0984 5592 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:48:55.0987 5592 EventSystem - ok
14:48:55.0991 5592 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:48:55.0992 5592 exfat - ok
14:48:55.0996 5592 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:48:55.0996 5592 fastfat - ok
14:48:56.0008 5592 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:48:56.0011 5592 Fax - ok
14:48:56.0012 5592 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:48:56.0012 5592 fdc - ok
14:48:56.0014 5592 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:48:56.0014 5592 fdPHost - ok
14:48:56.0016 5592 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:48:56.0017 5592 FDResPub - ok
14:48:56.0019 5592 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:48:56.0019 5592 FileInfo - ok
14:48:56.0021 5592 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:48:56.0021 5592 Filetrace - ok
14:48:56.0023 5592 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:48:56.0023 5592 flpydisk - ok
14:48:56.0028 5592 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:48:56.0029 5592 FltMgr - ok
14:48:56.0047 5592 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:48:56.0051 5592 FontCache - ok
14:48:56.0054 5592 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:48:56.0054 5592 FontCache3.0.0.0 - ok
14:48:56.0059 5592 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:48:56.0059 5592 FsDepends - ok
14:48:56.0062 5592 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:48:56.0062 5592 Fs_Rec - ok
14:48:56.0067 5592 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:48:56.0067 5592 fvevol - ok
14:48:56.0069 5592 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:48:56.0071 5592 gagp30kx - ok
14:48:56.0072 5592 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:48:56.0072 5592 GEARAspiWDM - ok
14:48:56.0084 5592 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:48:56.0087 5592 gpsvc - ok
14:48:56.0089 5592 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:48:56.0089 5592 hcw85cir - ok
14:48:56.0096 5592 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:48:56.0097 5592 HdAudAddService - ok
14:48:56.0104 5592 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:48:56.0104 5592 HDAudBus - ok
14:48:56.0107 5592 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:48:56.0107 5592 HidBatt - ok
14:48:56.0109 5592 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:48:56.0109 5592 HidBth - ok
14:48:56.0112 5592 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:48:56.0112 5592 HidIr - ok
14:48:56.0114 5592 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:48:56.0114 5592 hidserv - ok
14:48:56.0117 5592 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:48:56.0117 5592 HidUsb - ok
14:48:56.0119 5592 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:48:56.0121 5592 hkmsvc - ok
14:48:56.0126 5592 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:48:56.0126 5592 HomeGroupListener - ok
14:48:56.0131 5592 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:48:56.0132 5592 HomeGroupProvider - ok
14:48:56.0139 5592 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:48:56.0141 5592 hpqcxs08 - ok
14:48:56.0144 5592 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:48:56.0144 5592 hpqddsvc - ok
14:48:56.0147 5592 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:48:56.0147 5592 HpSAMD - ok
14:48:56.0159 5592 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:48:56.0162 5592 HTTP - ok
14:48:56.0163 5592 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:48:56.0163 5592 hwpolicy - ok
14:48:56.0166 5592 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:48:56.0167 5592 i8042prt - ok
14:48:56.0174 5592 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:48:56.0176 5592 iaStorV - ok
14:48:56.0191 5592 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:48:56.0193 5592 idsvc - ok
14:48:56.0196 5592 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:48:56.0196 5592 iirsp - ok
14:48:56.0209 5592 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:48:56.0212 5592 IKEEXT - ok
14:48:56.0214 5592 IntcAzAudAddService - ok
14:48:56.0218 5592 Intel® PROSet Monitoring Service (d7b978f4504d3da95a21002863d0e7ee) C:\Windows\system32\IProsetMonitor.exe
14:48:56.0219 5592 Intel® PROSet Monitoring Service - ok
14:48:56.0221 5592 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:48:56.0221 5592 intelide - ok
14:48:56.0223 5592 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:48:56.0223 5592 intelppm - ok
14:48:56.0226 5592 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:48:56.0227 5592 IPBusEnum - ok
14:48:56.0229 5592 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:48:56.0231 5592 IpFilterDriver - ok
14:48:56.0241 5592 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:48:56.0242 5592 iphlpsvc - ok
14:48:56.0244 5592 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:48:56.0246 5592 IPMIDRV - ok
14:48:56.0248 5592 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:48:56.0249 5592 IPNAT - ok
14:48:56.0264 5592 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
14:48:56.0267 5592 iPod Service - ok
14:48:56.0269 5592 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:48:56.0269 5592 IRENUM - ok
14:48:56.0271 5592 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:48:56.0271 5592 isapnp - ok
14:48:56.0277 5592 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:48:56.0278 5592 iScsiPrt - ok
14:48:56.0281 5592 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
14:48:56.0282 5592 JRAID - ok
14:48:56.0283 5592 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:48:56.0283 5592 kbdclass - ok
14:48:56.0286 5592 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:48:56.0286 5592 kbdhid - ok
14:48:56.0287 5592 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:48:56.0288 5592 KeyIso - ok
14:48:56.0291 5592 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:48:56.0291 5592 KSecDD - ok
14:48:56.0294 5592 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:48:56.0296 5592 KSecPkg - ok
14:48:56.0297 5592 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:48:56.0297 5592 ksthunk - ok
14:48:56.0304 5592 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:48:56.0306 5592 KtmRm - ok
14:48:56.0311 5592 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:48:56.0312 5592 LanmanServer - ok
14:48:56.0316 5592 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:48:56.0317 5592 LanmanWorkstation - ok
14:48:56.0318 5592 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
14:48:56.0319 5592 LGBusEnum - ok
14:48:56.0321 5592 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
14:48:56.0321 5592 LGVirHid - ok
14:48:56.0323 5592 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:48:56.0323 5592 lltdio - ok
14:48:56.0329 5592 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:48:56.0331 5592 lltdsvc - ok
