Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Root.kit, TDSS, syswow64, etc viruses


  • This topic is locked This topic is locked
34 replies to this topic

#1 Stubs Mckenzie

Stubs Mckenzie

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 27 July 2012 - 12:16 PM

(Copying original post)

On the 20th of this month, my computer was hit with a large group of viruses... TDSS, root.kit, and others. It stopped access to the internet, and looks to have damaged/removed some windows files.

I ran Spybot S&D, Malwarebytes, TDSS killer, Bitdefender (my current anti-virus), and finally combofix at the request of a professional that I had phoned. It seemed all viruses had been removed, but it took deleting anti-virus and installing again to access the internet, and some things are still unstable/don't work. After all of that, one of the viruses has also tried to come back twice more (Trojan.Sirefef.HT, sys32\services.exe.vir) so is obviously still imbeded somewhere on the system.

Current issues still at play:
-Bit defender has a critical error/crash every 20 minutes since being installed, and wants to be restarted all of the time. It seems it continues to function even after the error, but I don't know at what capacity.
-Windows Update no longer functions. I either get an 80246008 or 80246016(?) error. Have tried online solutions for repair to no avail.
-SFC /scannow says there are corrupted files it cannot fix. When I sent the log to desktop, 2 files were supposedly corrupted, C_1147.NLS, and PurblePlace.dll (a microsoft game?). I used 7-zip to access the original files from the win 7 disc, and deleted both C_1147.NLS and PurblePlace.dll then replaced them with the originals, but after a reboot, and rescan, SFC still says they are corrupted.
-Cannot use system restore. The virus destroyed all system restore points, up to a system restore created by combofix on the 24th. Even trying to access system restore from another user in safe mode, or from boot no longer shows any other restore points. Even that restore point is no longer accessible because when I tried to restore to it, or at the time a point from the 20th (no longer there) I would receive an error that the file C_1147.NLS was missing, and would abort the restore.
-I'm pretty sure there are a few more sys errors and such that I am just not remembering atm.

Tried creating a new user and switching over to avoid some errors, but none were fixed.

Thanks a bunch for the help, it is much appreciated.

Here is the DDS.txt:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Stubs Mckenzie at 12:25:36 on 2012-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.3910 [GMT -4:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\HPNetworkCommunicator.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDRSS.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDClock.exe
C:\Program Files\Bitdefender\Bitdefender 2013\BdParentalSysTray.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Stubs Mckenzie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stubs Mckenzie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Stubs Mckenzie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stubs Mckenzie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Stubs Mckenzie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stubs Mckenzie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll
Trusted Zone: intuit.com\ttlc
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6E24243B-510E-4EE0-A9B2-C19DDCA90F3A} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stubs Mckenzie\AppData\Roaming\Mozilla\Firefox\Profiles\4hlblbe2.default\
FF - prefs.js: browser.startup.homepage - www.gmail.com
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Stubs Mckenzie\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Stubs Mckenzie\AppData\Roaming\Mozilla\Firefox\Profiles\4hlblbe2.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 CLBStor;CLBStor;C:\Windows\system32\DRIVERS\CLBStor.sys --> C:\Windows\system32\DRIVERS\CLBStor.sys [?]
R0 gzflt;gzflt;C:\Windows\system32\DRIVERS\gzflt.sys --> C:\Windows\system32\DRIVERS\gzflt.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2012-7-26 90192]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-7-26 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2012-7-26 219360]
R2 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-7-26 63272]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2012-7-26 95184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-7-26 68416]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BDSandBox;BDSandBox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-6-14 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-6-14 30528]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
S4 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-5-19 65536]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-24 655944]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-2-8 517632]
S4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-6-4 116632]
S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120]
S4 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-15 65657]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-27 00:13:07 -------- d-----w- C:\ProgramData\bdch
2012-07-27 00:04:56 -------- d-----w- C:\Users\Stubs Mckenzie\AppData\Local\stubs.mckenzie
2012-07-27 00:02:24 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2012-07-27 00:02:22 90192 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys
2012-07-27 00:02:22 79952 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2012-07-27 00:02:22 511328 ----a-w- C:\Windows\capicom.dll
2012-07-27 00:02:19 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys
2012-07-27 00:02:19 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys
2012-07-27 00:01:59 -------- d-----w- C:\Users\Stubs Mckenzie\AppData\Roaming\Bitdefender
2012-07-27 00:01:58 -------- d-----w- C:\ProgramData\Bitdefender
2012-07-27 00:01:56 1700 ----a-w- C:\ProgramData\1343347148.2476.bin
2012-07-26 23:45:47 103458 ----a-w- C:\ProgramData\1343346103.bdinstall.bin
2012-07-26 23:34:58 186959 ----a-w- C:\ProgramData\1343345566.bdinstall.bin
2012-07-26 22:14:46 -------- d--h--w- C:\Program Files (x86)\DeviceVM
2012-07-26 21:52:47 25312 ----a-w- C:\Windows\System32\drivers\SCMNdisP.sys
2012-07-26 20:45:46 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-07-26 20:38:54 -------- d-----w- C:\Program Files (x86)\CleanUp!
2012-07-26 20:31:51 -------- d-----w- C:\ProgramData\HitmanPro
2012-07-25 01:03:54 98816 ----a-w- C:\Windows\sed.exe
2012-07-25 01:03:54 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-25 01:03:54 256000 ----a-w- C:\Windows\PEV.exe
2012-07-25 01:03:54 208896 ----a-w- C:\Windows\MBR.exe
2012-07-25 01:03:41 -------- d-s---w- C:\PCHelpForum.exe
2012-07-25 00:34:20 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-25 00:34:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-25 00:24:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-25 00:10:16 -------- d-----w- C:\Users\Stubs Mckenzie\AppData\Roaming\Malwarebytes
2012-07-25 00:10:16 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-24 22:39:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-23 22:22:55 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-21 19:03:46 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1D43A1B5-D560-4B92-968C-5A9E7D7C4B91}\mpengine.dll
2012-07-17 18:11:33 -------- d-----w- C:\Users\Stubs Mckenzie\AppData\Local\FalloutNV
2012-07-15 19:03:43 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-13 17:15:04 8139072 ----a-w- C:\Windows\System32\nvcuda.dll
2012-07-13 17:15:04 8105280 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-07-13 17:15:04 5982528 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-07-13 17:15:04 2881856 ----a-w- C:\Windows\System32\nvcuvenc.dll
2012-07-13 17:15:04 2681664 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-07-13 17:15:04 2524992 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-07-13 17:15:04 25248064 ----a-w- C:\Windows\System32\nvcompiler.dll
2012-07-13 17:15:04 2445120 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-07-13 17:15:04 2368832 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-07-13 17:15:04 19607872 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-07-13 17:15:04 17551680 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-07-13 17:15:04 14298944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-07-10 22:16:10 -------- d-----w- C:\Users\Stubs Mckenzie\AppData\Local\Macromedia
2012-07-08 23:17:09 429864 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\AoeOnlinePatch.dll
2012-07-08 23:17:09 2629928 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\AoeOnlineDlg.dll
2012-07-08 23:17:09 188824 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\expapply.dll
2012-07-08 23:17:04 188824 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\patchTemp\expapply.dll
2012-07-08 23:17:03 429864 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\patchTemp\AoeOnlinePatch.dll
2012-07-08 23:17:03 152872 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\patchTemp\AOEOnlineReplace.exe
2012-07-08 23:17:02 2629928 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\patchTemp\AoeOnlineDlg.dll
2012-07-05 06:54:21 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-05 06:54:21 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-05 06:51:08 -------- d-----w- C:\Users\Stubs Mckenzie\AppData\Local\CRE
2012-07-05 06:51:05 -------- d-----w- C:\Program Files (x86)\Conduit
2012-07-05 06:51:03 -------- d-----w- C:\Program Files (x86)\uTorrentControl2
.
==================== Find3M ====================
.
2012-07-27 00:04:04 99915 ----a-w- C:\ProgramData\1343347148.4760.bin
2012-07-27 00:04:04 37502 ----a-w- C:\ProgramData\1343347148.4804.bin
2012-07-27 00:03:44 61322 ----a-w- C:\ProgramData\1343347148.3796.bin
2012-07-27 00:03:44 182654 ----a-w- C:\ProgramData\1343347148.3988.bin
2012-07-27 00:02:01 7975 ----a-w- C:\ProgramData\1343347148.3788.bin
2012-07-27 00:00:23 1090 ----a-w- C:\ProgramData\1343347148.3784.bin
2012-07-27 00:00:19 1090 ----a-w- C:\ProgramData\1343347148.3044.bin
2012-07-26 23:59:53 6143 ----a-w- C:\ProgramData\1343347148.4836.bin
2012-07-26 23:59:51 3042 ----a-w- C:\ProgramData\1343347148.3196.bin
2012-07-26 23:59:51 13094 ----a-w- C:\ProgramData\1343347148.3816.bin
2012-07-25 00:09:50 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-25 00:09:50 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-27 00:41:49 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-05-25 21:54:28 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-25 21:54:28 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-25 02:23:18 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-25 02:23:18 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-25 02:13:47 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-15 10:48:00 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-05-15 10:48:00 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-05-15 10:48:00 2741568 ----a-w- C:\Windows\System32\nvapi64.dll
2012-05-15 10:48:00 25743168 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-05-15 10:48:00 18044224 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-05-15 10:48:00 1738048 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-05-15 10:48:00 15322432 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-05-15 10:48:00 10194752 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2008-04-13 23:12:14 102912 ----a-w- C:\Program Files (x86)\clipbrd.exe
.
============= FINISH: 12:26:29.05 ===============

((EDIT: Wanted to add sfc details txt before (1) and after (2) I replaced those 2 files listed straight from the windows 7 disc, and the error code when I attempted a restore... Not sure if either are helpful, but no point in keeping them to myself.))

