Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to Remove Security Shield


  • This topic is locked This topic is locked
21 replies to this topic

#1 exp33

exp33

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 23 July 2012 - 01:19 AM

About a week ago I was infected with the Security Shield virus and was able to remove it with the help of a tutorial posted online by AVG. However, I've noticed the warning signs and had to eliminate Security Shield two additional times. Tonight, Google started redirecting to junk websites prefixed by IP addresses just like before. I've tried new software, but nothing's doing the trick. So far, I've run Mcafee, Spyware Doctor, SuperAntispyware, Prevx ... the list seems to go on and on. Any assistance would be greatly appreciated! I've tried to comply with all of the guidelines before posting. If I've neglected anything I apologize and please just let me know what you may need. Thank you-

I have not created a GMER log because I'm running the 64 bit version of Windows.

Brandon

Attached Files


Edited by exp33, 23 July 2012 - 01:39 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 AM

Posted 28 July 2012 - 05:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462030 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 exp33

exp33
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 28 July 2012 - 12:56 PM

I thought I had the problem fixed, but once again my google results are re-directing to junk pages.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 AM

Posted 29 July 2012 - 01:57 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 exp33

exp33
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 29 July 2012 - 02:24 PM

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
PC Tools Spyware Doctor 9.0
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java™ 6 Update 7
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Bitdefender Bitdefender 2013 vsserv.exe
Bitdefender Bitdefender 2013 bdparentalservice.exe
Bitdefender Bitdefender 2013 BdParentalSysTray.exe
Bitdefender Bitdefender 2013 bdagent.exe
Bitdefender Bitdefender 2013 updatesrv.exe
Bitdefender Bitdefender SafeBox safeboxservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````





ComboFix 12-07-29.02 - Brandon 07/29/2012 14:55:53.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.3610 [GMT -4:00]
Running from: c:\users\Brandon\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Outdated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Antispyware *Disabled/Outdated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1343066682.2276.bin
c:\programdata\1343066682.2952.bin
c:\programdata\1343066682.3004.bin
c:\programdata\1343066682.3500.bin
c:\programdata\1343066682.4204.bin
c:\programdata\1343066682.6028.bin
c:\programdata\1343066682.6824.bin
c:\programdata\1343066682.6832.bin
c:\programdata\1343066682.6980.bin
c:\programdata\1343066682.7028.bin
c:\programdata\1343066682.7076.bin
c:\programdata\1343068099.bdinstall.bin
c:\programdata\Softomotive\WinAutomation\Compiled Jobs\ff039168-8b55-4cd0-8ab5-5f0555efc635.dll
c:\users\Brandon\AppData\Local\Temp\08f56ff6-864d-4a92-944a-57b870198cb2\CliSecureRT.dll
c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\jimfit4a.default\extensions\{47c99b3f-57ee-480f-abda-35ea536ed937}
c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\jimfit4a.default\extensions\{47c99b3f-57ee-480f-abda-35ea536ed937}\chrome\xulcache.jar
c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\jimfit4a.default\extensions\{47c99b3f-57ee-480f-abda-35ea536ed937}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 19:06 . 2012-07-29 19:06 -------- d-----w- c:\users\New\AppData\Local\temp
2012-07-28 18:00 . 2012-06-22 15:39 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-07-28 18:00 . 2012-06-22 15:38 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-28 18:00 . 2012-06-22 15:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-28 18:00 . 2012-06-22 15:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-28 18:00 . 2012-06-22 15:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-07-28 17:59 . 2012-06-22 19:29 145464 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-07-28 17:59 . 2012-06-22 19:29 341200 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-07-28 17:59 . 2012-06-22 19:33 14808 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-07-28 17:58 . 2012-06-22 19:35 92928 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-07-28 17:57 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-07-28 17:57 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-07-28 17:57 . 2012-04-23 16:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-07-27 07:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C189AB16-D16D-4BB6-82EA-46E093C20F3C}\mpengine.dll
2012-07-23 23:55 . 2012-07-23 23:55 -------- d-----w- c:\users\Brandon\AppData\Local\brandont
2012-07-23 23:41 . 2012-07-23 23:41 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-23 23:41 . 2012-07-23 23:41 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-23 23:41 . 2012-07-23 23:41 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-23 23:41 . 2012-07-23 23:41 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-23 23:41 . 2012-07-23 23:41 188912 ----a-w- c:\windows\system32\java.exe
2012-07-23 23:41 . 2012-07-23 23:41 -------- d-----w- c:\program files\Java
2012-07-23 18:12 . 2012-07-23 18:19 -------- d-----w- c:\programdata\BDLogging
2012-07-23 18:11 . 2012-04-17 18:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-07-23 18:11 . 2011-11-17 21:38 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-07-23 18:11 . 2011-11-15 00:16 90192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2012-07-23 18:11 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
2012-07-23 18:11 . 2012-02-17 20:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-07-23 18:11 . 2012-03-21 00:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-07-23 18:11 . 2011-11-25 19:00 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-07-23 18:07 . 2012-07-23 18:19 -------- d-----w- c:\users\Brandon\AppData\Roaming\Bitdefender
2012-07-23 18:07 . 2012-07-23 18:20 -------- d-----w- c:\programdata\Bitdefender
2012-07-23 18:06 . 2012-07-23 18:06 -------- d-----w- c:\users\Brandon\AppData\Roaming\QuickScan
2012-07-23 18:05 . 2012-04-11 21:03 138232 ------w- c:\windows\system32\drivers\gzflt.sys
2012-07-23 18:05 . 2012-07-23 18:07 -------- d-----w- c:\program files\Bitdefender
2012-07-23 18:05 . 2012-04-24 19:28 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-07-23 17:59 . 2012-07-23 18:05 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-07-22 02:31 . 2012-07-22 02:32 -------- d-----w- c:\users\Brandon\AppData\Local\Softomotive
2012-07-22 02:31 . 2012-07-22 02:31 -------- dc-h--w- c:\programdata\{C7B82A41-F62F-4F56-A5F0-CA61A54D8122}
2012-07-22 02:30 . 2012-07-22 02:31 -------- d-----w- c:\program files\WinAutomation
2012-07-22 02:30 . 2012-07-22 02:30 -------- d-----w- c:\programdata\Softomotive
2012-07-22 02:28 . 2012-07-22 02:28 -------- d-----w- c:\users\Brandon\AppData\Local\PackageAware
2012-07-21 01:45 . 2012-07-21 01:45 -------- d-----w- c:\users\Brandon\AppData\Roaming\PCTools
2012-07-21 01:37 . 2012-07-21 01:37 -------- d-----w- c:\users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
2012-07-21 01:35 . 2012-07-21 01:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-21 01:35 . 2012-07-21 01:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-21 01:13 . 2012-07-21 01:13 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-07-21 01:13 . 2012-07-21 01:13 -------- d-----w- c:\program files\Prevx
2012-07-21 01:13 . 2012-07-23 18:21 -------- d-----w- c:\programdata\PrevxCSI
2012-07-17 22:19 . 2012-07-17 22:19 -------- d-----w- c:\users\Brandon\AppData\Local\{764E921D-D05D-11E1-8270-B8AC6F996F26}
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 09:00 . 2012-04-07 19:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 09:00 . 2012-01-10 01:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 09:00 . 2012-04-07 20:00 9821896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-03 17:46 . 2012-01-10 06:40 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 19:35 . 2012-01-09 08:11 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-06-22 14:43 . 2012-07-28 18:00 3488 ----a-w- c:\windows\UDB.zip
2012-06-22 14:43 . 2012-07-28 18:00 131 ----a-w- c:\windows\IDB.zip
2012-05-31 16:25 . 2012-01-09 22:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-11 11:34 . 2012-05-11 11:34 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-15 . 572F6C8D3726DB1D3D524A6BCE1C7EAB . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[-] 2009-10-15 . 572F6C8D3726DB1D3D524A6BCE1C7EAB . 706560 . . [6.1.7600.16385] .. c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-22 3508624]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-02-22 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R2 WinAutomation Service;WinAutomation Service;c:\program files\WinAutomation\WinAutomation.ServiceAgent.exe [2012-07-05 207984]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 79952]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 136176]
R3 iscFlash;iscFlash;c:\users\Brandon\AppData\Local\Temp\7zSFC29.tmp\iscflashx64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-29 419160]
R3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-29 53080]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-21 691896]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-04-11 138232]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600]
S2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-06-25 63272]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-06-25 95184]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-06-15 548264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-06-08 68416]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-22 84512]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 09:00]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 18:48]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 18:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-07-23 23:43 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-07-23 23:43 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-07-23 23:43 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-07-23 23:43 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-24 487424]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 16395880]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-07-23 1425944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: blank
Trusted Zone: security_WinAutomation.Console.exe
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\jimfit4a.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Smartbar Search
FF - prefs.js: browser.startup.homepage - hxxp://www.newser.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
.
**************************************************************************
.
Completion time: 2012-07-29 15:17:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 19:16
.
Pre-Run: 103,229,505,536 bytes free
Post-Run: 102,869,950,464 bytes free
.
- - End Of File - - 35C216C53A11203ADC420A10C4837EE4