14:48:56.0332 5592 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:48:56.0333 5592 lmhosts - ok
14:48:56.0337 5592 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:48:56.0337 5592 LSI_FC - ok
14:48:56.0339 5592 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:48:56.0341 5592 LSI_SAS - ok
14:48:56.0343 5592 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:48:56.0343 5592 LSI_SAS2 - ok
14:48:56.0346 5592 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:48:56.0347 5592 LSI_SCSI - ok
14:48:56.0349 5592 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:48:56.0351 5592 luafv - ok
14:48:56.0353 5592 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:48:56.0353 5592 Mcx2Svc - ok
14:48:56.0356 5592 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:48:56.0356 5592 megasas - ok
14:48:56.0361 5592 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:48:56.0362 5592 MegaSR - ok
14:48:56.0364 5592 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:48:56.0364 5592 MEIx64 - ok
14:48:56.0371 5592 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:48:56.0371 5592 Microsoft Office Groove Audit Service - ok
14:48:56.0373 5592 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:48:56.0374 5592 MMCSS - ok
14:48:56.0376 5592 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:48:56.0377 5592 Modem - ok
14:48:56.0378 5592 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:48:56.0378 5592 monitor - ok
14:48:56.0381 5592 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:48:56.0381 5592 mouclass - ok
14:48:56.0382 5592 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:48:56.0383 5592 mouhid - ok
14:48:56.0386 5592 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:48:56.0386 5592 mountmgr - ok
14:48:56.0389 5592 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:48:56.0391 5592 MozillaMaintenance - ok
14:48:56.0393 5592 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:48:56.0394 5592 mpio - ok
14:48:56.0397 5592 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:48:56.0397 5592 mpsdrv - ok
14:48:56.0411 5592 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:48:56.0413 5592 MpsSvc - ok
14:48:56.0417 5592 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:48:56.0418 5592 MRxDAV - ok
14:48:56.0422 5592 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:48:56.0423 5592 mrxsmb - ok
14:48:56.0428 5592 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:48:56.0429 5592 mrxsmb10 - ok
14:48:56.0433 5592 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:48:56.0433 5592 mrxsmb20 - ok
14:48:56.0434 5592 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:48:56.0436 5592 msahci - ok
14:48:56.0438 5592 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:48:56.0439 5592 msdsm - ok
14:48:56.0442 5592 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:48:56.0443 5592 MSDTC - ok
14:48:56.0447 5592 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:48:56.0447 5592 Msfs - ok
14:48:56.0448 5592 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:48:56.0448 5592 mshidkmdf - ok
14:48:56.0451 5592 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:48:56.0451 5592 msisadrv - ok
14:48:56.0454 5592 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:48:56.0456 5592 MSiSCSI - ok
14:48:56.0456 5592 msiserver - ok
14:48:56.0458 5592 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:48:56.0458 5592 MSKSSRV - ok
14:48:56.0459 5592 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:48:56.0459 5592 MSPCLOCK - ok
14:48:56.0462 5592 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:48:56.0462 5592 MSPQM - ok
14:48:56.0468 5592 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:48:56.0469 5592 MsRPC - ok
14:48:56.0472 5592 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:48:56.0472 5592 mssmbios - ok
14:48:56.0473 5592 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:48:56.0474 5592 MSTEE - ok
14:48:56.0476 5592 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:48:56.0476 5592 MTConfig - ok
14:48:56.0478 5592 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:48:56.0478 5592 Mup - ok
14:48:56.0484 5592 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
14:48:56.0486 5592 mv91xx - ok
14:48:56.0488 5592 NAL (2dff58e4821866027388570eb78e73ed) C:\Windows\system32\Drivers\iqvw64e.sys
14:48:56.0488 5592 NAL - ok
14:48:56.0497 5592 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:48:56.0499 5592 napagent - ok
14:48:56.0506 5592 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:48:56.0507 5592 NativeWifiP - ok
14:48:56.0522 5592 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:48:56.0524 5592 NDIS - ok
14:48:56.0526 5592 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:48:56.0527 5592 NdisCap - ok
14:48:56.0528 5592 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:48:56.0528 5592 NdisTapi - ok
14:48:56.0531 5592 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:48:56.0531 5592 Ndisuio - ok
14:48:56.0534 5592 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:48:56.0536 5592 NdisWan - ok
14:48:56.0537 5592 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:48:56.0538 5592 NDProxy - ok
14:48:56.0541 5592 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
14:48:56.0541 5592 Net Driver HPZ12 - ok
14:48:56.0543 5592 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:48:56.0543 5592 NetBIOS - ok
14:48:56.0548 5592 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:48:56.0549 5592 NetBT - ok
14:48:56.0552 5592 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:48:56.0552 5592 Netlogon - ok
14:48:56.0558 5592 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:48:56.0561 5592 Netman - ok
14:48:56.0568 5592 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:48:56.0571 5592 netprofm - ok
14:48:56.0574 5592 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:48:56.0576 5592 NetTcpPortSharing - ok
14:48:56.0577 5592 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:48:56.0578 5592 nfrd960 - ok
14:48:56.0583 5592 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:48:56.0586 5592 NlaSvc - ok
14:48:56.0587 5592 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:48:56.0588 5592 Npfs - ok
14:48:56.0589 5592 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:48:56.0589 5592 nsi - ok
14:48:56.0592 5592 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:48:56.0592 5592 nsiproxy - ok
14:48:56.0618 5592 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:48:56.0623 5592 Ntfs - ok
14:48:56.0641 5592 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:48:56.0642 5592 Null - ok
14:48:56.0852 5592 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:48:56.0893 5592 nvlddmkm - ok
14:48:56.0917 5592 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:48:56.0918 5592 nvraid - ok
14:48:56.0922 5592 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:48:56.0922 5592 nvstor - ok
14:48:56.0937 5592 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