Attached Files


Edited by Stubs Mckenzie, 27 July 2012 - 12:36 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 01 August 2012 - 12:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462719 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Stubs Mckenzie

Stubs Mckenzie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 01 August 2012 - 04:48 PM

Bumping by request. Running Win 7 64 bit, so didn't attach a GMER file (helpbot told me not to).

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:54 PM

Posted 01 August 2012 - 08:40 PM

please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Stubs Mckenzie

Stubs Mckenzie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 01 August 2012 - 10:22 PM

Here ya go.

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:54 PM

Posted 01 August 2012 - 10:29 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\Installer\{f70ed647-bf54-2704-75ef-f894acf200c8}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Stubs Mckenzie

Stubs Mckenzie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 01 August 2012 - 11:21 PM

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-02 00:14:43 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\Installer\{f70ed647-bf54-2704-75ef-f894acf200c8} moved successfully.

==== End of Fixlog ====

#8 Stubs Mckenzie

Stubs Mckenzie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 01 August 2012 - 11:41 PM

((EDIT: Had to run combofix in safe mode b/c BitDefender refused to turn off, if that is an issue for some reason, please let me know))

Combofix.txt:

ComboFix 12-07-31.03 - Stubs Mckenzie 08/02/2012 0:30.2.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.4628 [GMT -4:00]
Running from: c:\users\Stubs Mckenzie\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Outdated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Antispyware *Disabled/Outdated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1343345566.bdinstall.bin
c:\programdata\1343346103.bdinstall.bin
c:\programdata\1343347148.2476.bin
c:\programdata\1343347148.3044.bin
c:\programdata\1343347148.3196.bin
c:\programdata\1343347148.3784.bin
c:\programdata\1343347148.3788.bin
c:\programdata\1343347148.3796.bin
c:\programdata\1343347148.3816.bin
c:\programdata\1343347148.3988.bin
c:\programdata\1343347148.4760.bin
c:\programdata\1343347148.4804.bin
c:\programdata\1343347148.4836.bin
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
---- Previous Run -------
.
C:\Install.exe
c:\programdata\1338083670.bdinstall.bin
c:\users\Stubs Mckenzie\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
c:\users\Stubs Mckenzie\AppData\Local\Temp\WindowsAPI.dll3256237786729114087.lib
c:\users\Stubs Mckenzie\AppData\Local\Temp\WindowsFolderWatcher.dll6630615213185397667.lib
c:\users\Stubs Mckenzie\AppData\Local\Temp\ZumoLocalGateway.dll6493975556222779068.lib
c:\users\Stubs Mckenzie\AppData\Local\Temp\zumotaglib.dll1263450739713450458.lib
c:\users\STUBSM~1\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
c:\users\STUBSM~1\AppData\Local\Temp\WindowsAPI.dll3256237786729114087.lib
c:\users\STUBSM~1\AppData\Local\Temp\WindowsFolderWatcher.dll6630615213185397667.lib
c:\users\STUBSM~1\AppData\Local\Temp\ZumoLocalGateway.dll6493975556222779068.lib
c:\users\STUBSM~1\AppData\Local\Temp\zumotaglib.dll1263450739713450458.lib
c:\windows\Installer\{f70ed647-bf54-2704-75ef-f894acf200c8}\@
c:\windows\Installer\{f70ed647-bf54-2704-75ef-f894acf200c8}\L\00000004.@
c:\windows\Installer\{f70ed647-bf54-2704-75ef-f894acf200c8}\L\201d3dde
c:\windows\Installer\{f70ed647-bf54-2704-75ef-f894acf200c8}\n
c:\windows\Installer\{f70ed647-bf54-2704-75ef-f894acf200c8}\U\00000004.@
c:\windows\Installer\{f70ed647-bf54-2704-75ef-f894acf200c8}\U\80000000.@
c:\windows\Installer\{f70ed647-bf54-2704-75ef-f894acf200c8}\U\80000032.@
c:\windows\Installer\{f70ed647-bf54-2704-75ef-f894acf200c8}\U\80000064.@
c:\windows\SysWow64\system
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 04:37 . 2012-08-02 04:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 04:37 . 2012-08-02 04:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-02 02:53 . 2012-08-02 07:10 -------- d-----w- C:\FRST
2012-07-30 20:03 . 2012-07-30 20:03 -------- d-----w- C:\Binaries
2012-07-30 20:03 . 2012-07-30 20:03 -------- d-----w- c:\program files (x86)\Motorola Media Link
2012-07-27 15:24 . 2012-07-27 15:24 -------- d-----w- c:\program files\7-Zip
2012-07-27 06:11 . 2012-07-27 07:37 -------- d-----w- c:\users\Stubs Mckenzie 2.0
2012-07-27 00:13 . 2012-07-27 00:13 -------- d-----w- c:\programdata\bdch
2012-07-27 00:04 . 2012-07-27 00:04 -------- d-----w- c:\users\Stubs Mckenzie\AppData\Local\stubs.mckenzie
2012-07-27 00:02 . 2012-04-17 18:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-07-27 00:02 . 2011-11-17 21:38 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-07-27 00:02 . 2011-11-15 00:16 90192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2012-07-27 00:02 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
2012-07-27 00:02 . 2012-03-21 00:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-07-27 00:02 . 2012-02-17 20:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-07-27 00:01 . 2012-07-27 00:03 -------- d-----w- c:\users\Stubs Mckenzie\AppData\Roaming\Bitdefender
2012-07-27 00:01 . 2012-07-27 00:03 -------- d-----w- c:\programdata\Bitdefender
2012-07-26 23:59 . 2012-04-11 21:03 138232 ----a-w- c:\windows\system32\drivers\gzflt.sys
2012-07-26 23:59 . 2012-07-27 00:01 -------- d-----w- c:\program files\Bitdefender
2012-07-26 23:59 . 2012-04-24 19:28 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-07-26 23:59 . 2012-07-26 23:59 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-07-26 22:14 . 2012-07-26 22:14 -------- d--h--w- c:\program files (x86)\DeviceVM
2012-07-26 21:52 . 2007-01-19 07:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-07-26 21:15 . 2012-07-26 21:15 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2012-07-26 20:45 . 2012-07-26 20:45 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-26 20:38 . 2012-07-26 20:50 -------- d-----w- c:\program files (x86)\CleanUp!
2012-07-26 20:34 . 2012-07-26 20:34 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-07-26 20:31 . 2012-07-26 20:45 -------- d-----w- c:\programdata\HitmanPro
2012-07-25 00:34 . 2012-07-25 00:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-25 00:34 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 00:24 . 2012-07-25 00:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-25 00:10 . 2012-07-25 00:10 -------- d-----w- c:\users\Stubs Mckenzie\AppData\Roaming\Malwarebytes
2012-07-25 00:10 . 2012-07-25 00:10 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 22:39 . 2012-07-24 22:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-24 12:14 . 2012-07-24 12:14 -------- d-----w- c:\users\Administrator\AppData\Roaming\Motorola Mobility
2012-07-24 12:14 . 2012-07-24 12:14 -------- d-----w- c:\users\Administrator\AppData\Roaming\Bitdefender
2012-07-23 22:22 . 2012-07-23 22:22 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-21 19:03 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D43A1B5-D560-4B92-968C-5A9E7D7C4B91}\mpengine.dll
2012-07-17 18:11 . 2012-07-17 18:11 -------- d-----w- c:\users\Stubs Mckenzie\AppData\Local\FalloutNV
2012-07-15 19:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 18:58 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-13 17:15 . 2012-05-15 10:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-07-13 17:15 . 2012-05-15 10:48 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-07-13 17:15 . 2012-05-15 10:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-07-13 17:15 . 2012-05-15 10:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-07-13 17:15 . 2012-05-15 10:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-07-13 17:15 . 2012-05-15 10:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-07-13 17:15 . 2012-05-15 10:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-07-13 17:15 . 2012-05-15 10:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-07-13 17:15 . 2012-05-15 10:48 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-07-13 17:15 . 2012-05-15 10:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-07-13 17:15 . 2012-05-15 10:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-07-13 17:15 . 2012-05-15 10:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-07-10 22:16 . 2012-07-10 22:16 -------- d-----w- c:\users\Stubs Mckenzie\AppData\Local\Macromedia
2012-07-08 23:17 . 2012-07-08 23:17 188824 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires Online\expapply.dll
2012-07-08 23:17 . 2012-07-08 23:17 429864 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires Online\AoeOnlinePatch.dll
2012-07-08 23:17 . 2012-07-08 23:17 2629928 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires Online\AoeOnlineDlg.dll
2012-07-08 23:17 . 2012-07-08 23:17 188824 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires Online\patchTemp\expapply.dll
2012-07-08 23:17 . 2012-07-08 23:17 152872 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires Online\patchTemp\AOEOnlineReplace.exe
2012-07-08 23:17 . 2012-07-08 23:17 429864 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires Online\patchTemp\AoeOnlinePatch.dll
2012-07-08 23:17 . 2012-07-08 23:17 2629928 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires Online\patchTemp\AoeOnlineDlg.dll
2012-07-05 06:54 . 2012-07-05 06:54 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-05 06:54 . 2012-07-05 06:54 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-05 06:51 . 2012-07-05 06:51 -------- d-----w- c:\users\Stubs Mckenzie\AppData\Local\CRE
2012-07-05 06:51 . 2012-07-05 06:51 -------- d-----w- c:\program files (x86)\Conduit
2012-07-05 06:51 . 2012-07-05 06:51 -------- d-----w- c:\program files (x86)\uTorrentControl2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 20:02 . 2012-06-15 18:05 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2012-07-25 00:09 . 2012-04-04 22:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-25 00:09 . 2011-05-18 00:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-15 19:00 . 2010-05-20 03:11 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-02 22:19 . 2012-06-22 07:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 07:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 07:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 07:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 07:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 07:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 07:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 07:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 07:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-05-20 03:10 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2012-05-25 21:54 . 2012-05-25 21:54 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-25 21:54 . 2010-07-05 21:12 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-25 02:23 . 2011-10-26 01:12 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-25 02:23 . 2011-10-26 00:28 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-25 02:13 . 2011-10-26 00:28 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-15 10:48 . 2012-02-10 02:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-10 02:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-10 02:43 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-11-12 19:03 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-11-12 19:03 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2011-11-12 19:03 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-11-12 19:03 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-11-12 19:03 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2011-08-11 04:10 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 09:29 . 2010-07-09 20:27 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-07-09 20:27 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-04-03 22:42 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-07-09 20:27 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-07-09 20:27 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-12 21:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-12 21:46 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-12 21:47 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 21:47 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-12 21:46 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2008-04-13 23:12 . 2012-06-04 07:20 102912 ----a-w- c:\program files (x86)\clipbrd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-07-30 2089]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-21 691896]
R0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-04-11 138232]
R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-03-01 20520]
R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
R2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-08-01 63784]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-06-05 87400]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
R2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
R2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-06-25 95184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-08-01 68416]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 79952]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-08-05 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-09-14 30528]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-05-24 517632]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-05 113120]
S0 CLBStor;CLBStor;c:\windows\system32\DRIVERS\CLBStor.sys [2008-07-02 24560]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 14:39 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26460891-991238047-4059301600-1000Core.job
- c:\users\Stubs Mckenzie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 19:26]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26460891-991238047-4059301600-1000UA.job
- c:\users\Stubs Mckenzie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 19:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-07-27 10:47 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-07-27 10:47 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-07-27 10:47 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-07-27 10:47 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-14 110360]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-08-01 1528432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Stubs Mckenzie\AppData\Roaming\Mozilla\Firefox\Profiles\4hlblbe2.default\
FF - prefs.js: browser.startup.homepage - www.gmail.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\cyberlink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-26460891-991238047-4059301600-1000\Software\SecuROM\License information*]
"datasecu"=hex:a8,98,db,2c,3d,77,7c,bd,83,80,3d,39,84,ed,cc,92,2d,09,63,91,ec,
38,b1,8c,eb,11,3b,d6,3d,44,7c,4a,db,22,ec,06,68,d8,a1,85,55,5f,49,4e,0a,9b,\
"rkeysecu"=hex:7e,ee,b7,7e,74,a1,1d,11,ae,5a,fe,8a,2c,68,7c,56
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-02 00:39:00
ComboFix-quarantined-files.txt 2012-08-02 04:39
.
Pre-Run: 616,956,895,232 bytes free
Post-Run: 617,232,564,224 bytes free
.
- - End Of File - - 7C833FBC225804451B460D9119321B86

