Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Unknown virus & PC keeps connecting to various IPs


  • This topic is locked This topic is locked
14 replies to this topic

#1 IB380

IB380

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 29 September 2012 - 03:14 PM

Hey,
I have a problem for a couple of days. PC is connecting to some IPs i do not recognize ( 174.35.4.135:80, 174.35.4.147:80 ) and I don't understand why. Also, I've noticed my router keeps blinking constantly even if i don't do anything on my PC ( it didn't used to do that til a couple of days ago ) and also the red LED button from my PC is constantly blinking, even if i let my system IDLE ( just restart, let it x minutes and don't touch any key, don't move mouse pointer ). It keeps blinking indefinitely.

Thanks in advance for your help :)


Here is the DDS report file:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by XVF at 23:00:52 on 2012-09-29
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16296.13564 [GMT 3:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
uRun: [ASRockXTU]
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRunOnce: [LastApplyCpuRatio] 34
uRunOnce: [ASRXTURUNNING] 0
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6FBD9D53-99D7-4017-90C1-1E625DB65C11} : NameServer = 86.106.133.2 86.106.133.3
TCP: Interfaces\{CE5DC57A-1726-448B-8642-56D28E4106A3} : DhcpNameServer = 192.168.1.1 192.168.1.1
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\XVF\AppData\Roaming\Mozilla\Firefox\Profiles\xzzqiqax.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\XVF\AppData\Roaming\Mozilla\Firefox\Profiles\xzzqiqax.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 RtDashPt;Realtek DASH Protocol Driver;C:\Windows\system32\DRIVERS\RtDashPt.sys --> C:\Windows\system32\DRIVERS\RtDashPt.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-24 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-10 114144]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
.
=============== Created Last 30 ================
.
2012-09-29 19:09:55 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-29 19:07:33 -------- d-----w- C:\Users\XVF\AppData\Roaming\QuickScan
2012-09-29 18:51:52 -------- d-----w- C:\Users\XVF\AppData\Roaming\Malwarebytes
2012-09-29 18:51:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-29 18:51:45 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-29 18:51:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-26 16:41:55 -------- d-----w- C:\Users\XVF\AppData\Local\Avg2013
2012-09-26 16:23:29 -------- d-----w- C:\Users\XVF\AppData\Roaming\TuneUp Software
2012-09-26 16:20:49 -------- d--h--w- C:\ProgramData\Common Files
2012-09-26 16:20:49 -------- d-----w- C:\Users\XVF\AppData\Local\MFAData
2012-09-26 16:20:49 -------- d-----w- C:\ProgramData\MFAData
2012-09-20 20:57:04 -------- d-----w- C:\Program Files (x86)\Video Cutter
2012-09-20 20:51:00 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-09-20 12:07:03 -------- d-----w- C:\Program Files (x86)\MSECache
.
==================== Find3M ====================
.
2012-08-25 07:39:20 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 07:39:20 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 23:01:00.73 ===============

Edited by IB380, 29 September 2012 - 03:15 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 29 September 2012 - 08:42 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 IB380

IB380
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 30 September 2012 - 06:37 PM

Hey, thanks for your quick reply. Not quite sure why I got this, but here's the situation:
1.-AdwCleaner- report is named AdwCleaner[S2] instead AdwCleaner[S1] and it's the only report i have in C:\
Here's the report:

# AdwCleaner v2.003 - Logfile created 10/01/2012 at 02:19:43
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : XVF - XVF-PC
# Boot Mode : Normal
# Running from : C:\Users\XVF\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\XVF\AppData\Local\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\XVF\AppData\Roaming\Mozilla\Firefox\Profiles\xzzqiqax.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1535 octets] - [01/10/2012 02:19:43]

########## EOF - C:\AdwCleaner[S2].txt - [1595 octets] ##########

and

2.--RogueKiller-- I don't know if i should hit "Delete" button only once, so I've done it three times, till i got rid of all the results. Here are the reports, in chronological order:
RKreport[1]
RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : XVF [Admin rights]
Mode : Scan -- Date : 10/01/2012 02:23:03

§§§ Bad processes : 0 §§§

§§§ Registry Entries : 6 §§§
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

§§§ Particular Files / Folders: §§§

§§§ Driver : [NOT LOADED] §§§

§§§ HOSTS File: §§§
--> C:\Windows\system32\drivers\etc\hosts



§§§ MBR Check: §§§

+++++ PhysicalDrive0: OCZ-AGILITY3 ATA Device +++++
--- User ---
[MBR] 846eefca2626a4916eb12f109b637f74
[BSP] 4d6c440cccc65d0eaac54fc4a1885e98 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RKreport[2]
RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : XVF [Admin rights]
Mode : Remove -- Date : 10/01/2012 02:23:16

§§§ Bad processes : 0 §§§

§§§ Registry Entries : 4 §§§
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

§§§ Particular Files / Folders: §§§

§§§ Driver : [NOT LOADED] §§§

§§§ HOSTS File: §§§
--> C:\Windows\system32\drivers\etc\hosts



§§§ MBR Check: §§§

+++++ PhysicalDrive0: OCZ-AGILITY3 ATA Device +++++
--- User ---
[MBR] 846eefca2626a4916eb12f109b637f74
[BSP] 4d6c440cccc65d0eaac54fc4a1885e98 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RKreport[3]
RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : XVF [Admin rights]
Mode : Remove -- Date : 10/01/2012 02:23:22

§§§ Bad processes : 0 §§§

§§§ Registry Entries : 0 §§§

§§§ Particular Files / Folders: §§§

§§§ Driver : [NOT LOADED] §§§

§§§ HOSTS File: §§§
--> C:\Windows\system32\drivers\etc\hosts



§§§ MBR Check: §§§

+++++ PhysicalDrive0: OCZ-AGILITY3 ATA Device +++++
--- User ---
[MBR] 846eefca2626a4916eb12f109b637f74
[BSP] 4d6c440cccc65d0eaac54fc4a1885e98 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



Waiting for further instructions whenever you have time. I'll check the thread daily or multiple times a day anyway.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 01 October 2012 - 12:32 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 IB380

IB380
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 October 2012 - 02:57 AM