I'll let you know how the computer's doing a little later today.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 AM

Posted 29 July 2012 - 02:35 PM

Greetings

Let me know how things are doing later but I still want you to run these to get a deeper look.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 exp33

exp33
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 29 July 2012 - 03:35 PM

15:59:19.0781 4880 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:59:20.0066 4880 ============================================================
15:59:20.0066 4880 Current date / time: 2012/07/29 15:59:20.0066
15:59:20.0066 4880 SystemInfo:
15:59:20.0066 4880
15:59:20.0066 4880 OS Version: 6.1.7600 ServicePack: 0.0
15:59:20.0066 4880 Product type: Workstation
15:59:20.0067 4880 ComputerName: PHOENIX
15:59:20.0067 4880 UserName: Brandon
15:59:20.0067 4880 Windows directory: C:\Windows
15:59:20.0067 4880 System windows directory: C:\Windows
15:59:20.0067 4880 Running under WOW64
15:59:20.0067 4880 Processor architecture: Intel x64
15:59:20.0067 4880 Number of processors: 8
15:59:20.0067 4880 Page size: 0x1000
15:59:20.0067 4880 Boot type: Normal boot
15:59:20.0067 4880 ============================================================
15:59:20.0929 4880 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:59:20.0940 4880 ============================================================
15:59:20.0940 4880 \Device\Harddisk0\DR0:
15:59:20.0941 4880 MBR partitions:
15:59:20.0941 4880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:59:20.0941 4880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x384DC000
15:59:20.0941 4880 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38540000, BlocksNum 0x1E12000
15:59:20.0941 4880 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
15:59:20.0941 4880 ============================================================
15:59:20.0964 4880 C: <-> \Device\Harddisk0\DR0\Partition1
15:59:21.0015 4880 D: <-> \Device\Harddisk0\DR0\Partition2
15:59:21.0025 4880 E: <-> \Device\Harddisk0\DR0\Partition3
15:59:21.0025 4880 ============================================================
15:59:21.0025 4880 Initialize success
15:59:21.0025 4880 ============================================================
15:59:26.0916 4924 ============================================================
15:59:26.0917 4924 Scan started
15:59:26.0917 4924 Mode: Manual;
15:59:26.0917 4924 ============================================================
15:59:28.0487 4924 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:59:28.0488 4924 !SASCORE - ok
15:59:28.0638 4924 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:59:28.0649 4924 1394ohci - ok
15:59:28.0679 4924 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
15:59:28.0680 4924 Accelerometer - ok
15:59:28.0714 4924 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:59:28.0728 4924 ACPI - ok
15:59:28.0745 4924 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:59:28.0749 4924 AcpiPmi - ok
15:59:28.0850 4924 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:59:28.0851 4924 AdobeARMservice - ok
15:59:29.0002 4924 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:59:29.0004 4924 AdobeFlashPlayerUpdateSvc - ok
15:59:29.0056 4924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:59:29.0090 4924 adp94xx - ok
15:59:29.0132 4924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:59:29.0146 4924 adpahci - ok
15:59:29.0174 4924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:59:29.0190 4924 adpu320 - ok
15:59:29.0222 4924 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:59:29.0225 4924 AeLookupSvc - ok
15:59:29.0309 4924 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
15:59:29.0312 4924 AESTFilters - ok
15:59:29.0360 4924 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
15:59:29.0392 4924 AFD - ok
15:59:29.0482 4924 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
15:59:29.0515 4924 AgereSoftModem - ok
15:59:29.0539 4924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:59:29.0542 4924 agp440 - ok
15:59:29.0561 4924 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:59:29.0563 4924 ALG - ok
15:59:29.0577 4924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:59:29.0580 4924 aliide - ok
15:59:29.0590 4924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:59:29.0593 4924 amdide - ok
15:59:29.0615 4924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:59:29.0618 4924 AmdK8 - ok
15:59:29.0636 4924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:59:29.0639 4924 AmdPPM - ok
15:59:29.0663 4924 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
15:59:29.0672 4924 amdsata - ok
15:59:29.0700 4924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:59:29.0714 4924 amdsbs - ok
15:59:29.0735 4924 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
15:59:29.0735 4924 amdxata - ok
15:59:29.0759 4924 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:59:29.0762 4924 AppID - ok
15:59:29.0779 4924 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:59:29.0783 4924 AppIDSvc - ok
15:59:29.0795 4924 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:59:29.0806 4924 Appinfo - ok
15:59:29.0944 4924 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:59:29.0959 4924 AppMgmt - ok
15:59:29.0979 4924 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:59:29.0989 4924 arc - ok
15:59:30.0003 4924 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:59:30.0007 4924 arcsas - ok
15:59:30.0098 4924 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:59:30.0102 4924 aspnet_state - ok
15:59:30.0119 4924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:59:30.0120 4924 AsyncMac - ok
15:59:30.0137 4924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:59:30.0138 4924 atapi - ok
15:59:30.0199 4924 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:59:30.0204 4924 AudioEndpointBuilder - ok
15:59:30.0212 4924 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:59:30.0217 4924 AudioSrv - ok
15:59:30.0336 4924 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
15:59:30.0341 4924 avc3 - ok
15:59:30.0459 4924 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
15:59:30.0462 4924 avchv - ok
15:59:30.0508 4924 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
15:59:30.0513 4924 avckf - ok
15:59:30.0540 4924 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:59:30.0554 4924 AxInstSV - ok
15:59:30.0613 4924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:59:30.0648 4924 b06bdrv - ok
15:59:30.0683 4924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:59:30.0698 4924 b57nd60a - ok
15:59:30.0803 4924 BdDesktopParental (52c16890a91168a6c720a8c3e63322fb) C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
15:59:30.0804 4924 BdDesktopParental - ok
15:59:30.0831 4924 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:59:30.0835 4924 BDESVC - ok
15:59:30.0926 4924 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
15:59:30.0928 4924 BdfNdisf - ok
15:59:30.0995 4924 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
15:59:30.0997 4924 bdfwfpf - ok
15:59:31.0011 4924 BDSandBox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
15:59:31.0012 4924 BDSandBox - ok
15:59:31.0064 4924 BDVEDISK (50f796cb1e8c80f3d19435cb50c3dab5) C:\Windows\system32\DRIVERS\bdvedisk.sys
15:59:31.0065 4924 BDVEDISK - ok
15:59:31.0090 4924 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:59:31.0092 4924 Beep - ok
15:59:31.0158 4924 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
15:59:31.0188 4924 BFE - ok
15:59:31.0270 4924 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
15:59:31.0278 4924 BITS - ok
15:59:31.0313 4924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:59:31.0316 4924 blbdrive - ok
15:59:31.0337 4924 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
15:59:31.0341 4924 bowser - ok
15:59:31.0356 4924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:59:31.0359 4924 BrFiltLo - ok
15:59:31.0375 4924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:59:31.0379 4924 BrFiltUp - ok
15:59:31.0416 4924 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:59:31.0425 4924 BridgeMP - ok
15:59:31.0461 4924 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:59:31.0463 4924 Browser - ok
15:59:31.0639 4924 Browser Defender Update Service (7effccd7b6ea4d3428f5b3ace8de8f5a) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
15:59:31.0644 4924 Browser Defender Update Service - ok
15:59:31.0705 4924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:59:31.0721 4924 Brserid - ok
15:59:31.0741 4924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:59:31.0744 4924 BrSerWdm - ok
15:59:31.0761 4924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:59:31.0765 4924 BrUsbMdm - ok
15:59:31.0775 4924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:59:31.0778 4924 BrUsbSer - ok
15:59:31.0838 4924 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
15:59:31.0859 4924 BthEnum - ok
15:59:31.0872 4924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:59:31.0874 4924 BTHMODEM - ok
15:59:31.0902 4924 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:59:31.0911 4924 BthPan - ok
15:59:31.0966 4924 BTHPORT (d0168821eb2593a2dc5c5bf71bb21cbb) C:\Windows\System32\Drivers\BTHport.sys
15:59:31.0997 4924 BTHPORT - ok
15:59:32.0027 4924 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:59:32.0028 4924 bthserv - ok
15:59:32.0045 4924 BTHUSB (857667b6a26a307a78758e5ea2ce05d9) C:\Windows\System32\Drivers\BTHUSB.sys
15:59:32.0048 4924 BTHUSB - ok
15:59:32.0066 4924 catchme - ok
15:59:32.0090 4924 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:59:32.0094 4924 cdfs - ok
15:59:32.0113 4924 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:59:32.0126 4924 cdrom - ok
15:59:32.0147 4924 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:59:32.0148 4924 CertPropSvc - ok
15:59:32.0172 4924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:59:32.0175 4924 circlass - ok
15:59:32.0221 4924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:59:32.0240 4924 CLFS - ok
15:59:32.0312 4924 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:59:32.0315 4924 clr_optimization_v2.0.50727_32 - ok
15:59:32.0367 4924 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:59:32.0371 4924 clr_optimization_v2.0.50727_64 - ok