Edited by Stubs Mckenzie, 01 August 2012 - 11:45 PM.


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:54 PM

Posted 02 August 2012 - 07:42 AM

please do the following:


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish



NEXT

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
NEXT

Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Stubs Mckenzie

Stubs Mckenzie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 02 August 2012 - 05:18 PM

Came home from work to proceed with steps in last post, but once I turned the computer on, it BSOD'd and, upon reboot, Bitdefender is once again saying systemroot\svchost.exe is a potential virus... which is what happened when this all started. Can't pull a log (it seems) unless I run a deep scan with Bitdefender, and didn't want to do that without consulting.

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:54 PM

Posted 02 August 2012 - 06:04 PM

let's get a deeper look, where is bitdefender finding the threat, what is the entire path?

please do the following:

For 64bit systems please download Listparts64
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.


next re-run TDSSKiller,
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan

allow it to delete any threats found

post the resulting log:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Stubs Mckenzie

Stubs Mckenzie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 02 August 2012 - 06:11 PM

Result.txt:

ListParts by Farbar Version: 25-07-2012
Ran by Stubs Mckenzie (administrator) on 02-08-2012 at 19:06:22
Windows 7 (X64)
Running From: C:\Users\Stubs Mckenzie\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 33%
Total physical RAM: 6142.49 MB
Available physical RAM: 4095.89 MB
Total Pagefile: 12283.18 MB
Available Pagefile: 9746.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:931.41 GB) (Free:574.65 GB) NTFS
3 Drive d: () (Fixed) (Total:186.3 GB) (Free:46.08 GB) NTFS
4 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 186 GB 9 MB
Disk 1 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 186 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Partition 186 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 931 GB Healthy Boot

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume2
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {a1672c68-643b-11df-bc46-cf6d3f7b4285}
resumeobject {a1672c67-643b-11df-bc46-cf6d3f7b4285}
displayorder {a1672c68-643b-11df-bc46-cf6d3f7b4285}
toolsdisplayorder {bdbdbd00-6057-11e0-a7f3-ce9adfd72001}
{b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {a1672c68-643b-11df-bc46-cf6d3f7b4285}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {a1672c69-643b-11df-bc46-cf6d3f7b4285}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {a1672c67-643b-11df-bc46-cf6d3f7b4285}
nx OptIn

Windows Boot Loader
-------------------
identifier {a1672c69-643b-11df-bc46-cf6d3f7b4285}
device ramdisk=[C:]\Recovery\a1672c69-643b-11df-bc46-cf6d3f7b4285\Winre.wim,{a1672c6a-643b-11df-bc46-cf6d3f7b4285}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\a1672c69-643b-11df-bc46-cf6d3f7b4285\Winre.wim,{a1672c6a-643b-11df-bc46-cf6d3f7b4285}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {a1672c67-643b-11df-bc46-cf6d3f7b4285}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume2
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Real-mode Boot Sector
---------------------
identifier {bdbdbd00-6057-11e0-a7f3-ce9adfd72001}
device partition=C:
path \bdr-ld01.mbr
description Bitdefender Rescue Mode - Windows 7 Home Premium SP 1 (x64)

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {a1672c6a-643b-11df-bc46-cf6d3f7b4285}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\a1672c69-643b-11df-bc46-cf6d3f7b4285\boot.sdi


****** End Of Log ******

#13 Stubs Mckenzie

Stubs Mckenzie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 02 August 2012 - 06:20 PM