1. Here's the ComboFix Log:

ComboFix 12-09-30.01 - XVF 10/01/2012 10:25:29.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16296.14691 [GMT 3:00]
Running from: c:\users\XVF\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-10-01 07:27 . 2012-10-01 07:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-29 19:07 . 2012-09-29 19:07 -------- d-----w- c:\users\XVF\AppData\Roaming\QuickScan
2012-09-29 18:51 . 2012-09-29 18:51 -------- d-----w- c:\users\XVF\AppData\Roaming\Malwarebytes
2012-09-29 18:51 . 2012-09-29 18:51 -------- d-----w- c:\programdata\Malwarebytes
2012-09-26 16:41 . 2012-09-26 16:41 -------- d-----w- c:\users\XVF\AppData\Local\Avg2013
2012-09-26 16:23 . 2012-09-26 16:23 -------- d-----w- c:\users\XVF\AppData\Roaming\TuneUp Software
2012-09-26 16:20 . 2012-09-26 16:42 -------- d-----w- c:\programdata\MFAData
2012-09-26 16:20 . 2012-09-26 16:20 -------- d--h--w- c:\programdata\Common Files
2012-09-26 16:20 . 2012-09-26 16:20 -------- d-----w- c:\users\XVF\AppData\Local\MFAData
2012-09-20 20:57 . 2012-09-20 20:57 -------- d-----w- c:\program files (x86)\Video Cutter
2012-09-20 20:51 . 2012-09-20 21:24 -------- d-----w- c:\users\XVF\AppData\Roaming\vlc
2012-09-20 20:51 . 2012-09-21 11:54 -------- d-----w- c:\program files (x86)\VideoLAN
2012-09-20 12:07 . 2012-09-20 12:07 -------- d-----w- c:\program files (x86)\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 07:39 . 2012-05-24 16:02 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 07:39 . 2012-05-24 16:02 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 RtDashPt;Realtek DASH Protocol Driver;c:\windows\system32\DRIVERS\RtDashPt.sys [2011-09-19 38504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-12-27 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AXTUDRV
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-01 c:\windows\Tasks\RtlDashSrvStart.job
- c:\program files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe [2011-09-22 12:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\XVF\AppData\Roaming\Mozilla\Firefox\Profiles\xzzqiqax.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-01 10:28:13
ComboFix-quarantined-files.txt 2012-10-01 07:28
.
Pre-Run: 12,781,047,808 bytes free
Post-Run: 12,694,335,488 bytes free
.
- - End Of File - - FF62F8E7BFCE2BC2C77E21C6724535F1



2. I didn't have any problems at all while running Combofix.

3. Still the same symptoms: "my router keeps blinking constantly even if i don't do anything on my PC ( it didn't used to do that til a couple of days ago ) and also the red LED button from my PC is constantly blinking, even if i let my system IDLE ( just restart, let it x minutes and don't touch any key, don't move mouse pointer ). It keeps blinking indefinitely. "
I have tested the router with another PC and the LED from router (LAN 1, for example ) is not blinking with the other PC. It only blinks while I'm using this PC and that makes me think this one have a problem. I know you didn't ask for it, but here's the netstat -n, checked after every restart ( done it like 4-5 times to make sure there are the same results )
Proto Local Address Foreign Address State
TCP 127.0.0.1:5357 127.0.0.1:49158 TIME_WAIT
TCP 127.0.0.1:5357 127.0.0.1:49159 TIME_WAIT
TCP 127.0.0.1:5357 127.0.0.1:49175 TIME_WAIT
TCP 127.0.0.1:5357 127.0.0.1:49176 TIME_WAIT
TCP 192.168.1.2:49156 213.199.181.90:80 TIME_WAIT
TCP 192.168.1.2:49162 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49163 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49164 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49165 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49166 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49167 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49168 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49169 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49170 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49171 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49172 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49173 192.168.1.1:37215 TIME_WAIT
TCP 192.168.1.2:49174 192.168.1.1:37215 TIME_WAIT
TCP [::1]:2869 [::1]:49160 TIME_WAIT
TCP [::1]:2869 [::1]:49161 ESTABLISHED
TCP [::1]:49161 [::1]:2869 ESTABLISHED

Meanwhile, I have removed all the programs I could from the startup ( except Realtek HD Audio Manager ) using msconfig.exe in order to obtain a more accurate netstat -n list

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 01 October 2012 - 06:00 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 IB380

IB380
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 October 2012 - 11:41 AM