15:59:32.0436 4924 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:59:32.0444 4924 clr_optimization_v4.0.30319_32 - ok
15:59:32.0493 4924 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:59:32.0501 4924 clr_optimization_v4.0.30319_64 - ok
15:59:32.0517 4924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:59:32.0519 4924 CmBatt - ok
15:59:32.0537 4924 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:59:32.0540 4924 cmdide - ok
15:59:32.0585 4924 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
15:59:32.0611 4924 CNG - ok
15:59:32.0623 4924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:59:32.0623 4924 Compbatt - ok
15:59:32.0637 4924 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:59:32.0640 4924 CompositeBus - ok
15:59:32.0643 4924 COMSysApp - ok
15:59:32.0664 4924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:59:32.0667 4924 crcdisk - ok
15:59:32.0703 4924 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
15:59:32.0705 4924 CryptSvc - ok
15:59:32.0751 4924 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
15:59:32.0774 4924 CSC - ok
15:59:32.0831 4924 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
15:59:32.0860 4924 CscService - ok
15:59:32.0890 4924 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
15:59:32.0915 4924 dc3d - ok
15:59:33.0004 4924 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:59:33.0010 4924 DcomLaunch - ok
15:59:33.0052 4924 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:59:33.0067 4924 defragsvc - ok
15:59:33.0097 4924 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
15:59:33.0100 4924 DfsC - ok
15:59:33.0149 4924 dg_ssudbus (6060106ce00f32f63f1a73160e46e9d2) C:\Windows\system32\DRIVERS\ssudbus.sys
15:59:33.0151 4924 dg_ssudbus - ok
15:59:33.0191 4924 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:59:33.0206 4924 Dhcp - ok
15:59:33.0221 4924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:59:33.0224 4924 discache - ok
15:59:33.0241 4924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:59:33.0243 4924 Disk - ok
15:59:33.0271 4924 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
15:59:33.0273 4924 Dnscache - ok
15:59:33.0307 4924 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:59:33.0329 4924 dot3svc - ok
15:59:33.0356 4924 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:59:33.0358 4924 DPS - ok
15:59:33.0376 4924 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:59:33.0379 4924 drmkaud - ok
15:59:33.0409 4924 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
15:59:33.0412 4924 dsNcAdpt - ok
15:59:33.0508 4924 dsNcService (3c2971dee117da4d4c147b6737b3463e) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
15:59:33.0513 4924 dsNcService - ok
15:59:33.0609 4924 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
15:59:33.0643 4924 DXGKrnl - ok
15:59:33.0673 4924 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:59:33.0682 4924 EapHost - ok
15:59:33.0999 4924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:59:34.0075 4924 ebdrv - ok
15:59:34.0187 4924 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
15:59:34.0189 4924 EFS - ok
15:59:34.0284 4924 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
15:59:34.0314 4924 ehRecvr - ok
15:59:34.0335 4924 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:59:34.0344 4924 ehSched - ok
15:59:34.0393 4924 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
15:59:34.0394 4924 ElbyCDIO - ok
15:59:34.0459 4924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:59:34.0494 4924 elxstor - ok
15:59:34.0513 4924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:59:34.0516 4924 ErrDev - ok
15:59:34.0583 4924 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:59:34.0587 4924 EventSystem - ok
15:59:34.0614 4924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:59:34.0627 4924 exfat - ok
15:59:34.0664 4924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:59:34.0676 4924 fastfat - ok
15:59:34.0768 4924 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:59:34.0803 4924 Fax - ok
15:59:34.0822 4924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:59:34.0825 4924 fdc - ok
15:59:34.0837 4924 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:59:34.0838 4924 fdPHost - ok
15:59:34.0854 4924 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:59:34.0855 4924 FDResPub - ok
15:59:34.0875 4924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:59:34.0878 4924 FileInfo - ok
15:59:34.0894 4924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:59:34.0897 4924 Filetrace - ok
15:59:34.0913 4924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:59:34.0917 4924 flpydisk - ok
15:59:34.0954 4924 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:59:34.0969 4924 FltMgr - ok
15:59:35.0072 4924 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
15:59:35.0104 4924 FontCache - ok
15:59:35.0165 4924 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:59:35.0166 4924 FontCache3.0.0.0 - ok
15:59:35.0205 4924 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:59:35.0208 4924 FsDepends - ok
15:59:35.0223 4924 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:59:35.0224 4924 Fs_Rec - ok
15:59:35.0256 4924 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
15:59:35.0268 4924 fvevol - ok
15:59:35.0288 4924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:59:35.0291 4924 gagp30kx - ok
15:59:35.0363 4924 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:59:35.0398 4924 gpsvc - ok
15:59:35.0480 4924 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:59:35.0482 4924 gupdate - ok
15:59:35.0486 4924 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:59:35.0487 4924 gupdatem - ok
15:59:35.0535 4924 gzflt (07177b5a8c277074c30ac515febd4f37) C:\Windows\system32\DRIVERS\gzflt.sys
15:59:35.0543 4924 gzflt - ok
15:59:35.0588 4924 Hardlock (091582da724f54830012e3faaf2f1d1a) C:\Windows\system32\drivers\hardlock.sys
15:59:35.0612 4924 Hardlock - ok
15:59:35.0634 4924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:59:35.0637 4924 hcw85cir - ok
15:59:35.0686 4924 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:59:35.0701 4924 HdAudAddService - ok
15:59:35.0725 4924 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:59:35.0732 4924 HDAudBus - ok
15:59:35.0754 4924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:59:35.0757 4924 HidBatt - ok
15:59:35.0778 4924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:59:35.0788 4924 HidBth - ok
15:59:35.0861 4924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:59:35.0864 4924 HidIr - ok
15:59:35.0893 4924 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:59:35.0896 4924 hidserv - ok
15:59:35.0909 4924 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:59:35.0912 4924 HidUsb - ok
15:59:35.0934 4924 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:59:35.0949 4924 hkmsvc - ok
15:59:35.0983 4924 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:59:35.0995 4924 HomeGroupListener - ok
15:59:36.0029 4924 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:59:36.0032 4924 HomeGroupProvider - ok
15:59:36.0059 4924 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
15:59:36.0060 4924 hpdskflt - ok
15:59:36.0099 4924 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:59:36.0102 4924 HpSAMD - ok
15:59:36.0123 4924 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
15:59:36.0124 4924 hpsrv - ok
15:59:36.0193 4924 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:59:36.0226 4924 HTTP - ok
15:59:36.0240 4924 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:59:36.0240 4924 hwpolicy - ok
15:59:36.0264 4924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:59:36.0274 4924 i8042prt - ok
15:59:36.0366 4924 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:59:36.0369 4924 IAANTMON - ok
15:59:36.0422 4924 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
15:59:36.0425 4924 iaStor - ok
15:59:36.0496 4924 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
15:59:36.0530 4924 iaStorV - ok
15:59:36.0648 4924 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:59:36.0686 4924 idsvc - ok
15:59:36.0712 4924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:59:36.0715 4924 iirsp - ok
15:59:36.0806 4924 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:59:36.0837 4924 IKEEXT - ok
15:59:36.0878 4924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:59:36.0881 4924 intelide - ok
15:59:36.0898 4924 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:59:36.0899 4924 intelppm - ok
15:59:36.0920 4924 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:59:36.0931 4924 IPBusEnum - ok
15:59:36.0957 4924 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:36.0961 4924 IpFilterDriver - ok
15:59:37.0015 4924 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
15:59:37.0043 4924 iphlpsvc - ok
15:59:37.0058 4924 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:59:37.0061 4924 IPMIDRV - ok
15:59:37.0119 4924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:59:37.0128 4924 IPNAT - ok
15:59:37.0150 4924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:59:37.0153 4924 IRENUM - ok
15:59:37.0168 4924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:59:37.0171 4924 isapnp - ok
15:59:37.0221 4924 iscFlash - ok
15:59:37.0255 4924 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:59:37.0267 4924 iScsiPrt - ok
15:59:37.0291 4924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:59:37.0292 4924 kbdclass - ok
15:59:37.0304 4924 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:59:37.0306 4924 kbdhid - ok
15:59:37.0330 4924 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:59:37.0332 4924 KeyIso - ok
15:59:37.0355 4924 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
15:59:37.0358 4924 KSecDD - ok
15:59:37.0380 4924 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
15:59:37.0392 4924 KSecPkg - ok
15:59:37.0408 4924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:59:37.0410 4924 ksthunk - ok
15:59:37.0453 4924 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:59:37.0492 4924 KtmRm - ok
15:59:37.0541 4924 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
15:59:37.0553 4924 LanmanServer - ok
15:59:37.0583 4924 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:59:37.0597 4924 LanmanWorkstation - ok
15:59:37.0617 4924 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:59:37.0620 4924 lltdio - ok