14:48:56.0941 5592 nvsvc - ok
14:48:56.0961 5592 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:48:56.0964 5592 nvUpdatusService - ok
14:48:56.0984 5592 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:48:56.0984 5592 nv_agp - ok
14:48:56.0994 5592 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:48:56.0996 5592 odserv - ok
14:48:56.0998 5592 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:48:56.0999 5592 ohci1394 - ok
14:48:57.0002 5592 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:48:57.0003 5592 ose - ok
14:48:57.0009 5592 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:48:57.0012 5592 p2pimsvc - ok
14:48:57.0019 5592 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:48:57.0021 5592 p2psvc - ok
14:48:57.0024 5592 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:48:57.0024 5592 Parport - ok
14:48:57.0027 5592 Partizan - ok
14:48:57.0029 5592 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:48:57.0031 5592 partmgr - ok
14:48:57.0034 5592 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:48:57.0036 5592 PcaSvc - ok
14:48:57.0039 5592 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:48:57.0041 5592 pci - ok
14:48:57.0042 5592 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:48:57.0042 5592 pciide - ok
14:48:57.0047 5592 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:48:57.0048 5592 pcmcia - ok
14:48:57.0051 5592 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:48:57.0051 5592 pcw - ok
14:48:57.0061 5592 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:48:57.0063 5592 PEAUTH - ok
14:48:57.0076 5592 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:48:57.0076 5592 PerfHost - ok
14:48:57.0099 5592 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:48:57.0104 5592 pla - ok
14:48:57.0112 5592 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:48:57.0114 5592 PlugPlay - ok
14:48:57.0117 5592 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
14:48:57.0118 5592 Pml Driver HPZ12 - ok
14:48:57.0119 5592 PnkBstrA - ok
14:48:57.0122 5592 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:48:57.0122 5592 PNRPAutoReg - ok
14:48:57.0128 5592 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:48:57.0129 5592 PNRPsvc - ok
14:48:57.0134 5592 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:48:57.0136 5592 Point64 - ok
14:48:57.0144 5592 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:48:57.0146 5592 PolicyAgent - ok
14:48:57.0151 5592 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:48:57.0152 5592 Power - ok
14:48:57.0154 5592 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:48:57.0156 5592 PptpMiniport - ok
14:48:57.0158 5592 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:48:57.0158 5592 Processor - ok
14:48:57.0163 5592 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:48:57.0164 5592 ProfSvc - ok
14:48:57.0166 5592 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:48:57.0167 5592 ProtectedStorage - ok
14:48:57.0169 5592 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:48:57.0171 5592 Psched - ok
14:48:57.0193 5592 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:48:57.0198 5592 ql2300 - ok
14:48:57.0218 5592 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:48:57.0218 5592 ql40xx - ok
14:48:57.0223 5592 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:48:57.0224 5592 QWAVE - ok
14:48:57.0227 5592 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:48:57.0227 5592 QWAVEdrv - ok
14:48:57.0228 5592 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:48:57.0228 5592 RasAcd - ok
14:48:57.0231 5592 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:48:57.0232 5592 RasAgileVpn - ok
14:48:57.0234 5592 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:48:57.0236 5592 RasAuto - ok
14:48:57.0238 5592 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:48:57.0239 5592 Rasl2tp - ok
14:48:57.0246 5592 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:48:57.0247 5592 RasMan - ok
14:48:57.0249 5592 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:48:57.0251 5592 RasPppoe - ok
14:48:57.0253 5592 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:48:57.0253 5592 RasSstp - ok
14:48:57.0259 5592 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:48:57.0261 5592 rdbss - ok
14:48:57.0262 5592 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:48:57.0263 5592 rdpbus - ok
14:48:57.0264 5592 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:48:57.0264 5592 RDPCDD - ok
14:48:57.0267 5592 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:48:57.0267 5592 RDPENCDD - ok
14:48:57.0268 5592 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:48:57.0269 5592 RDPREFMP - ok
14:48:57.0273 5592 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:48:57.0274 5592 RDPWD - ok
14:48:57.0278 5592 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:48:57.0279 5592 rdyboost - ok
14:48:57.0282 5592 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:48:57.0283 5592 RemoteAccess - ok
14:48:57.0287 5592 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:48:57.0288 5592 RemoteRegistry - ok
14:48:57.0291 5592 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:48:57.0292 5592 RpcEptMapper - ok
14:48:57.0293 5592 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:48:57.0294 5592 RpcLocator - ok
14:48:57.0302 5592 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:48:57.0304 5592 RpcSs - ok
14:48:57.0307 5592 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:48:57.0308 5592 rspndr - ok
14:48:57.0312 5592 SafeBox (4d5b987b73f7c5826d1c97c04e6f7029) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
14:48:57.0312 5592 SafeBox - ok
14:48:57.0314 5592 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:48:57.0314 5592 SamSs - ok
14:48:57.0317 5592 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:48:57.0318 5592 sbp2port - ok
14:48:57.0321 5592 SBRE - ok
14:48:57.0326 5592 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:48:57.0327 5592 SCardSvr - ok
14:48:57.0329 5592 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:48:57.0329 5592 scfilter - ok
14:48:57.0347 5592 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:48:57.0351 5592 Schedule - ok
14:48:57.0353 5592 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:48:57.0354 5592 SCPolicySvc - ok
14:48:57.0358 5592 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:48:57.0359 5592 SDRSVC - ok
14:48:57.0364 5592 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:48:57.0364 5592 secdrv - ok
14:48:57.0367 5592 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:48:57.0367 5592 seclogon - ok
14:48:57.0369 5592 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:48:57.0371 5592 SENS - ok
14:48:57.0372 5592 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:48:57.0373 5592 SensrSvc - ok
14:48:57.0374 5592 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:48:57.0376 5592 Serenum - ok