19:12:16.0621 3620 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:12:18.0622 3620 ============================================================
19:12:18.0622 3620 Current date / time: 2012/08/02 19:12:18.0622
19:12:18.0622 3620 SystemInfo:
19:12:18.0622 3620
19:12:18.0622 3620 OS Version: 6.1.7601 ServicePack: 1.0
19:12:18.0622 3620 Product type: Workstation
19:12:18.0622 3620 ComputerName: STUBSMCKENZIE
19:12:18.0623 3620 UserName: Stubs Mckenzie
19:12:18.0623 3620 Windows directory: C:\Windows
19:12:18.0623 3620 System windows directory: C:\Windows
19:12:18.0623 3620 Running under WOW64
19:12:18.0623 3620 Processor architecture: Intel x64
19:12:18.0623 3620 Number of processors: 8
19:12:18.0623 3620 Page size: 0x1000
19:12:18.0623 3620 Boot type: Normal boot
19:12:18.0623 3620 ============================================================
19:12:19.0387 3620 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:12:19.0387 3620 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:12:19.0394 3620 ============================================================
19:12:19.0394 3620 \Device\Harddisk0\DR0:
19:12:19.0394 3620 MBR partitions:
19:12:19.0394 3620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
19:12:19.0394 3620 \Device\Harddisk1\DR1:
19:12:19.0394 3620 MBR partitions:
19:12:19.0394 3620 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:12:19.0394 3620 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:12:19.0394 3620 ============================================================
19:12:19.0417 3620 C: <-> \Device\Harddisk1\DR1\Partition1
19:12:19.0429 3620 D: <-> \Device\Harddisk0\DR0\Partition0
19:12:19.0429 3620 ============================================================
19:12:19.0429 3620 Initialize success
19:12:19.0429 3620 ============================================================
19:12:35.0098 5068 ============================================================
19:12:35.0098 5068 Scan started
19:12:35.0098 5068 Mode: Manual; TDLFS;
19:12:35.0098 5068 ============================================================
19:12:35.0703 5068 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:12:35.0706 5068 1394ohci - ok
19:12:35.0741 5068 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:12:35.0744 5068 ACPI - ok
19:12:35.0769 5068 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:12:35.0770 5068 AcpiPmi - ok
19:12:35.0857 5068 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:12:35.0859 5068 AdobeARMservice - ok
19:12:35.0894 5068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:12:35.0900 5068 adp94xx - ok
19:12:35.0914 5068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:12:35.0918 5068 adpahci - ok
19:12:35.0927 5068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:12:35.0930 5068 adpu320 - ok
19:12:35.0950 5068 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:12:35.0952 5068 AeLookupSvc - ok
19:12:36.0000 5068 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:12:36.0005 5068 AFD - ok
19:12:36.0032 5068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:12:36.0033 5068 agp440 - ok
19:12:36.0059 5068 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:12:36.0061 5068 ALG - ok
19:12:36.0069 5068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:12:36.0070 5068 aliide - ok
19:12:36.0083 5068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:12:36.0084 5068 amdide - ok
19:12:36.0088 5068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:12:36.0089 5068 AmdK8 - ok
19:12:36.0093 5068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:12:36.0094 5068 AmdPPM - ok
19:12:36.0119 5068 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:12:36.0121 5068 amdsata - ok
19:12:36.0130 5068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:12:36.0133 5068 amdsbs - ok
19:12:36.0147 5068 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:12:36.0148 5068 amdxata - ok
19:12:36.0177 5068 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:12:36.0178 5068 AppID - ok
19:12:36.0193 5068 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:12:36.0194 5068 AppIDSvc - ok
19:12:36.0225 5068 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:12:36.0229 5068 Appinfo - ok
19:12:36.0286 5068 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:12:36.0303 5068 Apple Mobile Device - ok
19:12:36.0331 5068 AppleCharger (ec36746e224a3431463ef8124ebf2fec) C:\Windows\system32\DRIVERS\AppleCharger.sys
19:12:36.0332 5068 AppleCharger - ok
19:12:36.0355 5068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:12:36.0356 5068 arc - ok
19:12:36.0362 5068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:12:36.0363 5068 arcsas - ok
19:12:36.0386 5068 aspnet_state - ok
19:12:36.0402 5068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:12:36.0402 5068 AsyncMac - ok
19:12:36.0422 5068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:12:36.0422 5068 atapi - ok
19:12:36.0460 5068 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
19:12:36.0464 5068 atksgt - ok
19:12:36.0516 5068 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:12:36.0540 5068 AudioEndpointBuilder - ok
19:12:36.0546 5068 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:12:36.0551 5068 AudioSrv - ok
19:12:36.0636 5068 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
19:12:36.0641 5068 avc3 - ok
19:12:36.0673 5068 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
19:12:36.0675 5068 avchv - ok
19:12:36.0706 5068 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
19:12:36.0710 5068 avckf - ok
19:12:36.0722 5068 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:12:36.0725 5068 AxInstSV - ok
19:12:36.0750 5068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:12:36.0762 5068 b06bdrv - ok
19:12:36.0793 5068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:12:36.0797 5068 b57nd60a - ok
19:12:36.0876 5068 BCUService (f29d375926e36e3a56af4805c7749302) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
19:12:36.0878 5068 BCUService - ok
19:12:36.0974 5068 BdDesktopParental (c2326fda773e9ef9fed5c17afbc6ab61) C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
19:12:36.0975 5068 BdDesktopParental - ok
19:12:36.0993 5068 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:12:36.0996 5068 BDESVC - ok
19:12:37.0053 5068 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
19:12:37.0054 5068 BdfNdisf - ok
19:12:37.0088 5068 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
19:12:37.0089 5068 bdfwfpf - ok
19:12:37.0137 5068 BDSandBox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
19:12:37.0138 5068 BDSandBox - ok
19:12:37.0151 5068 BDVEDISK (50f796cb1e8c80f3d19435cb50c3dab5) C:\Windows\system32\DRIVERS\bdvedisk.sys
19:12:37.0152 5068 BDVEDISK - ok
19:12:37.0173 5068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:12:37.0174 5068 Beep - ok
19:12:37.0245 5068 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:12:37.0254 5068 BFE - ok
19:12:37.0271 5068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:12:37.0272 5068 blbdrive - ok
19:12:37.0339 5068 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:12:37.0354 5068 Bonjour Service - ok
19:12:37.0396 5068 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:12:37.0398 5068 bowser - ok
19:12:37.0411 5068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:12:37.0411 5068 BrFiltLo - ok
19:12:37.0420 5068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:12:37.0421 5068 BrFiltUp - ok
19:12:37.0433 5068 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:12:37.0435 5068 BridgeMP - ok
19:12:37.0466 5068 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:12:37.0468 5068 Browser - ok
19:12:37.0480 5068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:12:37.0484 5068 Brserid - ok
19:12:37.0488 5068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:12:37.0488 5068 BrSerWdm - ok
19:12:37.0491 5068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:12:37.0492 5068 BrUsbMdm - ok
19:12:37.0495 5068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:12:37.0496 5068 BrUsbSer - ok
19:12:37.0525 5068 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
19:12:37.0526 5068 BTCFilterService - ok
19:12:37.0539 5068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:12:37.0540 5068 BTHMODEM - ok
19:12:37.0547 5068 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:12:37.0550 5068 bthserv - ok
19:12:37.0557 5068 catchme - ok
19:12:37.0575 5068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:12:37.0577 5068 cdfs - ok
19:12:37.0609 5068 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:12:37.0611 5068 cdrom - ok
19:12:37.0647 5068 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:12:37.0650 5068 CertPropSvc - ok
19:12:37.0664 5068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:12:37.0665 5068 circlass - ok
19:12:37.0678 5068 CLBStor (e00ec8b584114ea6c227588d046d1646) C:\Windows\system32\DRIVERS\CLBStor.sys
19:12:37.0678 5068 CLBStor - ok
19:12:37.0709 5068 CLBUDF (2f9a2c57f31bf010b4e9d88809a86183) C:\Windows\system32\drivers\CLBUDF.sys
19:12:37.0722 5068 CLBUDF - ok
19:12:37.0747 5068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:12:37.0752 5068 CLFS - ok
19:12:37.0803 5068 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:12:37.0805 5068 clr_optimization_v2.0.50727_32 - ok
19:12:37.0826 5068 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:12:37.0828 5068 clr_optimization_v2.0.50727_64 - ok
19:12:37.0904 5068 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:12:37.0905 5068 clr_optimization_v4.0.30319_32 - ok
19:12:37.0933 5068 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:12:37.0935 5068 clr_optimization_v4.0.30319_64 - ok
19:12:37.0953 5068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:12:37.0954 5068 CmBatt - ok
19:12:37.0983 5068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:12:37.0983 5068 cmdide - ok
19:12:38.0098 5068 cmuda3 (277d3ed6b6901a9c15b7828d40269509) C:\Windows\system32\drivers\cmudax3.sys
19:12:38.0138 5068 cmuda3 - ok
19:12:38.0225 5068 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:12:38.0238 5068 CNG - ok
19:12:38.0249 5068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:12:38.0249 5068 Compbatt - ok
19:12:38.0298 5068 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:12:38.0299 5068 CompositeBus - ok
19:12:38.0302 5068 COMSysApp - ok
19:12:38.0311 5068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:12:38.0311 5068 crcdisk - ok
19:12:38.0359 5068 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:12:38.0361 5068 CryptSvc - ok
19:12:38.0510 5068 CT20XUT (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
19:12:38.0512 5068 CT20XUT - ok
19:12:38.0516 5068 CT20XUT.SYS (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
19:12:38.0518 5068 CT20XUT.SYS - ok
19:12:38.0521 5068 ctac32k - ok
19:12:38.0524 5068 ctaud2k - ok
19:12:38.0605 5068 CTEXFIFX (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
19:12:38.0645 5068 CTEXFIFX - ok
19:12:38.0718 5068 CTEXFIFX.SYS (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
19:12:38.0727 5068 CTEXFIFX.SYS - ok
19:12:38.0766 5068 CTHWIUT (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
19:12:38.0767 5068 CTHWIUT - ok
19:12:38.0769 5068 CTHWIUT.SYS (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
19:12:38.0769 5068 CTHWIUT.SYS - ok
19:12:38.0771 5068 ctprxy2k - ok
19:12:38.0774 5068 ctsfm2k - ok
19:12:38.0825 5068 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:12:38.0836 5068 DcomLaunch - ok
19:12:38.0866 5068 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:12:38.0871 5068 defragsvc - ok
19:12:38.0940 5068 DeviceMonitorService (3430ead65bbe8516572eb7c8b82ed8cd) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
19:12:38.0941 5068 DeviceMonitorService - ok
19:12:38.0970 5068 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:12:38.0972 5068 DfsC - ok
19:12:39.0007 5068 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:12:39.0011 5068 Dhcp - ok
19:12:39.0021 5068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:12:39.0022 5068 discache - ok
19:12:39.0034 5068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:12:39.0035 5068 Disk - ok
19:12:39.0061 5068 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:12:39.0064 5068 Dnscache - ok
19:12:39.0087 5068 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:12:39.0092 5068 dot3svc - ok
19:12:39.0124 5068 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:12:39.0126 5068 DPS - ok
19:12:39.0147 5068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:12:39.0147 5068 drmkaud - ok
19:12:39.0211 5068 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:12:39.0222 5068 DXGKrnl - ok
19:12:39.0240 5068 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:12:39.0242 5068 EapHost - ok
19:12:39.0371 5068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:12:39.0434 5068 ebdrv - ok
19:12:39.0479 5068 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:12:39.0481 5068 EFS - ok
19:12:39.0556 5068 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:12:39.0571 5068 ehRecvr - ok
19:12:39.0591 5068 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:12:39.0594 5068 ehSched - ok
19:12:39.0640 5068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:12:39.0649 5068 elxstor - ok