15:59:37.0657 4924 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:59:37.0675 4924 lltdsvc - ok
15:59:37.0692 4924 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:59:37.0695 4924 lmhosts - ok
15:59:37.0735 4924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:59:37.0749 4924 LSI_FC - ok
15:59:37.0773 4924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:59:37.0781 4924 LSI_SAS - ok
15:59:37.0852 4924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:59:37.0855 4924 LSI_SAS2 - ok
15:59:37.0874 4924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:59:37.0883 4924 LSI_SCSI - ok
15:59:37.0909 4924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:59:37.0917 4924 luafv - ok
15:59:37.0954 4924 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:59:37.0958 4924 Mcx2Svc - ok
15:59:37.0979 4924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:59:37.0982 4924 megasas - ok
15:59:38.0016 4924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:59:38.0032 4924 MegaSR - ok
15:59:38.0063 4924 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:59:38.0065 4924 MMCSS - ok
15:59:38.0084 4924 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:59:38.0087 4924 Modem - ok
15:59:38.0102 4924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:59:38.0102 4924 monitor - ok
15:59:38.0119 4924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:59:38.0120 4924 mouclass - ok
15:59:38.0138 4924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:59:38.0140 4924 mouhid - ok
15:59:38.0165 4924 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:59:38.0168 4924 mountmgr - ok
15:59:38.0248 4924 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:59:38.0252 4924 MozillaMaintenance - ok
15:59:38.0283 4924 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:59:38.0296 4924 mpio - ok
15:59:38.0332 4924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:59:38.0335 4924 mpsdrv - ok
15:59:38.0423 4924 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
15:59:38.0455 4924 MpsSvc - ok
15:59:38.0485 4924 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:59:38.0494 4924 MRxDAV - ok
15:59:38.0519 4924 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:38.0533 4924 mrxsmb - ok
15:59:38.0575 4924 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:38.0590 4924 mrxsmb10 - ok
15:59:38.0613 4924 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:38.0621 4924 mrxsmb20 - ok
15:59:38.0636 4924 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:59:38.0636 4924 msahci - ok
15:59:38.0666 4924 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:59:38.0679 4924 msdsm - ok
15:59:38.0719 4924 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:59:38.0734 4924 MSDTC - ok
15:59:38.0759 4924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:59:38.0762 4924 Msfs - ok
15:59:38.0775 4924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:59:38.0778 4924 mshidkmdf - ok
15:59:38.0791 4924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:59:38.0791 4924 msisadrv - ok
15:59:38.0820 4924 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:59:38.0836 4924 MSiSCSI - ok
15:59:38.0841 4924 msiserver - ok
15:59:38.0861 4924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:59:38.0864 4924 MSKSSRV - ok
15:59:38.0871 4924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:59:38.0873 4924 MSPCLOCK - ok
15:59:38.0879 4924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:59:38.0881 4924 MSPQM - ok
15:59:38.0932 4924 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:59:38.0945 4924 MsRPC - ok
15:59:38.0963 4924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:59:38.0964 4924 mssmbios - ok
15:59:38.0982 4924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:59:38.0985 4924 MSTEE - ok
15:59:39.0002 4924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:59:39.0005 4924 MTConfig - ok
15:59:39.0023 4924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:59:39.0024 4924 Mup - ok
15:59:39.0077 4924 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:59:39.0109 4924 napagent - ok
15:59:39.0143 4924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:59:39.0158 4924 NativeWifiP - ok
15:59:39.0235 4924 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:59:39.0242 4924 NDIS - ok
15:59:39.0259 4924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:59:39.0263 4924 NdisCap - ok
15:59:39.0283 4924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:59:39.0286 4924 NdisTapi - ok
15:59:39.0303 4924 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:59:39.0306 4924 Ndisuio - ok
15:59:39.0332 4924 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:59:39.0346 4924 NdisWan - ok
15:59:39.0364 4924 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:59:39.0368 4924 NDProxy - ok
15:59:39.0389 4924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:59:39.0392 4924 NetBIOS - ok
15:59:39.0421 4924 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:59:39.0433 4924 NetBT - ok
15:59:39.0459 4924 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:59:39.0461 4924 Netlogon - ok
15:59:39.0499 4924 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:59:39.0504 4924 Netman - ok
15:59:39.0592 4924 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:39.0606 4924 NetMsmqActivator - ok
15:59:39.0611 4924 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:39.0613 4924 NetPipeActivator - ok
15:59:39.0671 4924 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:59:39.0676 4924 netprofm - ok
15:59:39.0682 4924 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:39.0684 4924 NetTcpActivator - ok
15:59:39.0690 4924 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:39.0691 4924 NetTcpPortSharing - ok
15:59:40.0448 4924 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
15:59:40.0616 4924 NETw5s64 - ok
15:59:41.0151 4924 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:59:41.0289 4924 netw5v64 - ok
15:59:42.0086 4924 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
15:59:42.0239 4924 NETwNs64 - ok
15:59:42.0419 4924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:59:42.0422 4924 nfrd960 - ok
15:59:42.0469 4924 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:59:42.0472 4924 NlaSvc - ok
15:59:42.0491 4924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:59:42.0494 4924 Npfs - ok
15:59:42.0507 4924 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:59:42.0511 4924 nsi - ok
15:59:42.0525 4924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:59:42.0528 4924 nsiproxy - ok
15:59:42.0662 4924 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
15:59:42.0674 4924 Ntfs - ok
15:59:42.0736 4924 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:59:42.0737 4924 Null - ok
15:59:42.0768 4924 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
15:59:42.0770 4924 NVHDA - ok
15:59:43.0589 4924 nvlddmkm (d1db65fdda7af4853ef0994bb111d778) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:59:43.0673 4924 nvlddmkm - ok
15:59:43.0759 4924 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
15:59:43.0772 4924 nvraid - ok
15:59:43.0837 4924 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
15:59:43.0866 4924 nvstor - ok
15:59:43.0918 4924 nvsvc (8f9c2a5f96810467d50687ae00465424) C:\Windows\system32\nvvsvc.exe
15:59:43.0923 4924 nvsvc - ok
15:59:43.0984 4924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:59:43.0993 4924 nv_agp - ok
15:59:44.0016 4924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:59:44.0019 4924 ohci1394 - ok
15:59:44.0076 4924 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:59:44.0090 4924 ose - ok
15:59:44.0455 4924 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:59:44.0529 4924 osppsvc - ok
15:59:44.0672 4924 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:59:44.0686 4924 p2pimsvc - ok
15:59:44.0726 4924 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:59:44.0780 4924 p2psvc - ok
15:59:44.0826 4924 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:59:44.0837 4924 Parport - ok
15:59:44.0858 4924 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:59:44.0862 4924 partmgr - ok
15:59:44.0887 4924 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:59:44.0902 4924 PcaSvc - ok
15:59:44.0929 4924 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:59:44.0941 4924 pci - ok
15:59:44.0955 4924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:59:44.0958 4924 pciide - ok
15:59:44.0993 4924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:59:44.0997 4924 pcmcia - ok
15:59:45.0084 4924 PCTBD (a87932ff09593ba8d197667a13e2a628) C:\Windows\system32\Drivers\PCTBD64.sys
15:59:45.0085 4924 PCTBD - ok
15:59:45.0155 4924 PCTCore (876fd95b7a3b7fe6179fbd16e7a6486c) C:\Windows\system32\drivers\PCTCore64.sys
15:59:45.0171 4924 PCTCore - ok
15:59:45.0225 4924 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
15:59:45.0243 4924 pctDS - ok
15:59:45.0336 4924 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
15:59:45.0363 4924 pctEFA - ok
15:59:45.0434 4924 pctgntdi (2734c67950c2eccf46d2709db6cffc20) C:\Windows\System32\drivers\pctgntdi64.sys
15:59:45.0437 4924 pctgntdi - ok
15:59:45.0493 4924 pctplsg (8131a2c7b6d39a995dc73e20c31bc177) C:\Windows\System32\drivers\pctplsg64.sys
15:59:45.0494 4924 pctplsg - ok
15:59:45.0544 4924 PCTSD (c4775e7f54f3cc6307b73462b1b802c6) C:\Windows\system32\Drivers\PCTSD64.sys
15:59:45.0547 4924 PCTSD - ok
15:59:45.0566 4924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:59:45.0567 4924 pcw - ok
15:59:45.0623 4924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:59:45.0642 4924 PEAUTH - ok
15:59:45.0756 4924 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:59:45.0785 4924 PeerDistSvc - ok
15:59:45.0894 4924 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:59:45.0909 4924 PerfHost - ok
15:59:46.0119 4924 pfc - ok
15:59:46.0232 4924 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:59:46.0325 4924 pla - ok
15:59:46.0375 4924 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
15:59:46.0381 4924 PlugPlay - ok
15:59:46.0419 4924 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:59:46.0423 4924 PNRPAutoReg - ok
15:59:46.0462 4924 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:59:46.0466 4924 PNRPsvc - ok