1. TDSS Report:


19:35:23.0926 3860 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:35:24.0254 3860 ============================================================
19:35:24.0254 3860 Current date / time: 2012/10/01 19:35:24.0254
19:35:24.0254 3860 SystemInfo:
19:35:24.0254 3860
19:35:24.0254 3860 OS Version: 6.1.7600 ServicePack: 0.0
19:35:24.0254 3860 Product type: Workstation
19:35:24.0254 3860 ComputerName: XVF-PC
19:35:24.0254 3860 UserName: XVF
19:35:24.0254 3860 Windows directory: C:\Windows
19:35:24.0254 3860 System windows directory: C:\Windows
19:35:24.0254 3860 Running under WOW64
19:35:24.0254 3860 Processor architecture: Intel x64
19:35:24.0254 3860 Number of processors: 8
19:35:24.0254 3860 Page size: 0x1000
19:35:24.0254 3860 Boot type: Normal boot
19:35:24.0254 3860 ============================================================
19:35:24.0504 3860 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:35:24.0504 3860 ============================================================
19:35:24.0504 3860 \Device\Harddisk0\DR0:
19:35:24.0504 3860 MBR partitions:
19:35:24.0504 3860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:35:24.0504 3860 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
19:35:24.0504 3860 ============================================================
19:35:24.0504 3860 C: <-> \Device\Harddisk0\DR0\Partition2
19:35:24.0504 3860 ============================================================
19:35:24.0504 3860 Initialize success
19:35:24.0504 3860 ============================================================
19:35:31.0321 3160 ============================================================
19:35:31.0321 3160 Scan started
19:35:31.0321 3160 Mode: Manual;
19:35:31.0321 3160 ============================================================
19:35:31.0368 3160 ================ Scan system memory ========================
19:35:31.0368 3160 System memory - ok
19:35:31.0368 3160 ================ Scan services =============================
19:35:31.0399 3160 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:35:31.0399 3160 1394ohci - ok
19:35:31.0414 3160 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:35:31.0414 3160 ACPI - ok
19:35:31.0414 3160 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:35:31.0414 3160 AcpiPmi - ok
19:35:31.0414 3160 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:35:31.0414 3160 AdobeARMservice - ok
19:35:31.0430 3160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:35:31.0430 3160 adp94xx - ok
19:35:31.0430 3160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:35:31.0430 3160 adpahci - ok
19:35:31.0446 3160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:35:31.0446 3160 adpu320 - ok
19:35:31.0446 3160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:35:31.0446 3160 AeLookupSvc - ok
19:35:31.0461 3160 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
19:35:31.0461 3160 AFD - ok
19:35:31.0461 3160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:35:31.0461 3160 agp440 - ok
19:35:31.0461 3160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:35:31.0461 3160 ALG - ok
19:35:31.0461 3160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:35:31.0461 3160 aliide - ok
19:35:31.0477 3160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:35:31.0477 3160 amdide - ok
19:35:31.0477 3160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:35:31.0477 3160 AmdK8 - ok
19:35:31.0477 3160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:35:31.0477 3160 AmdPPM - ok
19:35:31.0477 3160 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
19:35:31.0477 3160 amdsata - ok
19:35:31.0477 3160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:35:31.0492 3160 amdsbs - ok
19:35:31.0492 3160 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
19:35:31.0492 3160 amdxata - ok
19:35:31.0492 3160 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
19:35:31.0492 3160 androidusb - ok
19:35:31.0492 3160 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
19:35:31.0492 3160 AppID - ok
19:35:31.0492 3160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:35:31.0492 3160 AppIDSvc - ok
19:35:31.0492 3160 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
19:35:31.0492 3160 Appinfo - ok
19:35:31.0508 3160 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:35:31.0508 3160 AppMgmt - ok
19:35:31.0508 3160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:35:31.0508 3160 arc - ok
19:35:31.0508 3160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:35:31.0508 3160 arcsas - ok
19:35:31.0508 3160 [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
19:35:31.0508 3160 asmthub3 - ok
19:35:31.0524 3160 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
19:35:31.0524 3160 asmtxhci - ok
19:35:31.0524 3160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:31.0524 3160 AsyncMac - ok
19:35:31.0524 3160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:35:31.0524 3160 atapi - ok
19:35:31.0539 3160 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:35:31.0539 3160 AudioEndpointBuilder - ok
19:35:31.0555 3160 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:35:31.0555 3160 AudioSrv - ok
19:35:31.0555 3160 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:35:31.0555 3160 AxInstSV - ok
19:35:31.0570 3160 AxtuDrv - ok
19:35:31.0586 3160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:35:31.0586 3160 b06bdrv - ok
19:35:31.0586 3160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:35:31.0586 3160 b57nd60a - ok
19:35:31.0602 3160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:35:31.0602 3160 BDESVC - ok
19:35:31.0602 3160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:35:31.0602 3160 Beep - ok
19:35:31.0617 3160 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
19:35:31.0617 3160 BFE - ok
19:35:31.0633 3160 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
19:35:31.0633 3160 BITS - ok
19:35:31.0633 3160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:35:31.0633 3160 blbdrive - ok
19:35:31.0648 3160 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:35:31.0648 3160 bowser - ok
19:35:31.0648 3160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:35:31.0648 3160 BrFiltLo - ok
19:35:31.0648 3160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:35:31.0648 3160 BrFiltUp - ok
19:35:31.0648 3160 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:35:31.0648 3160 BridgeMP - ok
19:35:31.0648 3160 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
19:35:31.0648 3160 Browser - ok
19:35:31.0664 3160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:35:31.0664 3160 Brserid - ok
19:35:31.0664 3160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:35:31.0664 3160 BrSerWdm - ok
19:35:31.0664 3160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:35:31.0664 3160 BrUsbMdm - ok
19:35:31.0664 3160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:35:31.0664 3160 BrUsbSer - ok
19:35:31.0664 3160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:35:31.0664 3160 BTHMODEM - ok
19:35:31.0680 3160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:35:31.0680 3160 bthserv - ok
19:35:31.0680 3160 catchme - ok
19:35:31.0680 3160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:35:31.0680 3160 cdfs - ok
19:35:31.0680 3160 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:35:31.0680 3160 cdrom - ok
19:35:31.0695 3160 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
19:35:31.0695 3160 CertPropSvc - ok
19:35:31.0695 3160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:35:31.0695 3160 circlass - ok
19:35:31.0695 3160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:35:31.0711 3160 CLFS - ok
19:35:31.0711 3160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:31.0711 3160 clr_optimization_v2.0.50727_32 - ok
19:35:31.0726 3160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:35:31.0726 3160 clr_optimization_v2.0.50727_64 - ok
19:35:31.0726 3160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:31.0726 3160 CmBatt - ok
19:35:31.0726 3160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:35:31.0726 3160 cmdide - ok
19:35:31.0726 3160 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
19:35:31.0742 3160 CNG - ok
19:35:31.0742 3160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:35:31.0742 3160 Compbatt - ok
19:35:31.0742 3160 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:35:31.0742 3160 CompositeBus - ok
19:35:31.0742 3160 COMSysApp - ok
19:35:31.0742 3160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:35:31.0742 3160 crcdisk - ok
19:35:31.0742 3160 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:35:31.0758 3160 CryptSvc - ok
19:35:31.0758 3160 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
19:35:31.0758 3160 CSC - ok
19:35:31.0773 3160 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
19:35:31.0773 3160 CscService - ok
19:35:31.0789 3160 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:35:31.0789 3160 DcomLaunch - ok
19:35:31.0804 3160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:35:31.0804 3160 defragsvc - ok
19:35:31.0804 3160 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:35:31.0804 3160 DfsC - ok
19:35:31.0804 3160 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
19:35:31.0820 3160 Dhcp - ok
19:35:31.0820 3160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:35:31.0820 3160 discache - ok
19:35:31.0820 3160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:35:31.0820 3160 Disk - ok
19:35:31.0820 3160 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:35:31.0820 3160 Dnscache - ok
19:35:31.0836 3160 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
19:35:31.0836 3160 dot3svc - ok
19:35:31.0836 3160 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
19:35:31.0851 3160 DPS - ok
19:35:31.0851 3160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:35:31.0851 3160 drmkaud - ok
19:35:31.0867 3160 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:35:31.0867 3160 DXGKrnl - ok
19:35:31.0867 3160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:35:31.0867 3160 EapHost - ok
19:35:31.0898 3160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:35:31.0914 3160 ebdrv - ok
19:35:31.0914 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
19:35:31.0929 3160 EFS - ok
19:35:31.0929 3160 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:35:31.0929 3160 ehRecvr - ok
19:35:31.0945 3160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:35:31.0945 3160 ehSched - ok
19:35:31.0945 3160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:35:31.0945 3160 elxstor - ok
19:35:31.0960 3160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:35:31.0960 3160 ErrDev - ok
19:35:31.0960 3160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:35:31.0960 3160 EventSystem - ok
19:35:31.0976 3160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:35:31.0976 3160 exfat - ok
19:35:31.0976 3160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:35:31.0976 3160 fastfat - ok