14:48:57.0378 5592 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:48:57.0378 5592 Serial - ok
14:48:57.0381 5592 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:48:57.0381 5592 sermouse - ok
14:48:57.0386 5592 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:48:57.0387 5592 SessionEnv - ok
14:48:57.0388 5592 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:48:57.0388 5592 sffdisk - ok
14:48:57.0391 5592 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:48:57.0391 5592 sffp_mmc - ok
14:48:57.0392 5592 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:48:57.0392 5592 sffp_sd - ok
14:48:57.0394 5592 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:48:57.0394 5592 sfloppy - ok
14:48:57.0402 5592 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:48:57.0403 5592 SharedAccess - ok
14:48:57.0412 5592 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:48:57.0413 5592 ShellHWDetection - ok
14:48:57.0416 5592 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:48:57.0416 5592 SiSRaid2 - ok
14:48:57.0418 5592 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:48:57.0419 5592 SiSRaid4 - ok
14:48:57.0422 5592 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:48:57.0422 5592 Smb - ok
14:48:57.0426 5592 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:48:57.0426 5592 SNMPTRAP - ok
14:48:57.0428 5592 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:48:57.0428 5592 spldr - ok
14:48:57.0438 5592 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:48:57.0441 5592 Spooler - ok
14:48:57.0493 5592 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:48:57.0504 5592 sppsvc - ok
14:48:57.0519 5592 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:48:57.0521 5592 sppuinotify - ok
14:48:57.0532 5592 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:48:57.0534 5592 srv - ok
14:48:57.0542 5592 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:48:57.0543 5592 srv2 - ok
14:48:57.0547 5592 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:48:57.0548 5592 srvnet - ok
14:48:57.0552 5592 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
14:48:57.0552 5592 ssadbus - ok
14:48:57.0554 5592 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:48:57.0554 5592 ssadmdfl - ok
14:48:57.0558 5592 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
14:48:57.0559 5592 ssadmdm - ok
14:48:57.0563 5592 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
14:48:57.0563 5592 ssadserd - ok
14:48:57.0568 5592 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:48:57.0569 5592 SSDPSRV - ok
14:48:57.0572 5592 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:48:57.0573 5592 SstpSvc - ok
14:48:57.0574 5592 Steam Client Service - ok
14:48:57.0577 5592 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:48:57.0578 5592 stexstor - ok
14:48:57.0587 5592 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:48:57.0589 5592 stisvc - ok
14:48:57.0592 5592 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:48:57.0592 5592 swenum - ok
14:48:57.0601 5592 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:48:57.0603 5592 swprv - ok
14:48:57.0631 5592 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:48:57.0636 5592 SysMain - ok
14:48:57.0652 5592 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:48:57.0653 5592 TabletInputService - ok
14:48:57.0659 5592 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:48:57.0662 5592 TapiSrv - ok
14:48:57.0664 5592 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:48:57.0666 5592 TBS - ok
14:48:57.0698 5592 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:48:57.0703 5592 Tcpip - ok
14:48:57.0749 5592 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:48:57.0754 5592 TCPIP6 - ok
14:48:57.0774 5592 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:48:57.0774 5592 tcpipreg - ok
14:48:57.0777 5592 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:48:57.0777 5592 TDPIPE - ok
14:48:57.0779 5592 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:48:57.0779 5592 TDTCP - ok
14:48:57.0783 5592 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:48:57.0783 5592 tdx - ok
14:48:57.0786 5592 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:48:57.0786 5592 TermDD - ok
14:48:57.0797 5592 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:48:57.0801 5592 TermService - ok
14:48:57.0817 5592 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:48:57.0818 5592 Themes - ok
14:48:57.0821 5592 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:48:57.0821 5592 THREADORDER - ok
14:48:57.0824 5592 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:48:57.0826 5592 TrkWks - ok
14:48:57.0833 5592 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
14:48:57.0834 5592 trufos - ok
14:48:57.0839 5592 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:48:57.0839 5592 TrustedInstaller - ok
14:48:57.0843 5592 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:48:57.0843 5592 tssecsrv - ok
14:48:57.0846 5592 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:48:57.0846 5592 TsUsbFlt - ok
14:48:57.0847 5592 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:48:57.0848 5592 TsUsbGD - ok
14:48:57.0851 5592 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:48:57.0852 5592 tunnel - ok
14:48:57.0853 5592 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
14:48:57.0853 5592 TurboB - ok
14:48:57.0858 5592 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:48:57.0858 5592 TurboBoost - ok
14:48:57.0861 5592 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:48:57.0862 5592 uagp35 - ok
14:48:57.0868 5592 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:48:57.0869 5592 udfs - ok
14:48:57.0872 5592 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:48:57.0873 5592 UI0Detect - ok
14:48:57.0876 5592 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:48:57.0876 5592 uliagpkx - ok
14:48:57.0878 5592 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:48:57.0879 5592 umbus - ok
14:48:57.0881 5592 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:48:57.0881 5592 UmPass - ok
14:48:57.0892 5592 Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
14:48:57.0893 5592 Update Server - ok
14:48:57.0902 5592 UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
14:48:57.0902 5592 UPDATESRV - ok
14:48:57.0909 5592 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:48:57.0911 5592 upnphost - ok
14:48:57.0913 5592 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:48:57.0914 5592 USBAAPL64 - ok
14:48:57.0917 5592 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:48:57.0918 5592 usbaudio - ok
14:48:57.0921 5592 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:48:57.0922 5592 usbccgp - ok
14:48:57.0924 5592 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:48:57.0926 5592 usbcir - ok
14:48:57.0928 5592 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:48:57.0928 5592 usbehci - ok