15:59:46.0538 4924 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:59:46.0539 4924 Point64 - ok
15:59:46.0601 4924 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:59:46.0606 4924 PolicyAgent - ok
15:59:46.0636 4924 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:59:46.0640 4924 Power - ok
15:59:46.0677 4924 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:59:46.0686 4924 PptpMiniport - ok
15:59:46.0711 4924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:59:46.0715 4924 Processor - ok
15:59:46.0747 4924 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
15:59:46.0760 4924 ProfSvc - ok
15:59:46.0771 4924 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:59:46.0773 4924 ProtectedStorage - ok
15:59:46.0802 4924 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:59:46.0810 4924 Psched - ok
15:59:46.0873 4924 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:59:46.0875 4924 PSI_SVC_2 - ok
15:59:46.0997 4924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:59:47.0074 4924 ql2300 - ok
15:59:47.0463 4924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:59:47.0473 4924 ql40xx - ok
15:59:47.0509 4924 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:59:47.0525 4924 QWAVE - ok
15:59:47.0545 4924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:59:47.0547 4924 QWAVEdrv - ok
15:59:47.0565 4924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:59:47.0568 4924 RasAcd - ok
15:59:47.0599 4924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:59:47.0602 4924 RasAgileVpn - ok
15:59:47.0622 4924 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:59:47.0632 4924 RasAuto - ok
15:59:47.0653 4924 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:47.0662 4924 Rasl2tp - ok
15:59:47.0699 4924 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:59:47.0711 4924 RasMan - ok
15:59:47.0738 4924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:47.0749 4924 RasPppoe - ok
15:59:47.0770 4924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:59:47.0773 4924 RasSstp - ok
15:59:47.0871 4924 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:59:47.0886 4924 rdbss - ok
15:59:47.0903 4924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:59:47.0906 4924 rdpbus - ok
15:59:47.0929 4924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:47.0932 4924 RDPCDD - ok
15:59:48.0051 4924 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
15:59:48.0054 4924 RDPDR - ok
15:59:48.0096 4924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:59:48.0097 4924 RDPENCDD - ok
15:59:48.0162 4924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:59:48.0164 4924 RDPREFMP - ok
15:59:48.0207 4924 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:59:48.0211 4924 RDPWD - ok
15:59:48.0275 4924 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:59:48.0288 4924 rdyboost - ok
15:59:48.0330 4924 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:59:48.0340 4924 RemoteAccess - ok
15:59:48.0376 4924 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:59:48.0379 4924 RemoteRegistry - ok
15:59:48.0411 4924 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:59:48.0425 4924 RFCOMM - ok
15:59:48.0446 4924 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:59:48.0451 4924 RpcEptMapper - ok
15:59:48.0468 4924 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:59:48.0471 4924 RpcLocator - ok
15:59:48.0517 4924 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:59:48.0523 4924 RpcSs - ok
15:59:48.0587 4924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:59:48.0590 4924 rspndr - ok
15:59:48.0628 4924 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:59:48.0642 4924 RTL8167 - ok
15:59:48.0664 4924 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
15:59:48.0667 4924 s3cap - ok
15:59:48.0775 4924 SafeBox (92c63b7d2a4cdfa188019b5ba5d12847) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
15:59:48.0777 4924 SafeBox - ok
15:59:48.0798 4924 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:59:48.0800 4924 SamSs - ok
15:59:48.0872 4924 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:59:48.0873 4924 SASDIFSV - ok
15:59:48.0886 4924 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:59:48.0887 4924 SASKUTIL - ok
15:59:48.0910 4924 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:59:48.0921 4924 sbp2port - ok
15:59:48.0962 4924 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:59:48.0977 4924 SCardSvr - ok
15:59:49.0005 4924 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:59:49.0009 4924 scfilter - ok
15:59:49.0100 4924 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
15:59:49.0110 4924 Schedule - ok
15:59:49.0168 4924 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:59:49.0169 4924 SCPolicySvc - ok
15:59:49.0289 4924 sdAuxService (cfeb26a26452d5337c2f3aadd8218fc3) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
15:59:49.0322 4924 sdAuxService - ok
15:59:49.0383 4924 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
15:59:49.0391 4924 sdbus - ok
15:59:49.0509 4924 sdCoreService (b906c04f469060f2dd7fcb84706b4493) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
15:59:49.0546 4924 sdCoreService - ok
15:59:49.0595 4924 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:59:49.0599 4924 SDRSVC - ok
15:59:49.0673 4924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:59:49.0676 4924 secdrv - ok
15:59:49.0694 4924 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:59:49.0698 4924 seclogon - ok
15:59:49.0719 4924 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:59:49.0722 4924 SENS - ok
15:59:49.0742 4924 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:59:49.0746 4924 SensrSvc - ok
15:59:49.0767 4924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:59:49.0771 4924 Serenum - ok
15:59:49.0798 4924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:59:49.0858 4924 Serial - ok
15:59:49.0920 4924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:59:49.0922 4924 sermouse - ok
15:59:50.0119 4924 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:59:50.0122 4924 SessionEnv - ok
15:59:50.0137 4924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:59:50.0140 4924 sffdisk - ok
15:59:50.0154 4924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:59:50.0157 4924 sffp_mmc - ok
15:59:50.0178 4924 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:59:50.0181 4924 sffp_sd - ok
15:59:50.0201 4924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:59:50.0203 4924 sfloppy - ok
15:59:50.0264 4924 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:59:50.0280 4924 SharedAccess - ok
15:59:50.0348 4924 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:59:50.0352 4924 ShellHWDetection - ok
15:59:50.0371 4924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:59:50.0374 4924 SiSRaid2 - ok
15:59:50.0395 4924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:59:50.0398 4924 SiSRaid4 - ok
15:59:50.0692 4924 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:59:50.0714 4924 Skype C2C Service - ok
15:59:50.0804 4924 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:59:50.0805 4924 SkypeUpdate - ok
15:59:50.0935 4924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:59:50.0939 4924 Smb - ok
15:59:50.0977 4924 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:59:50.0981 4924 SNMPTRAP - ok
15:59:51.0126 4924 SplashtopRemoteService (5fa669007bd7874fbb70199211fff64d) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
15:59:51.0130 4924 SplashtopRemoteService - ok
15:59:51.0161 4924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:59:51.0162 4924 spldr - ok
15:59:51.0218 4924 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
15:59:51.0224 4924 Spooler - ok
15:59:51.0484 4924 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:59:51.0522 4924 sppsvc - ok
15:59:51.0643 4924 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:59:51.0648 4924 sppuinotify - ok
15:59:51.0717 4924 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
15:59:51.0732 4924 srv - ok
15:59:51.0779 4924 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
15:59:51.0795 4924 srv2 - ok
15:59:51.0889 4924 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
15:59:51.0902 4924 srvnet - ok
15:59:51.0933 4924 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:59:51.0936 4924 SSDPSRV - ok
15:59:51.0970 4924 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:59:51.0974 4924 SstpSvc - ok
15:59:52.0096 4924 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
15:59:52.0099 4924 SSUService - ok
15:59:52.0194 4924 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
15:59:52.0196 4924 STacSV - ok
15:59:52.0285 4924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:59:52.0288 4924 stexstor - ok
15:59:52.0345 4924 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
15:59:52.0399 4924 STHDA - ok
15:59:52.0480 4924 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:59:52.0487 4924 stisvc - ok
15:59:52.0543 4924 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:59:52.0544 4924 storflt - ok
15:59:52.0564 4924 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
15:59:52.0567 4924 storvsc - ok
15:59:52.0582 4924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:59:52.0583 4924 swenum - ok
15:59:52.0688 4924 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:59:52.0717 4924 SwitchBoard - ok
15:59:52.0783 4924 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:59:52.0812 4924 swprv - ok
15:59:52.0859 4924 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
15:59:52.0862 4924 SynTP - ok
15:59:53.0004 4924 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:59:53.0044 4924 SysMain - ok
15:59:53.0158 4924 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:59:53.0172 4924 TabletInputService - ok
15:59:53.0211 4924 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:59:53.0216 4924 TapiSrv - ok
15:59:53.0297 4924 TASCAM_US122144 (79e084fccfef637580a06f3dc36c1a6c) C:\Windows\system32\Drivers\tascusb2.sys
15:59:53.0324 4924 TASCAM_US122144 - ok
15:59:53.0357 4924 TASCAM_US144_MK2_WDM (bc94143174b92c181ae6135750daea7d) C:\Windows\system32\drivers\tscusb2a.sys
15:59:53.0360 4924 TASCAM_US144_MK2_WDM - ok
15:59:53.0384 4924 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:59:53.0387 4924 TBS - ok
15:59:53.0639 4924 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
15:59:53.0653 4924 Tcpip - ok