19:35:31.0992 3160 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
19:35:31.0992 3160 Fax - ok
19:35:31.0992 3160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:35:31.0992 3160 fdc - ok
19:35:31.0992 3160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:35:31.0992 3160 fdPHost - ok
19:35:32.0007 3160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:35:32.0007 3160 FDResPub - ok
19:35:32.0007 3160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:35:32.0007 3160 FileInfo - ok
19:35:32.0007 3160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:35:32.0007 3160 Filetrace - ok
19:35:32.0007 3160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:32.0007 3160 flpydisk - ok
19:35:32.0007 3160 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:35:32.0023 3160 FltMgr - ok
19:35:32.0023 3160 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
19:35:32.0038 3160 FontCache - ok
19:35:32.0038 3160 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:35:32.0038 3160 FontCache3.0.0.0 - ok
19:35:32.0038 3160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:35:32.0038 3160 FsDepends - ok
19:35:32.0038 3160 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:35:32.0038 3160 Fs_Rec - ok
19:35:32.0054 3160 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:35:32.0054 3160 fvevol - ok
19:35:32.0054 3160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:35:32.0054 3160 gagp30kx - ok
19:35:32.0070 3160 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
19:35:32.0070 3160 gpsvc - ok
19:35:32.0085 3160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:35:32.0085 3160 hcw85cir - ok
19:35:32.0085 3160 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:35:32.0085 3160 HdAudAddService - ok
19:35:32.0085 3160 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:35:32.0085 3160 HDAudBus - ok
19:35:32.0101 3160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:35:32.0101 3160 HidBatt - ok
19:35:32.0101 3160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:35:32.0101 3160 HidBth - ok
19:35:32.0101 3160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:35:32.0101 3160 HidIr - ok
19:35:32.0101 3160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:35:32.0101 3160 hidserv - ok
19:35:32.0101 3160 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:35:32.0101 3160 HidUsb - ok
19:35:32.0116 3160 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:35:32.0116 3160 hkmsvc - ok
19:35:32.0116 3160 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:35:32.0116 3160 HomeGroupListener - ok
19:35:32.0116 3160 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:35:32.0132 3160 HomeGroupProvider - ok
19:35:32.0132 3160 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:35:32.0132 3160 HpSAMD - ok
19:35:32.0132 3160 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:35:32.0148 3160 HTTP - ok
19:35:32.0148 3160 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:35:32.0148 3160 hwpolicy - ok
19:35:32.0148 3160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:35:32.0148 3160 i8042prt - ok
19:35:32.0148 3160 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
19:35:32.0163 3160 iaStorV - ok
19:35:32.0163 3160 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:35:32.0179 3160 idsvc - ok
19:35:32.0179 3160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:35:32.0179 3160 iirsp - ok
19:35:32.0179 3160 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
19:35:32.0194 3160 IKEEXT - ok
19:35:32.0241 3160 [ 718A4008EE5DA174400396B27509EF82 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:35:32.0241 3160 IntcAzAudAddService - ok
19:35:32.0257 3160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:35:32.0257 3160 intelide - ok
19:35:32.0257 3160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:35:32.0257 3160 intelppm - ok
19:35:32.0257 3160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:35:32.0257 3160 IPBusEnum - ok
19:35:32.0257 3160 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:32.0257 3160 IpFilterDriver - ok
19:35:32.0272 3160 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:35:32.0272 3160 iphlpsvc - ok
19:35:32.0272 3160 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:35:32.0272 3160 IPMIDRV - ok
19:35:32.0288 3160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:35:32.0288 3160 IPNAT - ok
19:35:32.0288 3160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:35:32.0288 3160 IRENUM - ok
19:35:32.0288 3160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:35:32.0288 3160 isapnp - ok
19:35:32.0288 3160 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:35:32.0288 3160 iScsiPrt - ok
19:35:32.0304 3160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:32.0304 3160 kbdclass - ok
19:35:32.0304 3160 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:35:32.0304 3160 kbdhid - ok
19:35:32.0304 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
19:35:32.0304 3160 KeyIso - ok
19:35:32.0304 3160 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:35:32.0304 3160 KSecDD - ok
19:35:32.0304 3160 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:35:32.0304 3160 KSecPkg - ok
19:35:32.0319 3160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:35:32.0319 3160 ksthunk - ok
19:35:32.0319 3160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:35:32.0319 3160 KtmRm - ok
19:35:32.0319 3160 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:35:32.0335 3160 LanmanServer - ok
19:35:32.0335 3160 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:35:32.0335 3160 LanmanWorkstation - ok
19:35:32.0335 3160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:35:32.0335 3160 lltdio - ok
19:35:32.0335 3160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:35:32.0350 3160 lltdsvc - ok
19:35:32.0350 3160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:35:32.0350 3160 lmhosts - ok
19:35:32.0350 3160 [ 9AD4BEE2FE76D4CA39AC969B617E94FB ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:35:32.0350 3160 LMS - ok
19:35:32.0366 3160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:35:32.0366 3160 LSI_FC - ok
19:35:32.0366 3160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:35:32.0366 3160 LSI_SAS - ok
19:35:32.0366 3160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:35:32.0366 3160 LSI_SAS2 - ok
19:35:32.0366 3160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:35:32.0366 3160 LSI_SCSI - ok
19:35:32.0366 3160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:35:32.0366 3160 luafv - ok
19:35:32.0382 3160 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
19:35:32.0382 3160 MBfilt - ok
19:35:32.0382 3160 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:35:32.0382 3160 Mcx2Svc - ok
19:35:32.0382 3160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:35:32.0382 3160 megasas - ok
19:35:32.0382 3160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:35:32.0382 3160 MegaSR - ok
19:35:32.0397 3160 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:35:32.0397 3160 MEIx64 - ok
19:35:32.0397 3160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:35:32.0397 3160 MMCSS - ok
19:35:32.0397 3160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:35:32.0397 3160 Modem - ok
19:35:32.0397 3160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:35:32.0397 3160 monitor - ok
19:35:32.0397 3160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:35:32.0397 3160 mouclass - ok
19:35:32.0413 3160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:35:32.0413 3160 mouhid - ok
19:35:32.0413 3160 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:35:32.0413 3160 mountmgr - ok
19:35:32.0413 3160 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:35:32.0413 3160 MozillaMaintenance - ok
19:35:32.0413 3160 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:35:32.0413 3160 mpio - ok
19:35:32.0428 3160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:35:32.0428 3160 mpsdrv - ok
19:35:32.0444 3160 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:35:32.0444 3160 MpsSvc - ok
19:35:32.0444 3160 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:35:32.0460 3160 MRxDAV - ok
19:35:32.0460 3160 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:32.0460 3160 mrxsmb - ok
19:35:32.0460 3160 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:32.0475 3160 mrxsmb10 - ok
19:35:32.0475 3160 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:32.0475 3160 mrxsmb20 - ok
19:35:32.0475 3160 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
19:35:32.0475 3160 msahci - ok
19:35:32.0475 3160 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:35:32.0475 3160 msdsm - ok
19:35:32.0491 3160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:35:32.0491 3160 MSDTC - ok
19:35:32.0491 3160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:35:32.0491 3160 Msfs - ok
19:35:32.0491 3160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:35:32.0491 3160 mshidkmdf - ok
19:35:32.0491 3160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:35:32.0491 3160 msisadrv - ok
19:35:32.0491 3160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:35:32.0491 3160 MSiSCSI - ok
19:35:32.0506 3160 msiserver - ok
19:35:32.0506 3160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:35:32.0506 3160 MSKSSRV - ok
19:35:32.0506 3160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:32.0506 3160 MSPCLOCK - ok
19:35:32.0506 3160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:35:32.0506 3160 MSPQM - ok
19:35:32.0506 3160 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:35:32.0522 3160 MsRPC - ok
19:35:32.0522 3160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:35:32.0522 3160 mssmbios - ok
19:35:32.0522 3160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:35:32.0522 3160 MSTEE - ok
19:35:32.0522 3160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:35:32.0522 3160 MTConfig - ok
19:35:32.0522 3160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:35:32.0522 3160 Mup - ok
19:35:32.0538 3160 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
19:35:32.0538 3160 napagent - ok
19:35:32.0538 3160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:35:32.0538 3160 NativeWifiP - ok
19:35:32.0553 3160 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:35:32.0569 3160 NDIS - ok
19:35:32.0569 3160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:35:32.0569 3160 NdisCap - ok
19:35:32.0569 3160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:32.0569 3160 NdisTapi - ok
19:35:32.0569 3160 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:32.0569 3160 Ndisuio - ok
19:35:32.0584 3160 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:32.0584 3160 NdisWan - ok
19:35:32.0584 3160 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:35:32.0584 3160 NDProxy - ok
19:35:32.0584 3160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:35:32.0584 3160 NetBIOS - ok
19:35:32.0584 3160 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:35:32.0600 3160 NetBT - ok