14:48:57.0934 5592 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:48:57.0936 5592 usbhub - ok
14:48:57.0938 5592 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:48:57.0938 5592 usbohci - ok
14:48:57.0941 5592 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:48:57.0941 5592 usbprint - ok
14:48:57.0943 5592 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:48:57.0944 5592 USBSTOR - ok
14:48:57.0946 5592 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:48:57.0946 5592 usbuhci - ok
14:48:57.0948 5592 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:48:57.0949 5592 UxSms - ok
14:48:57.0951 5592 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:48:57.0952 5592 VaultSvc - ok
14:48:57.0953 5592 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:48:57.0954 5592 vdrvroot - ok
14:48:57.0963 5592 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:48:57.0966 5592 vds - ok
14:48:57.0968 5592 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:48:57.0968 5592 vga - ok
14:48:57.0969 5592 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:48:57.0971 5592 VgaSave - ok
14:48:57.0974 5592 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:48:57.0976 5592 vhdmp - ok
14:48:57.0977 5592 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:48:57.0978 5592 viaide - ok
14:48:57.0981 5592 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:48:57.0981 5592 volmgr - ok
14:48:57.0988 5592 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:48:57.0989 5592 volmgrx - ok
14:48:57.0994 5592 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:48:57.0996 5592 volsnap - ok
14:48:57.0999 5592 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:48:58.0001 5592 vsmraid - ok
14:48:58.0026 5592 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:48:58.0031 5592 VSS - ok
14:48:58.0038 5592 VSSERV - ok
14:48:58.0057 5592 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:48:58.0057 5592 vwifibus - ok
14:48:58.0064 5592 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:48:58.0066 5592 W32Time - ok
14:48:58.0069 5592 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:48:58.0069 5592 WacomPen - ok
14:48:58.0072 5592 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:48:58.0073 5592 WANARP - ok
14:48:58.0074 5592 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:48:58.0074 5592 Wanarpv6 - ok
14:48:58.0096 5592 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:48:58.0099 5592 WatAdminSvc - ok
14:48:58.0122 5592 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:48:58.0127 5592 wbengine - ok
14:48:58.0146 5592 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:48:58.0147 5592 WbioSrvc - ok
14:48:58.0154 5592 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:48:58.0156 5592 wcncsvc - ok
14:48:58.0158 5592 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:48:58.0159 5592 WcsPlugInService - ok
14:48:58.0164 5592 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:48:58.0164 5592 Wd - ok
14:48:58.0176 5592 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:48:58.0177 5592 Wdf01000 - ok
14:48:58.0181 5592 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:48:58.0182 5592 WdiServiceHost - ok
14:48:58.0183 5592 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:48:58.0184 5592 WdiSystemHost - ok
14:48:58.0189 5592 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:48:58.0191 5592 WebClient - ok
14:48:58.0196 5592 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:48:58.0197 5592 Wecsvc - ok
14:48:58.0201 5592 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:48:58.0201 5592 wercplsupport - ok
14:48:58.0204 5592 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:48:58.0204 5592 WerSvc - ok
14:48:58.0209 5592 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:48:58.0209 5592 WfpLwf - ok
14:48:58.0212 5592 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:48:58.0212 5592 WIMMount - ok
14:48:58.0213 5592 WinDefend - ok
14:48:58.0216 5592 WinHttpAutoProxySvc - ok
14:48:58.0224 5592 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:48:58.0224 5592 Winmgmt - ok
14:48:58.0227 5592 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files\real temp\WinRing0x64.sys
14:48:58.0228 5592 WinRing0_1_2_0 - ok
14:48:58.0258 5592 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:48:58.0266 5592 WinRM - ok
14:48:58.0286 5592 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:48:58.0286 5592 WinUsb - ok
14:48:58.0299 5592 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:48:58.0303 5592 Wlansvc - ok
14:48:58.0339 5592 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:48:58.0346 5592 wlidsvc - ok
14:48:58.0364 5592 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:48:58.0364 5592 WmiAcpi - ok
14:48:58.0373 5592 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:48:58.0373 5592 wmiApSrv - ok
14:48:58.0376 5592 WMPNetworkSvc - ok
14:48:58.0378 5592 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:48:58.0379 5592 WPCSvc - ok
14:48:58.0382 5592 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:48:58.0383 5592 WPDBusEnum - ok
14:48:58.0386 5592 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:48:58.0386 5592 ws2ifsl - ok
14:48:58.0388 5592 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:48:58.0389 5592 wscsvc - ok
14:48:58.0391 5592 WSearch - ok
14:48:58.0428 5592 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:48:58.0437 5592 wuauserv - ok
14:48:58.0456 5592 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:48:58.0457 5592 WudfPf - ok
14:48:58.0461 5592 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:48:58.0462 5592 WUDFRd - ok
14:48:58.0464 5592 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:48:58.0466 5592 wudfsvc - ok
14:48:58.0471 5592 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:48:58.0472 5592 WwanSvc - ok
14:48:58.0476 5592 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
14:48:58.0476 5592 xusb21 - ok
14:48:58.0477 5592 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:48:58.0517 5592 \Device\Harddisk0\DR0 - ok
14:48:58.0524 5592 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:48:58.0526 5592 \Device\Harddisk1\DR1 - ok
14:48:58.0527 5592 Boot (0x1200) (b515195d9340833e3e9175ad3a1faef2) \Device\Harddisk0\DR0\Partition0
14:48:58.0527 5592 \Device\Harddisk0\DR0\Partition0 - ok
14:48:58.0528 5592 Boot (0x1200) (ea1d06f827b595fb4e3c228e609c27de) \Device\Harddisk0\DR0\Partition1
14:48:58.0529 5592 \Device\Harddisk0\DR0\Partition1 - ok
14:48:58.0532 5592 Boot (0x1200) (f0870c6ab40dd5e62a0e1a7f9af9159f) \Device\Harddisk1\DR1\Partition0
14:48:58.0533 5592 \Device\Harddisk1\DR1\Partition0 - ok
14:48:58.0533 5592 ============================================================
14:48:58.0533 5592 Scan finished
14:48:58.0533 5592 ============================================================
14:48:58.0537 5764 Detected object count: 0
14:48:58.0537 5764 Actual detected object count: 0



aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-17 14:50:50
-----------------------------
14:50:50.248 OS Version: Windows x64 6.1.7601 Service Pack 1
14:50:50.248 Number of processors: 4 586 0x2A07
14:50:50.248 ComputerName: IAN-HOURSTON UserName: Owner
14:50:50.348 Initialize success
14:54:19.034 AVAST engine defs: 12061700
14:54:32.193 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:54:32.193 Disk 0 Vendor: M4-CT128M4SSD2 0009 Size: 122104MB BusType: 11
14:54:32.194 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
14:54:32.195 Disk 1 Vendor: WDC_WD1001FALS-00E8B0 05.00K05 Size: 953869MB BusType: 11
14:54:32.197 Disk 0 MBR read successfully
14:54:32.198 Disk 0 MBR scan
14:54:32.239 Disk 0 Windows 7 default MBR code
14:54:32.240 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:54:32.243 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
14:54:32.248 Disk 0 scanning C:\Windows\system32\drivers
14:54:34.137 Service scanning
14:54:38.763 Modules scanning
14:54:38.765 Disk 0 trace - called modules:
14:54:38.768 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:54:38.770 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aa5060]
14:54:38.771 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007330250]
14:54:38.774 5 ACPI.sys[fffff88000ef07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800733c060]
14:54:38.879 AVAST engine scan C:\Windows
14:54:39.515 AVAST engine scan C:\Windows\system32
14:55:23.317 AVAST engine scan C:\Windows\system32\drivers
14:55:25.598 AVAST engine scan C:\Users\Owner
14:55:46.781 AVAST engine scan C:\ProgramData
14:56:06.520 Scan finished successfully
14:56:36.934 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
14:56:36.937 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