19:12:39.0679 5068 emupia (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
19:12:39.0681 5068 emupia - ok
19:12:39.0707 5068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:12:39.0708 5068 ErrDev - ok
19:12:39.0742 5068 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
19:12:39.0743 5068 etdrv - ok
19:12:39.0769 5068 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:12:39.0773 5068 EventSystem - ok
19:12:39.0795 5068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:12:39.0797 5068 exfat - ok
19:12:39.0815 5068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:12:39.0818 5068 fastfat - ok
19:12:39.0875 5068 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:12:39.0883 5068 Fax - ok
19:12:39.0897 5068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:12:39.0898 5068 fdc - ok
19:12:39.0901 5068 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:12:39.0902 5068 fdPHost - ok
19:12:39.0912 5068 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:12:39.0913 5068 FDResPub - ok
19:12:39.0929 5068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:12:39.0930 5068 FileInfo - ok
19:12:39.0938 5068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:12:39.0938 5068 Filetrace - ok
19:12:39.0950 5068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:12:39.0951 5068 flpydisk - ok
19:12:39.0973 5068 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:12:39.0977 5068 FltMgr - ok
19:12:40.0040 5068 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:12:40.0061 5068 FontCache - ok
19:12:40.0112 5068 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:12:40.0114 5068 FontCache3.0.0.0 - ok
19:12:40.0121 5068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:12:40.0122 5068 FsDepends - ok
19:12:40.0149 5068 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:12:40.0150 5068 Fs_Rec - ok
19:12:40.0191 5068 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:12:40.0193 5068 fvevol - ok
19:12:40.0206 5068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:12:40.0207 5068 gagp30kx - ok
19:12:40.0216 5068 gdrv - ok
19:12:40.0233 5068 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:12:40.0233 5068 GEARAspiWDM - ok
19:12:40.0284 5068 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:12:40.0294 5068 gpsvc - ok
19:12:40.0339 5068 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
19:12:40.0339 5068 GVTDrv64 - ok
19:12:40.0382 5068 gzflt (07177b5a8c277074c30ac515febd4f37) C:\Windows\system32\DRIVERS\gzflt.sys
19:12:40.0384 5068 gzflt - ok
19:12:40.0450 5068 ha20x2k (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
19:12:40.0487 5068 ha20x2k - ok
19:12:40.0546 5068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:12:40.0547 5068 hcw85cir - ok
19:12:40.0596 5068 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:12:40.0600 5068 HdAudAddService - ok
19:12:40.0642 5068 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:12:40.0643 5068 HDAudBus - ok
19:12:40.0654 5068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:12:40.0655 5068 HidBatt - ok
19:12:40.0661 5068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:12:40.0662 5068 HidBth - ok
19:12:40.0673 5068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:12:40.0674 5068 HidIr - ok
19:12:40.0691 5068 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:12:40.0692 5068 hidserv - ok
19:12:40.0712 5068 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:12:40.0713 5068 HidUsb - ok
19:12:40.0746 5068 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:12:40.0753 5068 hkmsvc - ok
19:12:40.0791 5068 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:12:40.0796 5068 HomeGroupListener - ok
19:12:40.0814 5068 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:12:40.0817 5068 HomeGroupProvider - ok
19:12:40.0830 5068 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:12:40.0832 5068 HpSAMD - ok
19:12:40.0883 5068 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:12:40.0891 5068 HTTP - ok
19:12:40.0921 5068 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:12:40.0922 5068 hwpolicy - ok
19:12:40.0964 5068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:12:40.0966 5068 i8042prt - ok
19:12:41.0004 5068 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:12:41.0018 5068 iaStorV - ok
19:12:41.0090 5068 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:12:41.0111 5068 IDriverT - ok
19:12:41.0181 5068 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:12:41.0201 5068 idsvc - ok
19:12:41.0230 5068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:12:41.0231 5068 iirsp - ok
19:12:41.0279 5068 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:12:41.0290 5068 IKEEXT - ok
19:12:41.0425 5068 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
19:12:41.0465 5068 IntcAzAudAddService - ok
19:12:41.0496 5068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:12:41.0496 5068 intelide - ok
19:12:41.0507 5068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:12:41.0508 5068 intelppm - ok
19:12:41.0578 5068 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
19:12:41.0588 5068 IntuitUpdateService - ok
19:12:41.0635 5068 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:12:41.0643 5068 IntuitUpdateServiceV4 - ok
19:12:41.0656 5068 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:12:41.0660 5068 IPBusEnum - ok
19:12:41.0691 5068 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:12:41.0692 5068 IpFilterDriver - ok
19:12:41.0746 5068 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:12:41.0752 5068 iphlpsvc - ok
19:12:41.0758 5068 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:12:41.0758 5068 IPMIDRV - ok
19:12:41.0776 5068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:12:41.0777 5068 IPNAT - ok
19:12:41.0868 5068 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
19:12:41.0890 5068 iPod Service - ok
19:12:41.0907 5068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:12:41.0907 5068 IRENUM - ok
19:12:41.0930 5068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:12:41.0931 5068 isapnp - ok
19:12:41.0955 5068 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:12:41.0958 5068 iScsiPrt - ok
19:12:42.0009 5068 JMB36X (b4cda1b4263b53d249ac27a4892da634) C:\Windows\SysWOW64\XSrvSetup.exe
19:12:42.0028 5068 JMB36X - ok
19:12:42.0043 5068 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
19:12:42.0044 5068 JRAID - ok
19:12:42.0066 5068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:12:42.0067 5068 kbdclass - ok
19:12:42.0084 5068 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:12:42.0085 5068 kbdhid - ok
19:12:42.0093 5068 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:12:42.0095 5068 KeyIso - ok
19:12:42.0122 5068 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:12:42.0123 5068 KSecDD - ok
19:12:42.0157 5068 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:12:42.0159 5068 KSecPkg - ok
19:12:42.0171 5068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:12:42.0171 5068 ksthunk - ok
19:12:42.0200 5068 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:12:42.0217 5068 KtmRm - ok
19:12:42.0276 5068 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:12:42.0280 5068 LanmanServer - ok
19:12:42.0315 5068 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:12:42.0319 5068 LanmanWorkstation - ok
19:12:42.0352 5068 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
19:12:42.0352 5068 LGBusEnum - ok
19:12:42.0372 5068 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
19:12:42.0373 5068 LGVirHid - ok
19:12:42.0398 5068 LHidFilt (ceb6e18dcfad5c72b81c7da1ac3c1cc1) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:12:42.0399 5068 LHidFilt - ok
19:12:42.0448 5068 LightScribeService (4af65f3a2253df7d0b8d80812eae7a7c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:12:42.0463 5068 LightScribeService - ok
19:12:42.0489 5068 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
19:12:42.0490 5068 lirsgt - ok
19:12:42.0504 5068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:12:42.0505 5068 lltdio - ok
19:12:42.0534 5068 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:12:42.0539 5068 lltdsvc - ok
19:12:42.0551 5068 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:12:42.0552 5068 lmhosts - ok
19:12:42.0561 5068 LMouFilt (f9e48f18be4d2b365f138987b8e7885b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:12:42.0562 5068 LMouFilt - ok
19:12:42.0587 5068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:12:42.0588 5068 LSI_FC - ok
19:12:42.0604 5068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:12:42.0605 5068 LSI_SAS - ok
19:12:42.0615 5068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:12:42.0616 5068 LSI_SAS2 - ok
19:12:42.0632 5068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:12:42.0634 5068 LSI_SCSI - ok
19:12:42.0659 5068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:12:42.0661 5068 luafv - ok
19:12:42.0700 5068 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:12:42.0701 5068 MBAMProtector - ok
19:12:42.0773 5068 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:12:42.0802 5068 MBAMService - ok
19:12:42.0867 5068 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
19:12:42.0910 5068 McciCMService - ok
19:12:42.0973 5068 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
19:12:42.0986 5068 McciCMService64 - ok
19:12:43.0063 5068 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:12:43.0068 5068 Mcx2Svc - ok
19:12:43.0090 5068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:12:43.0091 5068 megasas - ok
19:12:43.0111 5068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:12:43.0115 5068 MegaSR - ok
19:12:43.0130 5068 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:12:43.0132 5068 MMCSS - ok
19:12:43.0141 5068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:12:43.0141 5068 Modem - ok
19:12:43.0150 5068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:12:43.0151 5068 monitor - ok
19:12:43.0170 5068 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
19:12:43.0171 5068 motandroidusb - ok
19:12:43.0208 5068 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
19:12:43.0208 5068 motccgp - ok
19:12:43.0230 5068 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
19:12:43.0231 5068 motccgpfl - ok
19:12:43.0261 5068 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
19:12:43.0261 5068 motmodem - ok
19:12:43.0351 5068 Motorola Device Manager (a8fd4605aacf006bba3b2b90ac9565b2) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
19:12:43.0352 5068 Motorola Device Manager - ok
19:12:43.0370 5068 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
19:12:43.0370 5068 MotoSwitchService - ok
19:12:43.0497 5068 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
19:12:43.0497 5068 Motousbnet - ok
19:12:43.0500 5068 motusbdevice - ok
19:12:43.0529 5068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:12:43.0530 5068 mouclass - ok
19:12:43.0552 5068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:12:43.0552 5068 mouhid - ok
19:12:43.0578 5068 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:12:43.0580 5068 mountmgr - ok
19:12:43.0625 5068 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:12:43.0642 5068 MozillaMaintenance - ok
19:12:43.0671 5068 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:12:43.0673 5068 mpio - ok
19:12:43.0683 5068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:12:43.0685 5068 mpsdrv - ok
19:12:43.0760 5068 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:12:43.0770 5068 MpsSvc - ok
19:12:43.0800 5068 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:12:43.0802 5068 MRxDAV - ok
19:12:43.0837 5068 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:12:43.0839 5068 mrxsmb - ok
19:12:43.0875 5068 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:12:43.0878 5068 mrxsmb10 - ok
19:12:43.0891 5068 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:12:43.0893 5068 mrxsmb20 - ok
19:12:43.0903 5068 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:12:43.0904 5068 msahci - ok
19:12:43.0922 5068 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:12:43.0924 5068 msdsm - ok
19:12:43.0943 5068 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:12:43.0947 5068 MSDTC - ok
19:12:43.0964 5068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:12:43.0965 5068 Msfs - ok
19:12:43.0972 5068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:12:43.0973 5068 mshidkmdf - ok
19:12:43.0984 5068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:12:43.0984 5068 msisadrv - ok
19:12:44.0017 5068 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:12:44.0022 5068 MSiSCSI - ok
19:12:44.0025 5068 msiserver - ok
19:12:44.0042 5068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:12:44.0043 5068 MSKSSRV - ok
19:12:44.0051 5068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:12:44.0052 5068 MSPCLOCK - ok
19:12:44.0061 5068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:12:44.0062 5068 MSPQM - ok
19:12:44.0099 5068 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:12:44.0102 5068 MsRPC - ok
19:12:44.0114 5068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:12:44.0114 5068 mssmbios - ok