19:35:32.0600 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
19:35:32.0600 3160 Netlogon - ok
19:35:32.0600 3160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:35:32.0600 3160 Netman - ok
19:35:32.0616 3160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:35:32.0616 3160 netprofm - ok
19:35:32.0616 3160 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:32.0616 3160 NetTcpPortSharing - ok
19:35:32.0631 3160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:35:32.0631 3160 nfrd960 - ok
19:35:32.0631 3160 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:35:32.0631 3160 NlaSvc - ok
19:35:32.0631 3160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:35:32.0631 3160 Npfs - ok
19:35:32.0631 3160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:35:32.0647 3160 nsi - ok
19:35:32.0647 3160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:35:32.0647 3160 nsiproxy - ok
19:35:32.0662 3160 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:35:32.0678 3160 Ntfs - ok
19:35:32.0678 3160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:35:32.0678 3160 Null - ok
19:35:32.0678 3160 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:35:32.0678 3160 NVHDA - ok
19:35:32.0818 3160 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:35:32.0865 3160 nvlddmkm - ok
19:35:32.0881 3160 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
19:35:32.0881 3160 nvraid - ok
19:35:32.0881 3160 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
19:35:32.0881 3160 nvstor - ok
19:35:32.0896 3160 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:35:32.0896 3160 nvsvc - ok
19:35:32.0896 3160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:35:32.0912 3160 nv_agp - ok
19:35:32.0912 3160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:35:32.0912 3160 ohci1394 - ok
19:35:32.0912 3160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:35:32.0912 3160 p2pimsvc - ok
19:35:32.0928 3160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:35:32.0928 3160 p2psvc - ok
19:35:32.0928 3160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:35:32.0928 3160 Parport - ok
19:35:32.0943 3160 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:35:32.0943 3160 partmgr - ok
19:35:32.0943 3160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:35:32.0943 3160 PcaSvc - ok
19:35:32.0943 3160 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
19:35:32.0943 3160 pci - ok
19:35:32.0959 3160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:35:32.0959 3160 pciide - ok
19:35:32.0959 3160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:35:32.0959 3160 pcmcia - ok
19:35:32.0959 3160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:35:32.0959 3160 pcw - ok
19:35:32.0974 3160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:35:32.0974 3160 PEAUTH - ok
19:35:32.0990 3160 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:35:33.0006 3160 PeerDistSvc - ok
19:35:33.0006 3160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:35:33.0006 3160 PerfHost - ok
19:35:33.0021 3160 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
19:35:33.0037 3160 pla - ok
19:35:33.0037 3160 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:35:33.0052 3160 PlugPlay - ok
19:35:33.0052 3160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:35:33.0052 3160 PNRPAutoReg - ok
19:35:33.0052 3160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:35:33.0052 3160 PNRPsvc - ok
19:35:33.0068 3160 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:35:33.0068 3160 PolicyAgent - ok
19:35:33.0068 3160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:35:33.0068 3160 Power - ok
19:35:33.0068 3160 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:35:33.0084 3160 PptpMiniport - ok
19:35:33.0084 3160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:35:33.0084 3160 Processor - ok
19:35:33.0084 3160 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
19:35:33.0084 3160 ProfSvc - ok
19:35:33.0084 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:35:33.0084 3160 ProtectedStorage - ok
19:35:33.0099 3160 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:35:33.0099 3160 Psched - ok
19:35:33.0115 3160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:35:33.0130 3160 ql2300 - ok
19:35:33.0130 3160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:35:33.0130 3160 ql40xx - ok
19:35:33.0130 3160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:35:33.0130 3160 QWAVE - ok
19:35:33.0130 3160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:35:33.0130 3160 QWAVEdrv - ok
19:35:33.0130 3160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:35:33.0146 3160 RasAcd - ok
19:35:33.0146 3160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:35:33.0146 3160 RasAgileVpn - ok
19:35:33.0146 3160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:35:33.0146 3160 RasAuto - ok
19:35:33.0146 3160 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:33.0146 3160 Rasl2tp - ok
19:35:33.0162 3160 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
19:35:33.0162 3160 RasMan - ok
19:35:33.0162 3160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:33.0162 3160 RasPppoe - ok
19:35:33.0162 3160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:35:33.0162 3160 RasSstp - ok
19:35:33.0177 3160 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:35:33.0177 3160 rdbss - ok
19:35:33.0177 3160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:35:33.0177 3160 rdpbus - ok
19:35:33.0177 3160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:33.0177 3160 RDPCDD - ok
19:35:33.0177 3160 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:35:33.0177 3160 RDPDR - ok
19:35:33.0193 3160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:35:33.0193 3160 RDPENCDD - ok
19:35:33.0193 3160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:35:33.0193 3160 RDPREFMP - ok
19:35:33.0193 3160 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:35:33.0193 3160 RDPWD - ok
19:35:33.0193 3160 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:35:33.0208 3160 rdyboost - ok
19:35:33.0208 3160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:35:33.0208 3160 RemoteAccess - ok
19:35:33.0208 3160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:35:33.0208 3160 RemoteRegistry - ok
19:35:33.0208 3160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:35:33.0208 3160 RpcEptMapper - ok
19:35:33.0224 3160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:35:33.0224 3160 RpcLocator - ok
19:35:33.0224 3160 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
19:35:33.0224 3160 RpcSs - ok
19:35:33.0224 3160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:35:33.0224 3160 rspndr - ok
19:35:33.0240 3160 [ 4027B421EDB55BE6086F531234B57B0A ] RtDashPt C:\Windows\system32\DRIVERS\RtDashPt.sys
19:35:33.0240 3160 RtDashPt - ok
19:35:33.0240 3160 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:35:33.0240 3160 RTL8167 - ok
19:35:33.0240 3160 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
19:35:33.0240 3160 s3cap - ok
19:35:33.0240 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
19:35:33.0255 3160 SamSs - ok
19:35:33.0255 3160 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:35:33.0255 3160 sbp2port - ok
19:35:33.0255 3160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:35:33.0255 3160 SCardSvr - ok
19:35:33.0255 3160 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:35:33.0255 3160 scfilter - ok
19:35:33.0271 3160 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
19:35:33.0286 3160 Schedule - ok
19:35:33.0286 3160 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:35:33.0286 3160 SCPolicySvc - ok
19:35:33.0286 3160 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:35:33.0286 3160 SDRSVC - ok
19:35:33.0286 3160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:35:33.0286 3160 secdrv - ok
19:35:33.0286 3160 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
19:35:33.0302 3160 seclogon - ok
19:35:33.0302 3160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:35:33.0302 3160 SENS - ok
19:35:33.0302 3160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:35:33.0302 3160 SensrSvc - ok
19:35:33.0302 3160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:35:33.0302 3160 Serenum - ok
19:35:33.0302 3160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:35:33.0302 3160 Serial - ok
19:35:33.0318 3160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:35:33.0318 3160 sermouse - ok
19:35:33.0318 3160 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
19:35:33.0318 3160 SessionEnv - ok
19:35:33.0318 3160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:35:33.0318 3160 sffdisk - ok
19:35:33.0318 3160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:35:33.0318 3160 sffp_mmc - ok
19:35:33.0318 3160 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:35:33.0318 3160 sffp_sd - ok
19:35:33.0333 3160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:35:33.0333 3160 sfloppy - ok
19:35:33.0333 3160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:35:33.0333 3160 SharedAccess - ok
19:35:33.0333 3160 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:35:33.0349 3160 ShellHWDetection - ok
19:35:33.0349 3160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:35:33.0349 3160 SiSRaid2 - ok
19:35:33.0349 3160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:35:33.0349 3160 SiSRaid4 - ok
19:35:33.0349 3160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:35:33.0349 3160 Smb - ok
19:35:33.0349 3160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:35:33.0349 3160 SNMPTRAP - ok
19:35:33.0364 3160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:35:33.0364 3160 spldr - ok
19:35:33.0364 3160 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
19:35:33.0380 3160 Spooler - ok
19:35:33.0411 3160 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
19:35:33.0458 3160 sppsvc - ok
19:35:33.0458 3160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:35:33.0458 3160 sppuinotify - ok
19:35:33.0474 3160 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:35:33.0474 3160 srv - ok
19:35:33.0474 3160 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:35:33.0489 3160 srv2 - ok
19:35:33.0489 3160 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:35:33.0489 3160 srvnet - ok
19:35:33.0489 3160 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
19:35:33.0489 3160 ssadbus - ok
19:35:33.0489 3160 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:35:33.0505 3160 ssadmdfl - ok
19:35:33.0505 3160 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
19:35:33.0505 3160 ssadmdm - ok
19:35:33.0505 3160 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
19:35:33.0505 3160 sscdbus - ok
19:35:33.0505 3160 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:35:33.0505 3160 sscdmdfl - ok
19:35:33.0520 3160 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
19:35:33.0520 3160 sscdmdm - ok
19:35:33.0520 3160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:35:33.0520 3160 SSDPSRV - ok