15:59:53.0996 4924 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
15:59:54.0010 4924 TCPIP6 - ok
15:59:54.0171 4924 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:59:54.0174 4924 tcpipreg - ok
15:59:54.0201 4924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:59:54.0204 4924 TDPIPE - ok
15:59:54.0227 4924 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:59:54.0230 4924 TDTCP - ok
15:59:54.0257 4924 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:59:54.0258 4924 tdx - ok
15:59:54.0274 4924 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:59:54.0276 4924 TermDD - ok
15:59:54.0353 4924 TermService (572f6c8d3726db1d3d524a6bce1c7eab) C:\Windows\System32\termsrv.dll
15:59:54.0360 4924 TermService - ok
15:59:54.0369 4924 TfFsMon - ok
15:59:54.0378 4924 TfNetMon - ok
15:59:54.0388 4924 TFSysMon - ok
15:59:54.0406 4924 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:59:54.0409 4924 Themes - ok
15:59:54.0490 4924 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:59:54.0492 4924 THREADORDER - ok
15:59:54.0518 4924 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:59:54.0521 4924 TrkWks - ok
15:59:54.0565 4924 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
15:59:54.0568 4924 trufos - ok
15:59:54.0624 4924 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:59:54.0638 4924 TrustedInstaller - ok
15:59:54.0666 4924 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:54.0668 4924 tssecsrv - ok
15:59:54.0693 4924 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:59:54.0702 4924 tunnel - ok
15:59:54.0726 4924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:59:54.0729 4924 uagp35 - ok
15:59:54.0778 4924 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
15:59:54.0793 4924 udfs - ok
15:59:54.0824 4924 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:59:54.0829 4924 UI0Detect - ok
15:59:54.0848 4924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:59:54.0852 4924 uliagpkx - ok
15:59:54.0875 4924 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:59:54.0878 4924 umbus - ok
15:59:54.0898 4924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:59:54.0900 4924 UmPass - ok
15:59:54.0933 4924 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
15:59:54.0937 4924 UmRdpService - ok
15:59:55.0031 4924 UPDATESRV (059eac23109a381c4b18b7e2f02a0cf3) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
15:59:55.0032 4924 UPDATESRV - ok
15:59:55.0074 4924 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:59:55.0078 4924 upnphost - ok
15:59:55.0111 4924 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
15:59:55.0114 4924 usbccgp - ok
15:59:55.0142 4924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:59:55.0152 4924 usbcir - ok
15:59:55.0176 4924 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
15:59:55.0179 4924 usbehci - ok
15:59:55.0217 4924 usbhub (7cc1c95896d60e868aa6dd2dd2f97ead) C:\Windows\system32\DRIVERS\usbhub.sys
15:59:55.0232 4924 usbhub - ok
15:59:55.0255 4924 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:59:55.0258 4924 usbohci - ok
15:59:55.0277 4924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:59:55.0280 4924 usbprint - ok
15:59:55.0309 4924 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:59:55.0312 4924 USBSTOR - ok
15:59:55.0336 4924 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:59:55.0339 4924 usbuhci - ok
15:59:55.0382 4924 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
15:59:55.0397 4924 usbvideo - ok
15:59:55.0429 4924 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:59:55.0434 4924 UxSms - ok
15:59:55.0464 4924 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:59:55.0466 4924 VaultSvc - ok
15:59:55.0512 4924 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
15:59:55.0525 4924 VBoxNetAdp - ok
15:59:55.0534 4924 VBoxNetFlt - ok
15:59:55.0564 4924 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
15:59:55.0566 4924 VClone - ok
15:59:55.0582 4924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:59:55.0583 4924 vdrvroot - ok
15:59:55.0632 4924 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:59:55.0653 4924 vds - ok
15:59:55.0672 4924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:55.0675 4924 vga - ok
15:59:55.0693 4924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:59:55.0696 4924 VgaSave - ok
15:59:55.0733 4924 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:59:55.0746 4924 vhdmp - ok
15:59:55.0767 4924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:59:55.0770 4924 viaide - ok
15:59:55.0912 4924 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
15:59:55.0926 4924 vmbus - ok
15:59:55.0945 4924 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:59:55.0948 4924 VMBusHID - ok
15:59:55.0977 4924 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:59:55.0980 4924 volmgr - ok
15:59:56.0021 4924 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:59:56.0068 4924 volmgrx - ok
15:59:56.0108 4924 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:59:56.0122 4924 volsnap - ok
15:59:56.0155 4924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:59:56.0165 4924 vsmraid - ok
15:59:56.0305 4924 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:59:56.0362 4924 VSS - ok
15:59:56.0560 4924 VSSERV (046441737f3f558e4a4c0311f6d7b6b7) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
15:59:56.0572 4924 VSSERV - ok
15:59:56.0774 4924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:59:56.0777 4924 vwifibus - ok
15:59:56.0800 4924 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:59:56.0803 4924 vwififlt - ok
15:59:56.0851 4924 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:59:56.0897 4924 W32Time - ok
15:59:56.0927 4924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:59:56.0931 4924 WacomPen - ok
15:59:56.0955 4924 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:56.0959 4924 WANARP - ok
15:59:56.0967 4924 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:56.0969 4924 Wanarpv6 - ok
15:59:57.0132 4924 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:59:57.0226 4924 wbengine - ok
15:59:57.0382 4924 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:59:57.0397 4924 WbioSrvc - ok
15:59:57.0440 4924 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
15:59:57.0464 4924 wcncsvc - ok
15:59:57.0491 4924 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:59:57.0500 4924 WcsPlugInService - ok
15:59:57.0534 4924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:59:57.0537 4924 Wd - ok
15:59:57.0564 4924 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
15:59:57.0567 4924 WDC_SAM - ok
15:59:57.0628 4924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:59:57.0651 4924 Wdf01000 - ok
15:59:57.0679 4924 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:59:57.0682 4924 WdiServiceHost - ok
15:59:57.0691 4924 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:59:57.0694 4924 WdiSystemHost - ok
15:59:57.0751 4924 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
15:59:57.0773 4924 WebClient - ok
15:59:57.0864 4924 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:59:57.0877 4924 Wecsvc - ok
15:59:57.0903 4924 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:59:57.0906 4924 wercplsupport - ok
15:59:57.0933 4924 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:59:57.0938 4924 WerSvc - ok
15:59:57.0972 4924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:59:57.0974 4924 WfpLwf - ok
15:59:57.0998 4924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:59:58.0001 4924 WIMMount - ok
15:59:58.0117 4924 WinAutomation Service (f6d1244e824375ff612ddabb5d7542ea) C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe
15:59:58.0120 4924 WinAutomation Service - ok
15:59:58.0136 4924 WinDefend - ok
15:59:58.0159 4924 WinHttpAutoProxySvc - ok
15:59:58.0248 4924 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:59:58.0259 4924 Winmgmt - ok
15:59:58.0420 4924 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:59:58.0474 4924 WinRM - ok
15:59:58.0658 4924 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:59:58.0667 4924 Wlansvc - ok
15:59:58.0714 4924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:59:58.0715 4924 WmiAcpi - ok
15:59:58.0828 4924 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:59:58.0841 4924 wmiApSrv - ok
15:59:58.0879 4924 WMPNetworkSvc - ok
15:59:58.0892 4924 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:59:58.0897 4924 WPCSvc - ok
15:59:58.0919 4924 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:59:58.0929 4924 WPDBusEnum - ok
15:59:58.0949 4924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:59:58.0951 4924 ws2ifsl - ok
15:59:58.0988 4924 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:59:58.0992 4924 wscsvc - ok
15:59:59.0001 4924 WSearch - ok
15:59:59.0298 4924 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
15:59:59.0336 4924 wuauserv - ok
15:59:59.0481 4924 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:59:59.0491 4924 WudfPf - ok
15:59:59.0524 4924 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:59.0537 4924 WUDFRd - ok
15:59:59.0564 4924 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:59:59.0567 4924 wudfsvc - ok
15:59:59.0604 4924 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:59:59.0617 4924 WwanSvc - ok
15:59:59.0673 4924 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:00:00.0051 4924 \Device\Harddisk0\DR0 - ok
16:00:00.0060 4924 Boot (0x1200) (700ff6fce396874e4b4cc6d0c3b22d22) \Device\Harddisk0\DR0\Partition0
16:00:00.0066 4924 \Device\Harddisk0\DR0\Partition0 - ok
16:00:00.0090 4924 Boot (0x1200) (85573753f6713fa3645fef8c984738e5) \Device\Harddisk0\DR0\Partition1
16:00:00.0097 4924 \Device\Harddisk0\DR0\Partition1 - ok
16:00:00.0127 4924 Boot (0x1200) (784d1f4e442b93c775bb47f5b897d835) \Device\Harddisk0\DR0\Partition2
16:00:00.0130 4924 \Device\Harddisk0\DR0\Partition2 - ok
16:00:00.0157 4924 Boot (0x1200) (b7d4fcaa0aca292b9e7af7bd53015dc5) \Device\Harddisk0\DR0\Partition3
16:00:00.0159 4924 \Device\Harddisk0\DR0\Partition3 - ok
16:00:00.0160 4924 ============================================================
16:00:00.0160 4924 Scan finished
16:00:00.0160 4924 ============================================================
16:00:00.0173 1540 Detected object count: 0
16:00:00.0173 1540 Actual detected object count: 0