19:12:44.0123 5068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:12:44.0123 5068 MSTEE - ok
19:12:44.0125 5068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:12:44.0125 5068 MTConfig - ok
19:12:44.0140 5068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:12:44.0141 5068 Mup - ok
19:12:44.0185 5068 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:12:44.0197 5068 napagent - ok
19:12:44.0231 5068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:12:44.0234 5068 NativeWifiP - ok
19:12:44.0307 5068 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:12:44.0315 5068 NDIS - ok
19:12:44.0332 5068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:12:44.0333 5068 NdisCap - ok
19:12:44.0355 5068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:12:44.0356 5068 NdisTapi - ok
19:12:44.0387 5068 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:12:44.0388 5068 Ndisuio - ok
19:12:44.0417 5068 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:12:44.0419 5068 NdisWan - ok
19:12:44.0431 5068 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:12:44.0431 5068 NDProxy - ok
19:12:44.0444 5068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:12:44.0445 5068 NetBIOS - ok
19:12:44.0454 5068 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:12:44.0456 5068 NetBT - ok
19:12:44.0479 5068 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:12:44.0479 5068 Netlogon - ok
19:12:44.0521 5068 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:12:44.0526 5068 Netman - ok
19:12:44.0549 5068 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:12:44.0554 5068 netprofm - ok
19:12:44.0605 5068 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:12:44.0608 5068 NetTcpPortSharing - ok
19:12:44.0620 5068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:12:44.0621 5068 nfrd960 - ok
19:12:44.0644 5068 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:12:44.0648 5068 NlaSvc - ok
19:12:44.0657 5068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:12:44.0657 5068 Npfs - ok
19:12:44.0668 5068 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:12:44.0669 5068 nsi - ok
19:12:44.0682 5068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:12:44.0682 5068 nsiproxy - ok
19:12:44.0762 5068 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:12:44.0777 5068 Ntfs - ok
19:12:44.0834 5068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:12:44.0834 5068 Null - ok
19:12:44.0852 5068 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:12:44.0853 5068 nusb3hub - ok
19:12:44.0883 5068 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:12:44.0885 5068 nusb3xhc - ok
19:12:45.0285 5068 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:12:45.0472 5068 nvlddmkm - ok
19:12:45.0525 5068 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:12:45.0527 5068 nvraid - ok
19:12:45.0550 5068 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:12:45.0553 5068 nvstor - ok
19:12:45.0617 5068 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
19:12:45.0636 5068 nvsvc - ok
19:12:45.0664 5068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:12:45.0665 5068 nv_agp - ok
19:12:45.0698 5068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:12:45.0700 5068 ohci1394 - ok
19:12:45.0761 5068 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:12:45.0764 5068 ose - ok
19:12:45.0970 5068 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:12:46.0084 5068 osppsvc - ok
19:12:46.0108 5068 ossrv - ok
19:12:46.0133 5068 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:12:46.0140 5068 p2pimsvc - ok
19:12:46.0162 5068 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:12:46.0175 5068 p2psvc - ok
19:12:46.0189 5068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:12:46.0190 5068 Parport - ok
19:12:46.0218 5068 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:12:46.0219 5068 partmgr - ok
19:12:46.0237 5068 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:12:46.0240 5068 PcaSvc - ok
19:12:46.0272 5068 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:12:46.0274 5068 pci - ok
19:12:46.0283 5068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:12:46.0284 5068 pciide - ok
19:12:46.0309 5068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:12:46.0312 5068 pcmcia - ok
19:12:46.0316 5068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:12:46.0317 5068 pcw - ok
19:12:46.0353 5068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:12:46.0362 5068 PEAUTH - ok
19:12:46.0431 5068 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:12:46.0439 5068 PerfHost - ok
19:12:46.0538 5068 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:12:46.0565 5068 pla - ok
19:12:46.0602 5068 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:12:46.0608 5068 PlugPlay - ok
19:12:46.0625 5068 PnkBstrA - ok
19:12:46.0638 5068 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:12:46.0640 5068 PNRPAutoReg - ok
19:12:46.0664 5068 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:12:46.0668 5068 PNRPsvc - ok
19:12:46.0713 5068 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:12:46.0719 5068 PolicyAgent - ok
19:12:46.0740 5068 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:12:46.0744 5068 Power - ok
19:12:46.0786 5068 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:12:46.0788 5068 PptpMiniport - ok
19:12:46.0801 5068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:12:46.0802 5068 Processor - ok
19:12:46.0833 5068 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:12:46.0836 5068 ProfSvc - ok
19:12:46.0862 5068 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:12:46.0863 5068 ProtectedStorage - ok
19:12:46.0881 5068 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:12:46.0883 5068 Psched - ok
19:12:46.0951 5068 PST Service (ea735bf6df13a857a83c99bf27a422ad) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
19:12:46.0952 5068 PST Service - ok
19:12:47.0017 5068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:12:47.0037 5068 ql2300 - ok
19:12:47.0081 5068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:12:47.0082 5068 ql40xx - ok
19:12:47.0093 5068 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:12:47.0099 5068 QWAVE - ok
19:12:47.0108 5068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:12:47.0109 5068 QWAVEdrv - ok
19:12:47.0115 5068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:12:47.0116 5068 RasAcd - ok
19:12:47.0130 5068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:12:47.0131 5068 RasAgileVpn - ok
19:12:47.0137 5068 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:12:47.0141 5068 RasAuto - ok
19:12:47.0158 5068 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:12:47.0159 5068 Rasl2tp - ok
19:12:47.0181 5068 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:12:47.0186 5068 RasMan - ok
19:12:47.0199 5068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:12:47.0200 5068 RasPppoe - ok
19:12:47.0216 5068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:12:47.0217 5068 RasSstp - ok
19:12:47.0239 5068 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:12:47.0243 5068 rdbss - ok
19:12:47.0253 5068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:12:47.0253 5068 rdpbus - ok
19:12:47.0256 5068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:12:47.0257 5068 RDPCDD - ok
19:12:47.0278 5068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:12:47.0279 5068 RDPENCDD - ok
19:12:47.0283 5068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:12:47.0284 5068 RDPREFMP - ok
19:12:47.0317 5068 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:12:47.0319 5068 RDPWD - ok
19:12:47.0336 5068 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:12:47.0338 5068 rdyboost - ok
19:12:47.0365 5068 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:12:47.0368 5068 RemoteAccess - ok
19:12:47.0387 5068 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:12:47.0391 5068 RemoteRegistry - ok
19:12:47.0408 5068 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:12:47.0410 5068 RpcEptMapper - ok
19:12:47.0429 5068 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:12:47.0431 5068 RpcLocator - ok
19:12:47.0483 5068 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:12:47.0488 5068 RpcSs - ok
19:12:47.0503 5068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:12:47.0504 5068 rspndr - ok
19:12:47.0534 5068 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:12:47.0537 5068 RTL8167 - ok
19:12:47.0552 5068 RTL8187 - ok
19:12:47.0578 5068 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
19:12:47.0579 5068 RzSynapse - ok
19:12:47.0639 5068 SafeBox (92c63b7d2a4cdfa188019b5ba5d12847) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
19:12:47.0640 5068 SafeBox - ok
19:12:47.0662 5068 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:12:47.0663 5068 SamSs - ok
19:12:47.0698 5068 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:12:47.0700 5068 sbp2port - ok
19:12:47.0710 5068 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:12:47.0715 5068 SCardSvr - ok
19:12:47.0743 5068 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:12:47.0744 5068 scfilter - ok
19:12:47.0809 5068 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:12:47.0831 5068 Schedule - ok
19:12:47.0847 5068 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:12:47.0848 5068 SCPolicySvc - ok
19:12:47.0883 5068 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:12:47.0888 5068 SDRSVC - ok
19:12:47.0915 5068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:12:47.0916 5068 secdrv - ok
19:12:47.0930 5068 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:12:47.0932 5068 seclogon - ok
19:12:47.0941 5068 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:12:47.0944 5068 SENS - ok
19:12:47.0953 5068 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:12:47.0956 5068 SensrSvc - ok
19:12:47.0959 5068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:12:47.0960 5068 Serenum - ok
19:12:47.0982 5068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:12:47.0984 5068 Serial - ok
19:12:48.0009 5068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:12:48.0009 5068 sermouse - ok
19:12:48.0047 5068 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:12:48.0053 5068 SessionEnv - ok
19:12:48.0079 5068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:12:48.0080 5068 sffdisk - ok
19:12:48.0092 5068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:12:48.0093 5068 sffp_mmc - ok
19:12:48.0104 5068 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:12:48.0105 5068 sffp_sd - ok
19:12:48.0116 5068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:12:48.0116 5068 sfloppy - ok
19:12:48.0160 5068 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:12:48.0165 5068 SharedAccess - ok
19:12:48.0201 5068 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:12:48.0207 5068 ShellHWDetection - ok
19:12:48.0229 5068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:12:48.0229 5068 SiSRaid2 - ok
19:12:48.0235 5068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:12:48.0236 5068 SiSRaid4 - ok
19:12:48.0253 5068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:12:48.0254 5068 Smb - ok
19:12:48.0262 5068 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:12:48.0264 5068 SNMPTRAP - ok
19:12:48.0267 5068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:12:48.0268 5068 spldr - ok
19:12:48.0316 5068 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:12:48.0321 5068 Spooler - ok
19:12:48.0462 5068 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:12:48.0515 5068 sppsvc - ok
19:12:48.0555 5068 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:12:48.0558 5068 sppuinotify - ok
19:12:48.0605 5068 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:12:48.0610 5068 srv - ok
19:12:48.0640 5068 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:12:48.0644 5068 srv2 - ok
19:12:48.0657 5068 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:12:48.0659 5068 srvnet - ok
19:12:48.0689 5068 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:12:48.0693 5068 SSDPSRV - ok
19:12:48.0706 5068 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:12:48.0708 5068 SstpSvc - ok
19:12:48.0747 5068 Steam Client Service - ok
19:12:48.0826 5068 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:12:48.0829 5068 Stereo Service - ok
19:12:48.0842 5068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:12:48.0843 5068 stexstor - ok
19:12:48.0877 5068 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:12:48.0878 5068 StillCam - ok
19:12:48.0939 5068 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:12:48.0947 5068 stisvc - ok
19:12:48.0970 5068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:12:48.0971 5068 swenum - ok
19:12:49.0000 5068 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:12:49.0010 5068 swprv - ok
19:12:49.0099 5068 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:12:49.0118 5068 SysMain - ok
19:12:49.0161 5068 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:12:49.0165 5068 TabletInputService - ok
19:12:49.0198 5068 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:12:49.0203 5068 TapiSrv - ok
19:12:49.0209 5068 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:12:49.0212 5068 TBS - ok