19:35:33.0520 3160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:35:33.0520 3160 SstpSvc - ok
19:35:33.0520 3160 Steam Client Service - ok
19:35:33.0536 3160 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:35:33.0536 3160 Stereo Service - ok
19:35:33.0536 3160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:35:33.0536 3160 stexstor - ok
19:35:33.0552 3160 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
19:35:33.0552 3160 stisvc - ok
19:35:33.0552 3160 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
19:35:33.0552 3160 storflt - ok
19:35:33.0552 3160 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
19:35:33.0552 3160 storvsc - ok
19:35:33.0567 3160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:35:33.0567 3160 swenum - ok
19:35:33.0567 3160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:35:33.0567 3160 swprv - ok
19:35:33.0598 3160 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
19:35:33.0614 3160 SysMain - ok
19:35:33.0614 3160 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:35:33.0614 3160 TabletInputService - ok
19:35:33.0614 3160 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
19:35:33.0630 3160 TapiSrv - ok
19:35:33.0630 3160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:35:33.0630 3160 TBS - ok
19:35:33.0645 3160 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:35:33.0661 3160 Tcpip - ok
19:35:33.0676 3160 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:35:33.0692 3160 TCPIP6 - ok
19:35:33.0692 3160 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:35:33.0692 3160 tcpipreg - ok
19:35:33.0692 3160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:35:33.0692 3160 TDPIPE - ok
19:35:33.0692 3160 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:35:33.0692 3160 TDTCP - ok
19:35:33.0708 3160 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:35:33.0708 3160 tdx - ok
19:35:33.0708 3160 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:35:33.0708 3160 TermDD - ok
19:35:33.0708 3160 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
19:35:33.0723 3160 TermService - ok
19:35:33.0723 3160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:35:33.0723 3160 Themes - ok
19:35:33.0723 3160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:35:33.0723 3160 THREADORDER - ok
19:35:33.0723 3160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:35:33.0723 3160 TrkWks - ok
19:35:33.0739 3160 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:35:33.0739 3160 TrustedInstaller - ok
19:35:33.0739 3160 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:33.0739 3160 tssecsrv - ok
19:35:33.0739 3160 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:35:33.0739 3160 tunnel - ok
19:35:33.0739 3160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:35:33.0739 3160 uagp35 - ok
19:35:33.0754 3160 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:35:33.0754 3160 udfs - ok
19:35:33.0754 3160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:35:33.0754 3160 UI0Detect - ok
19:35:33.0754 3160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
19:35:33.0754 3160 uliagpkx - ok
19:35:33.0770 3160 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:35:33.0770 3160 umbus - ok
19:35:33.0770 3160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:35:33.0770 3160 UmPass - ok
19:35:33.0770 3160 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
19:35:33.0770 3160 UmRdpService - ok
19:35:33.0801 3160 [ CD114CE02A10FA79C229770788106842 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:35:33.0817 3160 UNS - ok
19:35:33.0817 3160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:35:33.0832 3160 upnphost - ok
19:35:33.0832 3160 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:35:33.0832 3160 usbccgp - ok
19:35:33.0832 3160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:35:33.0832 3160 usbcir - ok
19:35:33.0832 3160 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:35:33.0832 3160 usbehci - ok
19:35:33.0848 3160 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:35:33.0848 3160 usbhub - ok
19:35:33.0848 3160 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:35:33.0848 3160 usbohci - ok
19:35:33.0848 3160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:35:33.0848 3160 usbprint - ok
19:35:33.0848 3160 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:35:33.0864 3160 USBSTOR - ok
19:35:33.0864 3160 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:35:33.0864 3160 usbuhci - ok
19:35:33.0864 3160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:35:33.0864 3160 UxSms - ok
19:35:33.0864 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
19:35:33.0864 3160 VaultSvc - ok
19:35:33.0864 3160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
19:35:33.0864 3160 vdrvroot - ok
19:35:33.0879 3160 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
19:35:33.0879 3160 vds - ok
19:35:33.0879 3160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:35:33.0879 3160 vga - ok
19:35:33.0879 3160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:35:33.0895 3160 VgaSave - ok
19:35:33.0895 3160 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:35:33.0895 3160 vhdmp - ok
19:35:33.0895 3160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
19:35:33.0895 3160 viaide - ok
19:35:33.0895 3160 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
19:35:33.0895 3160 vmbus - ok
19:35:33.0910 3160 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
19:35:33.0910 3160 VMBusHID - ok
19:35:33.0910 3160 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
19:35:33.0910 3160 volmgr - ok
19:35:33.0910 3160 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:35:33.0910 3160 volmgrx - ok
19:35:33.0926 3160 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
19:35:33.0926 3160 volsnap - ok
19:35:33.0926 3160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:35:33.0926 3160 vsmraid - ok
19:35:33.0942 3160 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
19:35:33.0957 3160 VSS - ok
19:35:33.0957 3160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:35:33.0957 3160 vwifibus - ok
19:35:33.0957 3160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:35:33.0973 3160 W32Time - ok
19:35:33.0973 3160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:35:33.0973 3160 WacomPen - ok
19:35:33.0973 3160 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:35:33.0973 3160 WANARP - ok
19:35:33.0973 3160 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:35:33.0973 3160 Wanarpv6 - ok
19:35:33.0988 3160 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
19:35:34.0004 3160 wbengine - ok
19:35:34.0004 3160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:35:34.0020 3160 WbioSrvc - ok
19:35:34.0020 3160 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:35:34.0020 3160 wcncsvc - ok
19:35:34.0020 3160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:35:34.0020 3160 WcsPlugInService - ok
19:35:34.0020 3160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:35:34.0020 3160 Wd - ok
19:35:34.0035 3160 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:35:34.0035 3160 Wdf01000 - ok
19:35:34.0051 3160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:35:34.0051 3160 WdiServiceHost - ok
19:35:34.0051 3160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:35:34.0051 3160 WdiSystemHost - ok
19:35:34.0051 3160 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
19:35:34.0051 3160 WebClient - ok
19:35:34.0066 3160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:35:34.0066 3160 Wecsvc - ok
19:35:34.0066 3160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:35:34.0066 3160 wercplsupport - ok
19:35:34.0066 3160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:35:34.0066 3160 WerSvc - ok
19:35:34.0066 3160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:35:34.0082 3160 WfpLwf - ok
19:35:34.0082 3160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:35:34.0082 3160 WIMMount - ok
19:35:34.0082 3160 WinDefend - ok
19:35:34.0082 3160 WinHttpAutoProxySvc - ok
19:35:34.0082 3160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:35:34.0098 3160 Winmgmt - ok
19:35:34.0113 3160 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
19:35:34.0129 3160 WinRM - ok
19:35:34.0129 3160 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:35:34.0129 3160 WinUsb - ok
19:35:34.0144 3160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:35:34.0144 3160 Wlansvc - ok
19:35:34.0144 3160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:35:34.0144 3160 WmiAcpi - ok
19:35:34.0160 3160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:35:34.0160 3160 wmiApSrv - ok
19:35:34.0160 3160 WMPNetworkSvc - ok
19:35:34.0160 3160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:35:34.0160 3160 WPCSvc - ok
19:35:34.0160 3160 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:35:34.0176 3160 WPDBusEnum - ok
19:35:34.0176 3160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:35:34.0176 3160 ws2ifsl - ok
19:35:34.0176 3160 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:35:34.0176 3160 wscsvc - ok
19:35:34.0176 3160 WSearch - ok
19:35:34.0207 3160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:35:34.0222 3160 wuauserv - ok
19:35:34.0238 3160 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:35:34.0238 3160 WudfPf - ok
19:35:34.0238 3160 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:35:34.0238 3160 WUDFRd - ok
19:35:34.0238 3160 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:35:34.0238 3160 wudfsvc - ok
19:35:34.0238 3160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:35:34.0254 3160 WwanSvc - ok
19:35:34.0254 3160 ================ Scan global ===============================
19:35:34.0254 3160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:35:34.0254 3160 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
19:35:34.0269 3160 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
19:35:34.0269 3160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:35:34.0269 3160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:35:34.0285 3160 [Global] - ok
19:35:34.0285 3160 ================ Scan MBR ==================================
19:35:34.0285 3160 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:35:34.0472 3160 \Device\Harddisk0\DR0 - ok
19:35:34.0472 3160 ================ Scan VBR ==================================
19:35:34.0472 3160 [ 62E829A088AAD69CFFFC2FF77C567E0E ] \Device\Harddisk0\DR0\Partition1
19:35:34.0472 3160 \Device\Harddisk0\DR0\Partition1 - ok
19:35:34.0488 3160 [ 0ED45DA9BFD368471C34CB6D47C8EF7A ] \Device\Harddisk0\DR0\Partition2
19:35:34.0488 3160 \Device\Harddisk0\DR0\Partition2 - ok
19:35:34.0488 3160 ============================================================
19:35:34.0488 3160 Scan finished
19:35:34.0488 3160 ============================================================
19:35:34.0488 3148 Detected object count: 0
19:35:34.0488 3148 Actual detected object count: 0