Thank you.

Ian

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 17 June 2012 - 06:09 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jev11

jev11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:08:23 PM

Posted 17 June 2012 - 08:59 PM

Hi Gringo,

Thanks again for all the help. I ran the script with no problems, it rebooted fine. I disabled my apparently malicious network adapters in the device manger, rebooted to find there is no change. Two of them re-create themselves now with a "5" beside it and the other one continues to re enable itself. The computer other wise seems to be running ok, i haven't noticed anything out the ordinary. Here is the new ComboFix log:





ComboFix 12-06-16.02 - Owner 17/06/2012 18:43:53.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8169.6254 [GMT -7:00]
Running from: c:\users\Owner\Desktop\Bleeping\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\Bleeping\CFScript.txt
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 01:46 . 2012-06-18 01:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-18 01:46 . 2012-06-18 01:46 -------- d-----w- c:\users\UpdatusUser.IAN-HOURSTON\AppData\Local\temp
2012-06-18 01:46 . 2012-06-18 01:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 18:58 . 2012-05-15 08:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FD03551-11ED-4E78-A203-E2728BEBF04E}\mpengine.dll
2012-06-15 18:52 . 2012-06-15 18:52 -------- d-----w- c:\programdata\GFI Software
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\users\Owner\AppData\Local\adawarebp
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\program files (x86)\adawaretb
2012-06-15 06:14 . 2012-06-15 06:14 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
2012-06-15 06:14 . 2012-06-15 06:14 -------- d-----w- c:\programdata\PC Tools
2012-06-15 06:12 . 2012-06-15 06:12 -------- d-----w- c:\users\Owner\Pavark
2012-06-14 07:29 . 2012-06-14 07:29 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-06-14 07:28 . 2012-06-14 07:28 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-06-14 07:26 . 2012-06-14 07:26 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-14 07:25 . 2012-06-14 07:25 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-14 07:25 . 2012-06-14 07:25 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-06-14 07:25 . 2012-06-14 07:25 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-06-14 07:25 . 2012-06-14 07:25 90192 ----a-w- c:\windows\system32\drivers\bdfndisf6.sys
2012-06-14 07:23 . 2012-06-14 07:25 -------- d-----w- c:\users\Owner\AppData\Roaming\Bitdefender
2012-06-14 07:23 . 2012-06-14 07:23 -------- d-----w- c:\programdata\Bitdefender
2012-06-14 06:01 . 2012-06-14 07:23 -------- d-----w- c:\program files\Bitdefender
2012-06-14 05:40 . 2012-06-14 05:40 -------- d-----w- c:\programdata\Sophos
2012-06-14 05:38 . 2012-06-14 05:38 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2012-06-14 04:57 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 19:18 . 2012-06-13 19:18 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-13 08:47 . 2012-06-13 20:32 -------- d-----w- c:\programdata\RegRun
2012-06-13 08:47 . 2012-06-13 08:47 2 --shatr- c:\windows\winstart.bat
2012-06-13 08:47 . 2012-06-13 20:33 -------- d-----w- c:\program files (x86)\UnHackMe
2012-06-13 08:04 . 2012-06-13 08:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 08:04 . 2012-06-13 08:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-13 07:30 . 2012-06-13 07:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-06-13 07:30 . 2012-06-13 07:30 -------- d-----w- c:\programdata\Malwarebytes
2012-06-10 06:07 . 2012-06-10 06:07 -------- d--h--r- c:\users\Owner\AppData\Roaming\SecuROM
2012-05-27 06:34 . 2012-05-27 06:34 -------- d-----w- c:\users\Owner\AppData\Local\4A Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 10:48 . 2012-04-21 05:52 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-21 05:52 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-04-21 05:52 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-04-21 05:52 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-04-13 18:49 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-12-18 08:07 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2011-12-13 03:21 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-12-13 03:21 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2012-04-21 05:52 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-04-21 05:52 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-04-21 05:52 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-04-21 05:52 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-04-21 05:52 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-09 03:43 . 2012-04-10 17:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-09 03:43 . 2011-11-18 05:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:54 . 2012-05-03 02:54 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-04-23 05:47 . 2011-11-19 05:45 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-23 05:47 . 2011-11-19 05:24 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-23 05:47 . 2011-11-19 05:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-23 00:55 . 2012-04-23 00:55 3584 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-04-15 08:04 . 2011-11-19 05:24 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-08 23:18 . 2012-04-08 23:16 1660 ----a-w- c:\windows\system32\ASOROSet.bin
2012-03-30 11:35 . 2012-05-10 21:36 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-17_15.33.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-17 15:34 16476 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-18 01:37 43502 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-11-17 14:17 . 2012-06-17 15:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-17 14:17 . 2012-06-18 01:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-17 14:17 . 2012-06-17 15:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-17 14:17 . 2012-06-18 01:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-18 01:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 15:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-18 01:36 . 2012-06-17 15:27 9534 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3280420694-4240693565-1856741598-1000_UserData.bin
+ 2011-11-18 01:36 . 2012-06-18 01:37 9534 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3280420694-4240693565-1856741598-1000_UserData.bin
- 2012-06-17 15:33 . 2012-06-17 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-18 01:47 . 2012-06-18 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-17 15:31 628414 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-18 01:41 628414 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-17 15:31 110598 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-18 01:41 110598 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-06-17 15:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-06-18 01:47 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-06-17 15:32 392652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-18 01:46 392652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-18 04:10 . 2012-06-18 01:46 56003000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3280420694-4240693565-1856741598-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;e:\advanced system optimizer 3\ASO3DefragSrv64.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-06-14 75384]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2012-06-14 466736]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-06-14 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-06-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-06-14 66096]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-06-14 07:27 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-06-14 07:27 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-06-14 07:27 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-06-14 07:27 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2011-11-18 8765440]
"Cmaudio8768GX"="c:\windows\syswow64\HsMgr.exe" [2011-11-18 200704]
"Cmaudio8768GX64"="c:\windows\system\HsMgr64.exe" [2011-11-18 282112]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-06-14 1067256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_1&u=___userid___
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v2v4k4iu.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3280420694-4240693565-1856741598-1000\Software\SecuROM\License information*]
"datasecu"=hex:f8,5f,51,78,50,3a,b4,69,e4,36,d1,4c,e3,7b,a1,78,6f,f1,94,31,5a,
68,e2,49,0e,ce,94,fb,06,e9,9a,72,21,99,af,6e,18,22,26,7d,32,38,8a,a1,7d,95,\
"rkeysecu"=hex:56,be,cf,ea,22,93,e6,28,23,9c,e2,33,46,a6,a9,68
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x86\LCDMedia.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2012-06-17 18:48:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 01:48
ComboFix2.txt 2012-06-17 15:34
.
Pre-Run: 40,097,902,592 bytes free
Post-Run: 40,111,779,840 bytes free
.
- - End Of File - - 5D8CDAC5909538A9E596F4A524BA0EDF




All the help has been greatly appreciated.