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 16:06:03
-----------------------------
16:06:03.128 OS Version: Windows x64 6.1.7600
16:06:03.128 Number of processors: 8 586 0x1E05
16:06:03.130 ComputerName: PHOENIX UserName: Brandon
16:06:04.819 Initialize success
16:09:24.968 AVAST engine defs: 12072901
16:09:54.539 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:09:54.542 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3
16:09:54.555 Disk 0 MBR read successfully
16:09:54.559 Disk 0 MBR scan
16:09:54.685 Disk 0 Windows 7 default MBR code
16:09:54.693 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
16:09:54.706 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461240 MB offset 409600
16:09:54.743 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15396 MB offset 945029120
16:09:54.765 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
16:09:54.818 Disk 0 scanning C:\Windows\system32\drivers
16:10:07.611 Service scanning
16:10:10.784 Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
16:10:11.193 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
16:10:34.652 Modules scanning
16:10:34.668 Disk 0 trace - called modules:
16:10:34.683 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys PCTCore64.sys iaStor.sys hal.dll
16:10:34.692 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800718c060]
16:10:34.701 3 CLASSPNP.SYS[fffff880019c643f] -> nt!IofCallDriver -> [0xfffffa8006ff2b10]
16:10:34.709 5 hpdskflt.sys[fffff88001aab189] -> nt!IofCallDriver -> [0xfffffa8006fec8c0]
16:10:34.716 7 PCTCore64.sys[fffff8800136b720] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062f3050]
16:10:38.653 AVAST engine scan C:\Windows
16:10:44.552 AVAST engine scan C:\Windows\system32
16:14:29.303 AVAST engine scan C:\Windows\system32\drivers
16:14:46.176 AVAST engine scan C:\Users\Brandon
16:33:16.558 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
16:33:16.688 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 AM