2.aswMBR Report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-01 19:37:32
-----------------------------
19:37:32.890 OS Version: Windows x64 6.1.7600
19:37:32.890 Number of processors: 8 586 0x2A07
19:37:32.890 ComputerName: XVF-PC UserName: XVF
19:37:32.999 Initialize success
19:39:26.269 AVAST engine defs: 12100100
19:39:36.392 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:39:36.394 Disk 0 Vendor: OCZ-AGILITY3 2.15 Size: 114473MB BusType: 3
19:39:36.397 Disk 0 MBR read successfully
19:39:36.398 Disk 0 MBR scan
19:39:36.400 Disk 0 Windows 7 default MBR code
19:39:36.401 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:39:36.404 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
19:39:36.407 Disk 0 scanning C:\Windows\system32\drivers
19:39:38.410 Service scanning
19:39:43.491 Modules scanning
19:39:43.495 Disk 0 trace - called modules:
19:39:43.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:39:43.502 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800df39060]
19:39:43.505 3 CLASSPNP.SYS[fffff8800183343f] -> nt!IofCallDriver -> [0xfffffa800dbb2580]
19:39:43.507 5 ACPI.sys[fffff88000fac781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800dbb4060]
19:39:43.653 AVAST engine scan C:\Windows
19:39:44.151 AVAST engine scan C:\Windows\system32
19:40:30.060 AVAST engine scan C:\Windows\system32\drivers
19:40:32.462 AVAST engine scan C:\Users\XVF
19:41:01.126 AVAST engine scan C:\ProgramData
19:41:04.254 Scan finished successfully
19:41:10.567 Disk 0 MBR has been saved successfully to "C:\Users\XVF\Desktop\MBR.dat"
19:41:10.570 The log file has been saved successfully to "C:\Users\XVF\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 01 October 2012 - 09:49 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 IB380