Thank you.

Ian

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 17 June 2012 - 09:07 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jev11

jev11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:08:23 PM

Posted 17 June 2012 - 09:23 PM

Here are the results Gringo.



Windows IP Configuration

Host Name . . . . . . . . . . . . : Ian-Hourston
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : vw.shawcable.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : vw.shawcable.net
Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
Physical Address. . . . . . . . . : F4-6D-04-48-4B-F1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3d16:94a:b151:ef78%15(Preferred)
IPv4 Address. . . . . . . . . . . : 70.70.245.169(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : June-17-12 6:51:50 PM
Lease Expires . . . . . . . . . . : June-19-12 6:35:29 PM
Default Gateway . . . . . . . . . : 70.70.244.1
DHCP Server . . . . . . . . . . . : 64.59.144.40
DHCPv6 IAID . . . . . . . . . . . : 385117444
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-57-6E-C3-F4-6D-04-48-4B-F1
DNS Servers . . . . . . . . . . . : 64.59.144.16
64.59.144.17
64.59.150.132
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c6c:1651:b9b9:a56(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c6c:1651:b9b9:a56%18(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : vw.shawcable.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Connection-specific DNS Suffix . : vw.shawcable.net
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4646:f5a9::4646:f5a9(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 64.59.144.16
64.59.144.17
64.59.150.132
NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 64.59.144.16

Name: google.com
Addresses: 2607:f8b0:400a:800::1005
173.194.33.1
173.194.33.8
173.194.33.2
173.194.33.3
173.194.33.7
173.194.33.14
173.194.33.5
173.194.33.9
173.194.33.6
173.194.33.4
173.194.33.0

Server: pd1nsc1.st.vc.shawcable.net
Address: 64.59.144.16

Name: yahoo.com
Addresses: 72.30.38.140
209.191.122.70
98.139.183.24


Pinging google.com [173.194.33.1] with 32 bytes of data:
Request timed out.
Reply from 173.194.33.1: bytes=32 time=21ms TTL=57

Ping statistics for 173.194.33.1:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 21ms, Average = 21ms

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=112ms TTL=56
Reply from 72.30.38.140: bytes=32 time=49ms TTL=56

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 49ms, Maximum = 112ms, Average = 80ms
===========================================================================
Interface List
15...f4 6d 04 48 4b f1 ......Intel® 82579V Gigabit Network Connection
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
31...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 70.70.244.1 70.70.245.169 20
70.70.244.0 255.255.252.0 On-link 70.70.245.169 276
70.70.245.169 255.255.255.255 On-link 70.70.245.169 276
70.70.247.255 255.255.255.255 On-link 70.70.245.169 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 70.70.245.169 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 70.70.245.169 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
31 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:4137:9e76:2c6c:1651:b9b9:a56/128
On-link
31 1025 2002::/16 On-link
31 281 2002:4646:f5a9::4646:f5a9/128
On-link
15 276 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::2c6c:1651:b9b9:a56/128
On-link
15 276 fe80::3d16:94a:b151:ef78/128
On-link
1 306 ff00::/8 On-link
15 276 ff00::/8 On-link
18 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None



Ian

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 17 June 2012 - 09:45 PM

Hello

That looks very good - there is nothing malicious going on in there



I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jev11

jev11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:08:23 PM

Posted 17 June 2012 - 09:52 PM

Hi Gringo,

Thank you SO much for getting to the bottom, of what evidently wasnt even there! I guess my ISP is shrugging their network instability on my 'rootkits'. I am very much revealed to hear that there is nothing going on.

Thanks you very much for all your help. I shall definitely direct people here for future help! You guys are great.


Here is the report:


Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3)
Advanced System Optimizer
Age of Conan: Unchained
Age of Empires Online
Alan Wake
Aliens vs. Predator
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
µTorrent
Battlefield 3™
Battlefield: Bad Company™ 2
Battlelog Web Plugins
Borderlands
BufferChm
Crysis® 2
D2500
D3DX10
Data Lifeguard Diagnostic for Windows 1.24
Dead Island
DeviceDiscovery
Diablo III
DJ_SF_03_D2500_Software_Min
ESN Sonar
EVGA Precision X 3.0.2
Fallen Earth
Far Cry 2
GPBaseService2
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 29
JMicron JMB36X Driver
MarketResearch
marvell 91xx driver
Mass Effect
Metro 2033
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
NVIDIA PhysX
OpenAL
Origin
PunkBuster Services
RAGE
S.T.A.L.K.E.R.: Call of Pripyat
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Star Wars: The Old Republic
StarCraft II
Status
Steam
The Elder Scrolls V: Skyrim
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
Winamp
Winamp Detector Plug-in
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Wolfenstein - Enemy Territory
World of Warcraft
World of Warcraft Beta
World of Warcraft Public Test
Xfire (remove only)



Thank you.

Ian.

#14 jev11

jev11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:08:23 PM

Posted 17 June 2012 - 09:54 PM

Oh, one thing, if I may. I am wondering what I can say to my ISP that if this situation were to occur with them telling me i have rootkits. Something along the lines as in " Oh, those arent rootkit infections because"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 17 June 2012 - 10:25 PM

Hello

in your case they are not from rootkits

1. they point to shawcable.net

2. we have run 3 tools to check for rootkits and they have come back clean


question for you - what was happening that you are talking with your ISP about rootkits?


:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users