Posted 29 July 2012 - 03:46 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\jimfit4a.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Smartbar Search

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 exp33

exp33
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 29 July 2012 - 04:17 PM

ComboFix 12-07-29.02 - Brandon 07/29/2012 16:55:08.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4086 [GMT -4:00]
Running from: c:\users\Brandon\Desktop\ComboFix.exe
Command switches used :: c:\users\Brandon\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Enabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Antispyware *Enabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brandon\AppData\Local\Temp\08f56ff6-864d-4a92-944a-57b870198cb2\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 21:06 . 2012-07-29 21:06 -------- d-----w- c:\users\New\AppData\Local\temp
2012-07-29 21:06 . 2012-07-29 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 21:06 . 2012-07-29 21:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-28 18:00 . 2012-06-22 15:39 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-07-28 18:00 . 2012-06-22 15:38 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-28 18:00 . 2012-06-22 15:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-28 18:00 . 2012-06-22 15:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-28 18:00 . 2012-06-22 15:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-07-28 17:59 . 2012-06-22 19:29 145464 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-07-28 17:59 . 2012-06-22 19:29 341200 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-07-28 17:59 . 2012-06-22 19:33 14808 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-07-28 17:58 . 2012-06-22 19:35 92928 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-07-28 17:57 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-07-28 17:57 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-07-28 17:57 . 2012-04-23 16:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-07-27 07:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C189AB16-D16D-4BB6-82EA-46E093C20F3C}\mpengine.dll
2012-07-23 23:55 . 2012-07-23 23:55 -------- d-----w- c:\users\Brandon\AppData\Local\brandont
2012-07-23 23:41 . 2012-07-23 23:41 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-23 23:41 . 2012-07-23 23:41 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-23 23:41 . 2012-07-23 23:41 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-23 23:41 . 2012-07-23 23:41 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-23 23:41 . 2012-07-23 23:41 188912 ----a-w- c:\windows\system32\java.exe
2012-07-23 23:41 . 2012-07-23 23:41 -------- d-----w- c:\program files\Java
2012-07-23 18:12 . 2012-07-23 18:19 -------- d-----w- c:\programdata\BDLogging
2012-07-23 18:11 . 2012-04-17 18:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-07-23 18:11 . 2011-11-17 21:38 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-07-23 18:11 . 2011-11-15 00:16 90192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2012-07-23 18:11 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
2012-07-23 18:11 . 2012-02-17 20:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-07-23 18:11 . 2012-03-21 00:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-07-23 18:11 . 2011-11-25 19:00 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-07-23 18:07 . 2012-07-23 18:19 -------- d-----w- c:\users\Brandon\AppData\Roaming\Bitdefender
2012-07-23 18:07 . 2012-07-23 18:20 -------- d-----w- c:\programdata\Bitdefender
2012-07-23 18:06 . 2012-07-23 18:06 -------- d-----w- c:\users\Brandon\AppData\Roaming\QuickScan
2012-07-23 18:05 . 2012-04-11 21:03 138232 ------w- c:\windows\system32\drivers\gzflt.sys
2012-07-23 18:05 . 2012-07-23 18:07 -------- d-----w- c:\program files\Bitdefender
2012-07-23 18:05 . 2012-04-24 19:28 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-07-23 17:59 . 2012-07-23 18:05 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-07-22 02:31 . 2012-07-22 02:32 -------- d-----w- c:\users\Brandon\AppData\Local\Softomotive
2012-07-22 02:31 . 2012-07-22 02:31 -------- dc-h--w- c:\programdata\{C7B82A41-F62F-4F56-A5F0-CA61A54D8122}
2012-07-22 02:30 . 2012-07-22 02:31 -------- d-----w- c:\program files\WinAutomation
2012-07-22 02:30 . 2012-07-22 02:30 -------- d-----w- c:\programdata\Softomotive
2012-07-22 02:28 . 2012-07-22 02:28 -------- d-----w- c:\users\Brandon\AppData\Local\PackageAware
2012-07-21 01:45 . 2012-07-21 01:45 -------- d-----w- c:\users\Brandon\AppData\Roaming\PCTools
2012-07-21 01:37 . 2012-07-21 01:37 -------- d-----w- c:\users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
2012-07-21 01:35 . 2012-07-21 01:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-21 01:35 . 2012-07-21 01:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-21 01:13 . 2012-07-21 01:13 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-07-21 01:13 . 2012-07-21 01:13 -------- d-----w- c:\program files\Prevx
2012-07-21 01:13 . 2012-07-23 18:21 -------- d-----w- c:\programdata\PrevxCSI
2012-07-17 22:19 . 2012-07-17 22:19 -------- d-----w- c:\users\Brandon\AppData\Local\{764E921D-D05D-11E1-8270-B8AC6F996F26}
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 09:00 . 2012-04-07 19:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 09:00 . 2012-01-10 01:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 09:00 . 2012-04-07 20:00 9821896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-03 17:46 . 2012-01-10 06:40 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 19:35 . 2012-01-09 08:11 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-06-22 14:43 . 2012-07-28 18:00 3488 ----a-w- c:\windows\UDB.zip
2012-06-22 14:43 . 2012-07-28 18:00 131 ----a-w- c:\windows\IDB.zip
2012-05-31 16:25 . 2012-01-09 22:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-11 11:34 . 2012-05-11 11:34 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-15 . 572F6C8D3726DB1D3D524A6BCE1C7EAB . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[-] 2009-10-15 . 572F6C8D3726DB1D3D524A6BCE1C7EAB . 706560 . . [6.1.7600.16385] .. c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_19.09.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-07-29 19:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-29 01:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-29 01:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-29 19:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-09 07:18 . 2012-07-29 19:11 43628 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-29 19:11 39202 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2012-07-29 19:11 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-07-27 19:41 86016 c:\windows\system32\DriverStore\infpub.dat
- 2012-01-09 01:31 . 2012-07-29 19:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-09 01:31 . 2012-07-29 21:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-09 01:31 . 2012-07-29 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-09 01:31 . 2012-07-29 19:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-29 19:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-29 21:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-09 13:13 . 2012-07-29 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-09 13:13 . 2012-07-29 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-09 13:13 . 2012-07-29 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-09 13:13 . 2012-07-29 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-29 21:07 . 2012-07-29 21:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-29 19:08 . 2012-07-29 19:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-29 19:08 . 2012-07-29 19:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-29 21:07 . 2012-07-29 21:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-29 19:15 675550 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-29 01:23 675550 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-29 19:15 126158 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-29 01:23 126158 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-07-29 19:11 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-27 19:41 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-29 19:11 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-07-27 19:41 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2012-07-29 21:06 580508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-29 19:06 580508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-29 01:18 2752512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-29 19:08 2752512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-09 07:52 . 2012-07-29 21:06 33784420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2500049911-2029401772-1478099865-1000-12288.dat
- 2012-01-09 07:52 . 2012-07-29 19:06 33784420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2500049911-2029401772-1478099865-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-22 3508624]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-02-22 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R2 WinAutomation Service;WinAutomation Service;c:\program files\WinAutomation\WinAutomation.ServiceAgent.exe [2012-07-05 207984]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 79952]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 136176]
R3 iscFlash;iscFlash;c:\users\Brandon\AppData\Local\Temp\7zSFC29.tmp\iscflashx64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-29 419160]
R3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-29 53080]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-21 691896]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-04-11 138232]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600]
S2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-06-25 63272]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-06-25 95184]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-06-15 548264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-06-08 68416]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-22 84512]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 09:00]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 18:48]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 18:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-07-23 23:43 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-07-23 23:43 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-07-23 23:43 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-07-23 23:43 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-24 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 16395880]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-07-23 1425944]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: blank
Trusted Zone: security_WinAutomation.Console.exe
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\jimfit4a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.newser.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
.
**************************************************************************
.
Completion time: 2012-07-29 17:16:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 21:16
ComboFix2.txt 2012-07-29 19:17
.
Pre-Run: 102,630,895,616 bytes free
Post-Run: 102,869,561,344 bytes free
.
- - End Of File - - DF065573C6AAEF585D8F4E0A1BB081C4

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 AM

Posted 29 July 2012 - 04:26 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 31
Java™ 6 Update 7
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 exp33

exp33
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 29 July 2012 - 07:55 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Brandon :: PHOENIX [administrator]

7/29/2012 8:43:42 PM
mbam-log-2012-07-29 (20-43-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233033
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:52:43 PM, on 7/29/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Brandon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\bitdefender\bitdefender 2013\bdprovider32\bdprovider.dll
O10 - Unknown file in Winsock LSP: c:\program files\bitdefender\bitdefender 2013\bdprovider32\bdprovider.dll
O10 - Unknown file in Winsock LSP: c:\program files\bitdefender\bitdefender 2013\bdprovider32\bdprovider.dll
O10 - Unknown file in Winsock LSP: c:\program files\bitdefender\bitdefender 2013\bdprovider32\bdprovider.dll
O10 - Unknown file in Winsock LSP: c:\program files\bitdefender\bitdefender 2013\bdprovider32\bdprovider.dll
O10 - Unknown file in Winsock LSP: c:\program files\bitdefender\bitdefender 2013\bdprovider32\bdprovider.dll
O10 - Unknown file in Winsock LSP: c:\program files\bitdefender\bitdefender 2013\bdprovider32\bdprovider.dll
O10 - Unknown file in Winsock LSP: c:\program files\bitdefender\bitdefender 2013\bdprovider32\bdprovider.dll
O10 - Unknown file in Winsock LSP: c:\program files\bitdefender\bitdefender 2013\bdprovider32\bdprovider.dll
O10 - Unknown file in Winsock LSP: c:\program files\bitdefender\bitdefender 2013\bdprovider32\bdprovider.dll
O10 - Unknown file in Winsock LSP: c:\program files\bitdefender\bitdefender 2013\bdprovider32\bdprovider.dll
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bitdefender Desktop Parental Control (BdDesktopParental) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinAutomation Service - Softomotive - C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12556 bytes




So far so good. No weird redirections using Google or anything like that, but the virus has disappeared and reappeared many times. Not seeing any evidence of it since running combofix and starting this process.

#12 exp33

exp33
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 29 July 2012 - 08:25 PM

Eh, scratch that. Just had a weird redirect clicking on a search result again.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 AM

Posted 29 July 2012 - 08:54 PM

Greetings

was it one redirection or has it restarted again



:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 exp33

exp33
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 29 July 2012 - 11:59 PM

I removed the startup entries you suggested.

Looks like we may be on to something here!

C:\Users\Brandon\AppData\Local\Apple\Adobe\rtfzrvfnz.dll a variant of Win32/Kryptik.AIZP trojan
C:\Users\Brandon\AppData\Local\{764E921D-D05D-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 AM

Posted 30 July 2012 - 12:02 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Users\Brandon\AppData\Local\{764E921D-D05D-11E1-8270-B8AC6F996F26}

File::
C:\Users\Brandon\AppData\Local\Apple\Adobe\rtfzrvfnz.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users