IB380
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 02 October 2012 - 11:37 AM

1.Ran Combofix with that CFScript. Here's the report:

ComboFix 12-10-02.02 - XVF 10/02/2012 19:14:37.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16296.14686 [GMT 3:00]
Running from: c:\users\XVF\Desktop\ComboFix.exe
Command switches used :: c:\users\XVF\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 )))))))))))))))))))))))))))))))
.
.
2012-10-02 16:16 . 2012-10-02 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-29 19:07 . 2012-09-29 19:07 -------- d-----w- c:\users\XVF\AppData\Roaming\QuickScan
2012-09-29 18:51 . 2012-09-29 18:51 -------- d-----w- c:\users\XVF\AppData\Roaming\Malwarebytes
2012-09-29 18:51 . 2012-09-29 18:51 -------- d-----w- c:\programdata\Malwarebytes
2012-09-26 16:41 . 2012-09-26 16:41 -------- d-----w- c:\users\XVF\AppData\Local\Avg2013
2012-09-26 16:23 . 2012-09-26 16:23 -------- d-----w- c:\users\XVF\AppData\Roaming\TuneUp Software
2012-09-26 16:20 . 2012-09-26 16:42 -------- d-----w- c:\programdata\MFAData
2012-09-26 16:20 . 2012-09-26 16:20 -------- d--h--w- c:\programdata\Common Files
2012-09-26 16:20 . 2012-09-26 16:20 -------- d-----w- c:\users\XVF\AppData\Local\MFAData
2012-09-20 20:57 . 2012-09-20 20:57 -------- d-----w- c:\program files (x86)\Video Cutter
2012-09-20 20:51 . 2012-09-20 21:24 -------- d-----w- c:\users\XVF\AppData\Roaming\vlc
2012-09-20 20:51 . 2012-09-21 11:54 -------- d-----w- c:\program files (x86)\VideoLAN
2012-09-20 12:07 . 2012-09-20 12:07 -------- d-----w- c:\program files (x86)\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 07:39 . 2012-05-24 16:02 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 07:39 . 2012-05-24 16:02 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 RtDashPt;Realtek DASH Protocol Driver;c:\windows\system32\DRIVERS\RtDashPt.sys [2011-09-19 38504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-12-27 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AXTUDRV
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-02 c:\windows\Tasks\RtlDashSrvStart.job
- c:\program files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe [2011-09-22 12:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\XVF\AppData\Roaming\Mozilla\Firefox\Profiles\xzzqiqax.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-02 19:17:06
ComboFix-quarantined-files.txt 2012-10-02 16:17
ComboFix2.txt 2012-10-01 07:28
.
Pre-Run: 12,332,007,424 bytes free
Post-Run: 12,175,171,584 bytes free
.
- - End Of File - - 1EA8D9DF03AD78677A9E30F96F51860F

2.No problems at all with the software, everything went smooth.

3.I know I shouldn't say "it's the same", but that how it is. Router LAN led still blinking constantly even if there is no activity going on. Same for the PC red LED. The thing is I don't care if it's a virus, malware, rootkit or whatsoever. I want it to stop blinking when there's no activity as it have absolutely no reason to blink/have an activity if the pc is idle. There is something going on and if we can't find o solution I'll have to format the PC as I can't risk to have it infecte with a rootkit or any other proxy/sock 4/5 making software as this may cause me a lot of problems if someone will be doing stuff using my IP.

Edited by IB380, 02 October 2012 - 11:38 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 03 October 2012 - 01:01 AM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 IB380

IB380
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 03 October 2012 - 03:57 AM

Here's the log:

Windows IP Configuration

Host Name . . . . . . . . . . . . : XVF-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : BC-5F-F4-34-E6-24
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::112f:fd97:8e4f:9500%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 03, 2012 11:33:29 AM
Lease Expires . . . . . . . . . . : Thursday, October 04, 2012 11:33:29 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 247226356
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-50-09-6A-BC-5F-F4-34-E6-24
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{CE5DC57A-1726-448B-8642-56D28E4106A3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:10a6:28c7:a685:be9d(Preferred)
Link-local IPv6 Address . . . . . : fe80::10a6:28c7:a685:be9d%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2a00:1450:400d:803::1007
173.194.39.110
173.194.39.99
173.194.39.100
173.194.39.102
173.194.39.105
173.194.39.103
173.194.39.96
173.194.39.97

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging google.com [173.194.39.110] with 32 bytes of data:
Reply from 173.194.39.110: bytes=32 time=51ms TTL=56
Reply from 173.194.39.110: bytes=32 time=51ms TTL=56

Ping statistics for 173.194.39.110:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 51ms, Average = 51ms

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=242ms TTL=48
Reply from 98.138.253.109: bytes=32 time=183ms TTL=48

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 183ms, Maximum = 242ms, Average = 212ms
===========================================================================
Interface List
11...bc 5f f4 34 e6 24 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:10a6:28c7:a685:be9d/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::10a6:28c7:a685:be9d/128
On-link
11 276 fe80::112f:fd97:8e4f:9500/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 03 October 2012 - 01:15 PM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 IB380

IB380
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 05 October 2012 - 09:43 AM

I just reset the router, changed the password for user admin, changed the password for wireless connection, flushed DNS, ran the .bat script.

C:\Users\XVF>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\XVF>



Windows IP Configuration

Host Name . . . . . . . . . . . . : XVF-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : BC-5F-F4-34-E6-24
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::112f:fd97:8e4f:9500%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, October 05, 2012 5:37:36 PM
Lease Expires . . . . . . . . . . : Saturday, October 06, 2012 5:37:36 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 247226356
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-50-09-6A-BC-5F-F4-34-E6-24
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{CE5DC57A-1726-448B-8642-56D28E4106A3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:46c:3322:a685:be9d(Preferred)
Link-local IPv6 Address . . . . . : fe80::46c:3322:a685:be9d%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2a00:1450:400d:803::1009
173.194.39.101
173.194.39.102
173.194.39.100
173.194.39.105
173.194.39.110
173.194.39.97
173.194.39.96
173.194.39.103
173.194.39.99
173.194.39.98
173.194.39.104

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging google.com [173.194.39.101] with 32 bytes of data:
Reply from 173.194.39.101: bytes=32 time=52ms TTL=56
Reply from 173.194.39.101: bytes=32 time=51ms TTL=56

Ping statistics for 173.194.39.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 52ms, Average = 51ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=264ms TTL=50
Reply from 98.139.183.24: bytes=32 time=180ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 180ms, Maximum = 264ms, Average = 222ms
===========================================================================
Interface List
11...bc 5f f4 34 e6 24 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fb:46c:3322:a685:be9d/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::46c:3322:a685:be9d/128
On-link
11 276 fe80::112f:fd97:8e4f:9500/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None




Still blinking, no progress. bleep it, I'll just format the PC. Thanks for help and sorry for wasting your time.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 05 October 2012 - 10:40 AM

Let me know if it stops the blinking - I just noticed mine and it is also blinking


do you have a router and a modem? it may be that they are talking to each other.




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 09 October 2012 - 12:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users