19:12:49.0303 5068 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:12:49.0324 5068 Tcpip - ok
19:12:49.0425 5068 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:12:49.0437 5068 TCPIP6 - ok
19:12:49.0487 5068 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:12:49.0488 5068 tcpipreg - ok
19:12:49.0500 5068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:12:49.0501 5068 TDPIPE - ok
19:12:49.0532 5068 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:12:49.0533 5068 TDTCP - ok
19:12:49.0549 5068 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:12:49.0551 5068 tdx - ok
19:12:49.0565 5068 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:12:49.0566 5068 TermDD - ok
19:12:49.0593 5068 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:12:49.0602 5068 TermService - ok
19:12:49.0618 5068 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:12:49.0620 5068 Themes - ok
19:12:49.0639 5068 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:12:49.0640 5068 THREADORDER - ok
19:12:49.0670 5068 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:12:49.0673 5068 TrkWks - ok
19:12:49.0720 5068 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
19:12:49.0723 5068 trufos - ok
19:12:49.0743 5068 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:12:49.0745 5068 TrustedInstaller - ok
19:12:49.0781 5068 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:12:49.0782 5068 tssecsrv - ok
19:12:49.0817 5068 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:12:49.0818 5068 TsUsbFlt - ok
19:12:49.0845 5068 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:12:49.0846 5068 tunnel - ok
19:12:49.0862 5068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:12:49.0863 5068 uagp35 - ok
19:12:49.0890 5068 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:12:49.0894 5068 udfs - ok
19:12:49.0902 5068 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:12:49.0905 5068 UI0Detect - ok
19:12:49.0910 5068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:12:49.0911 5068 uliagpkx - ok
19:12:49.0945 5068 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:12:49.0946 5068 umbus - ok
19:12:49.0950 5068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:12:49.0950 5068 UmPass - ok
19:12:50.0082 5068 UPDATESRV (2b1970c804c16d887c28246db6078ec4) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
19:12:50.0083 5068 UPDATESRV - ok
19:12:50.0110 5068 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:12:50.0116 5068 upnphost - ok
19:12:50.0151 5068 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
19:12:50.0152 5068 USBAAPL64 - ok
19:12:50.0193 5068 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:12:50.0195 5068 usbaudio - ok
19:12:50.0219 5068 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:12:50.0221 5068 usbccgp - ok
19:12:50.0252 5068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:12:50.0254 5068 usbcir - ok
19:12:50.0268 5068 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:12:50.0269 5068 usbehci - ok
19:12:50.0311 5068 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:12:50.0315 5068 usbhub - ok
19:12:50.0334 5068 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
19:12:50.0334 5068 usbohci - ok
19:12:50.0349 5068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:12:50.0350 5068 usbprint - ok
19:12:50.0377 5068 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:12:50.0377 5068 usbscan - ok
19:12:50.0400 5068 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:12:50.0402 5068 USBSTOR - ok
19:12:50.0418 5068 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:12:50.0419 5068 usbuhci - ok
19:12:50.0466 5068 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:12:50.0468 5068 usbvideo - ok
19:12:50.0481 5068 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:12:50.0484 5068 UxSms - ok
19:12:50.0512 5068 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:12:50.0514 5068 VaultSvc - ok
19:12:50.0519 5068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:12:50.0519 5068 vdrvroot - ok
19:12:50.0567 5068 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:12:50.0574 5068 vds - ok
19:12:50.0604 5068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:12:50.0605 5068 vga - ok
19:12:50.0618 5068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:12:50.0619 5068 VgaSave - ok
19:12:50.0641 5068 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:12:50.0643 5068 vhdmp - ok
19:12:50.0653 5068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:12:50.0654 5068 viaide - ok
19:12:50.0680 5068 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:12:50.0681 5068 volmgr - ok
19:12:50.0721 5068 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:12:50.0726 5068 volmgrx - ok
19:12:50.0746 5068 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:12:50.0750 5068 volsnap - ok
19:12:50.0764 5068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:12:50.0766 5068 vsmraid - ok
19:12:50.0834 5068 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:12:50.0861 5068 VSS - ok
19:12:51.0120 5068 VSSERV (44a325ddd4199f68c56492b33e7e3b75) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
19:12:51.0131 5068 VSSERV - ok
19:12:51.0199 5068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:12:51.0200 5068 vwifibus - ok
19:12:51.0214 5068 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:12:51.0215 5068 vwififlt - ok
19:12:51.0239 5068 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:12:51.0253 5068 W32Time - ok
19:12:51.0259 5068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:12:51.0260 5068 WacomPen - ok
19:12:51.0303 5068 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:12:51.0305 5068 WANARP - ok
19:12:51.0307 5068 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:12:51.0308 5068 Wanarpv6 - ok
19:12:51.0388 5068 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:12:51.0407 5068 WatAdminSvc - ok
19:12:51.0500 5068 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:12:51.0530 5068 wbengine - ok
19:12:51.0567 5068 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:12:51.0572 5068 WbioSrvc - ok
19:12:51.0612 5068 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:12:51.0627 5068 wcncsvc - ok
19:12:51.0632 5068 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:12:51.0635 5068 WcsPlugInService - ok
19:12:51.0641 5068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:12:51.0642 5068 Wd - ok
19:12:51.0682 5068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:12:51.0697 5068 Wdf01000 - ok
19:12:51.0712 5068 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:12:51.0715 5068 WdiServiceHost - ok
19:12:51.0718 5068 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:12:51.0721 5068 WdiSystemHost - ok
19:12:51.0739 5068 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:12:51.0745 5068 WebClient - ok
19:12:51.0757 5068 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:12:51.0762 5068 Wecsvc - ok
19:12:51.0773 5068 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:12:51.0776 5068 wercplsupport - ok
19:12:51.0789 5068 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:12:51.0792 5068 WerSvc - ok
19:12:51.0798 5068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:12:51.0799 5068 WfpLwf - ok
19:12:51.0812 5068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:12:51.0813 5068 WIMMount - ok
19:12:51.0838 5068 WinDefend - ok
19:12:51.0844 5068 WinHttpAutoProxySvc - ok
19:12:51.0875 5068 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:12:51.0878 5068 Winmgmt - ok
19:12:51.0977 5068 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:12:52.0004 5068 WinRM - ok
19:12:52.0076 5068 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:12:52.0076 5068 WinUsb - ok
19:12:52.0126 5068 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:12:52.0137 5068 Wlansvc - ok
19:12:52.0294 5068 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:12:52.0328 5068 wlidsvc - ok
19:12:52.0371 5068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:12:52.0372 5068 WmiAcpi - ok
19:12:52.0390 5068 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:12:52.0394 5068 wmiApSrv - ok
19:12:52.0403 5068 WMPNetworkSvc - ok
19:12:52.0415 5068 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:12:52.0418 5068 WPCSvc - ok
19:12:52.0449 5068 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:12:52.0452 5068 WPDBusEnum - ok
19:12:52.0461 5068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:12:52.0462 5068 ws2ifsl - ok
19:12:52.0497 5068 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:12:52.0501 5068 wscsvc - ok
19:12:52.0504 5068 WSearch - ok
19:12:52.0631 5068 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:12:52.0672 5068 wuauserv - ok
19:12:52.0716 5068 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:12:52.0717 5068 WudfPf - ok
19:12:52.0737 5068 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:12:52.0740 5068 WUDFRd - ok
19:12:52.0755 5068 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:12:52.0757 5068 wudfsvc - ok
19:12:52.0788 5068 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:12:52.0794 5068 WwanSvc - ok
19:12:52.0836 5068 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
19:12:52.0837 5068 xusb21 - ok
19:12:52.0908 5068 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (74983addca2d9618512c088d856d6615) C:\CyberLink\PowerDVD\000.fcl
19:12:52.0910 5068 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
19:12:52.0914 5068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:12:53.0199 5068 \Device\Harddisk0\DR0 - ok
19:12:53.0202 5068 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:12:53.0224 5068 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - infected
19:12:53.0224 5068 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.c (0)
19:12:53.0248 5068 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
19:12:53.0248 5068 \Device\Harddisk1\DR1 - detected TDSS File System (1)
19:12:53.0251 5068 Boot (0x1200) (cda16d2235d095e94ada15c21246e32f) \Device\Harddisk0\DR0\Partition0
19:12:53.0252 5068 \Device\Harddisk0\DR0\Partition0 - ok
19:12:53.0255 5068 Boot (0x1200) (3ee0067d55d2f14dc75afd6760a92ae7) \Device\Harddisk1\DR1\Partition0
19:12:53.0256 5068 \Device\Harddisk1\DR1\Partition0 - ok
19:12:53.0259 5068 Boot (0x1200) (6f320cc53dc65a05b736bd7f32d028b9) \Device\Harddisk1\DR1\Partition1
19:12:53.0260 5068 \Device\Harddisk1\DR1\Partition1 - ok
19:12:53.0261 5068 ============================================================
19:12:53.0261 5068 Scan finished
19:12:53.0261 5068 ============================================================
19:12:53.0271 6124 Detected object count: 2
19:12:53.0271 6124 Actual detected object count: 2
19:13:31.0052 6124 \Device\Harddisk1\DR1\# - copied to quarantine
19:13:31.0055 6124 \Device\Harddisk1\DR1 - copied to quarantine
19:13:32.0835 6124 \Device\Harddisk1\DR1\TDLFS\cmd.dll - copied to quarantine
19:13:34.0885 6124 \Device\Harddisk1\DR1\TDLFS\cmd64.dll - copied to quarantine
19:13:34.0891 6124 \Device\Harddisk1\DR1\TDLFS\sub.dll - copied to quarantine
19:13:35.0090 6124 \Device\Harddisk1\DR1\TDLFS\subx.dll - copied to quarantine
19:13:35.0101 6124 \Device\Harddisk1\DR1\TDLFS\drv32 - copied to quarantine
19:13:35.0117 6124 \Device\Harddisk1\DR1\TDLFS\drv64 - copied to quarantine
19:13:35.0123 6124 \Device\Harddisk1\DR1\TDLFS\servers.dat - copied to quarantine
19:13:35.0134 6124 \Device\Harddisk1\DR1\TDLFS\config.ini - copied to quarantine
19:13:35.0137 6124 \Device\Harddisk1\DR1\TDLFS\ldr16 - copied to quarantine
19:13:35.0140 6124 \Device\Harddisk1\DR1\TDLFS\ldr32 - copied to quarantine
19:13:37.0248 6124 \Device\Harddisk1\DR1\TDLFS\ldr64 - copied to quarantine
19:13:37.0627 6124 \Device\Harddisk1\DR1\TDLFS\s - copied to quarantine
19:13:37.0630 6124 \Device\Harddisk1\DR1\TDLFS\ldrm - copied to quarantine
19:13:37.0715 6124 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:13:37.0737 6124 \Device\Harddisk1\DR1 - ok
19:13:45.0165 6124 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:13:45.0813 6124 \Device\Harddisk1\DR1\TDLFS\cmd.dll - copied to quarantine
19:13:46.0503 6124 \Device\Harddisk1\DR1\TDLFS\cmd64.dll - copied to quarantine
19:13:46.0550 6124 \Device\Harddisk1\DR1\TDLFS\sub.dll - copied to quarantine
19:13:47.0029 6124 \Device\Harddisk1\DR1\TDLFS\subx.dll - copied to quarantine
19:13:47.0488 6124 \Device\Harddisk1\DR1\TDLFS\drv32 - copied to quarantine
19:13:49.0139 6124 \Device\Harddisk1\DR1\TDLFS\drv64 - copied to quarantine
19:13:49.0248 6124 \Device\Harddisk1\DR1\TDLFS\servers.dat - copied to quarantine
19:13:49.0251 6124 \Device\Harddisk1\DR1\TDLFS\config.ini - copied to quarantine
19:13:49.0281 6124 \Device\Harddisk1\DR1\TDLFS\ldr16 - copied to quarantine
19:13:49.0314 6124 \Device\Harddisk1\DR1\TDLFS\ldr32 - copied to quarantine
19:13:49.0694 6124 \Device\Harddisk1\DR1\TDLFS\ldr64 - copied to quarantine
19:13:51.0513 6124 \Device\Harddisk1\DR1\TDLFS\s - copied to quarantine
19:13:51.0520 6124 \Device\Harddisk1\DR1\TDLFS\ldrm - copied to quarantine
19:13:51.0613 6124 \Device\Harddisk1\DR1\TDLFS - deleted
19:13:51.0613 6124 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Delete
19:14:49.0109 5308 Deinitialize success

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:54 PM

Posted 02 August 2012 - 06:23 PM

please make sure you reboot the machine, then run a fresh scan with List Parts

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Stubs Mckenzie

Stubs Mckenzie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 02 August 2012 - 06:26 PM

ListParts by Farbar Version: 25-07-2012
Ran by Stubs Mckenzie (administrator) on 02-08-2012 at 19:25:22
Windows 7 (X64)
Running From: C:\Users\Stubs Mckenzie\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 37%
Total physical RAM: 6142.49 MB
Available physical RAM: 3848.88 MB
Total Pagefile: 12283.18 MB
Available Pagefile: 9794.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:931.41 GB) (Free:574.96 GB) NTFS
3 Drive d: () (Fixed) (Total:186.3 GB) (Free:46.08 GB) NTFS
4 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 186 GB 9 MB
Disk 1 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 186 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Partition 186 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 931 GB Healthy Boot

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume2
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {a1672c68-643b-11df-bc46-cf6d3f7b4285}
resumeobject {a1672c67-643b-11df-bc46-cf6d3f7b4285}
displayorder {a1672c68-643b-11df-bc46-cf6d3f7b4285}
toolsdisplayorder {bdbdbd00-6057-11e0-a7f3-ce9adfd72001}
{b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {a1672c68-643b-11df-bc46-cf6d3f7b4285}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {a1672c69-643b-11df-bc46-cf6d3f7b4285}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {a1672c67-643b-11df-bc46-cf6d3f7b4285}
nx OptIn

Windows Boot Loader
-------------------
identifier {a1672c69-643b-11df-bc46-cf6d3f7b4285}
device ramdisk=[C:]\Recovery\a1672c69-643b-11df-bc46-cf6d3f7b4285\Winre.wim,{a1672c6a-643b-11df-bc46-cf6d3f7b4285}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\a1672c69-643b-11df-bc46-cf6d3f7b4285\Winre.wim,{a1672c6a-643b-11df-bc46-cf6d3f7b4285}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {a1672c67-643b-11df-bc46-cf6d3f7b4285}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume2
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Real-mode Boot Sector
---------------------
identifier {bdbdbd00-6057-11e0-a7f3-ce9adfd72001}
device partition=C:
path \bdr-ld01.mbr
description Bitdefender Rescue Mode - Windows 7 Home Premium SP 1 (x64)

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {a1672c6a-643b-11df-bc46-cf6d3f7b4285}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\a1672c69-643b-11df-bc46-cf6d3f7b4285\boot.sdi


****** End Of Log ******




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users